DDC is partnering with Google to share a new Workspace security setting with its audience, and to allow them to enable it on their existing Workspace enterprise accounts.
Google’s research has shown that political campaigns are targets of sophisticated online attacks (including from nation states) and don’t always have commensurate security expertise on staff, therefore exposing themselves and their campaigns to heightened risk.
Google has developed a new security feature, currently only available to DDC eligible campaigns. This feature allows high risk users of Workspace to toggle a single switch that, in turn, enables 26 beneficial security settings to their account, enterprise wide.
Settings:
Enabling this single toggle feature will activate the following settings across the account:
| Security feature | Setting | Description |
| 2 step verification | On | |
| New user enrollment period | 7 days | |
| Frequency - allow user to trust the device | unchecked | |
| Methods | Any | |
| 2-Step Verification policy suspension grace period | null | |
| Security codes | null | |
| Allow super admins to recover their own account | OFF | |
| Allow users and non-super admins to recover their account | OFF | |
| Allow users to enroll in the Advanced Protection Program | Enabled | |
| Security codes | Allow security codes without remote access | |
| Post-SSO Verification | Logins using SSO are subject to additional verifications (if appropriate) and 2-Step Verification (if configured) | |
| Use employee ID to keep my users more secure | On | |
| Enforce strong password | On | |
| Length: minimum | 8 | |
| Length: maximum | 15 | |
| Enforce password policy at next sign-in | Checked | |
| Allow password reuse | Off | |
| Expiration | Never Expires | |
| Block All Third Party Access | Allow users to access third-party apps that only request basic info needed for Sign in with Google. | |
| Trust internal, domain-owned apps | Enabled | |
| Allow users to access third-party apps that only ask for Google sign-in info | Disabled | |
| Perform scans of Drive files and generate data protection insights reports on how many files with sensitive content were shared externally. | ON | |
| Sharing outside of Domain | ON | |
| Warn when files owned by users or shared drives in … | Checked | |
| Allow users or shared drives in … | Checked | |
| Access Checker | Recipients Only |
FAQs
How do I get started?
Contact your DDC point of contact for next steps.
Does this cost money?
No, but you must already have an enterprise Workspace account.
Do these settings align with frameworks such as NIST / CIS?
No, these settings do not align 1:1 with these frameworks. Rather, these settings were developed in collaboration with a number of political and security experts and designed to find a balance between enabling important security features while not encumbering the day to day work of campaigns. It is possible that each organization will want more or less security enabled on their accounts depending on their specific needs and organizational profile.
How do I roll back or adjust individual settings that are enabled after applying this new feature?
After applying this feature, each impacted setting can be individually adjusted by finding their existing location in Admin Console. If you do not know where an individual setting exists, please contact your DDC point of contact.
Comments
0 comments
Please sign in to leave a comment.