Comprehensive Guide to Implementing the Essential Eight Using Google and Microsoft Products

Comprehensive Guide to Implementing the Essential Eight Using Google and Microsoft Products

Comprehensive Guide to Implementing the Essential Eight Using Google Workspace and Microsoft 365

In today’s cybersecurity landscape, protecting your organisation against evolving threats requires a structured and proactive approach. The Australian Signals Directorate (ASD) introduced the Essential Eight cybersecurity strategies to help organisations minimise the risk of cyber-attacks, including ransomware and data breaches. These strategies are designed to protect critical infrastructure and sensitive data by enforcing best practices across different aspects of an organisation's IT infrastructure.

This comprehensive guide explains how to implement each of the Essential Eight strategies using popular cloud platforms: Google Workspace and Microsoft 365. Both platforms provide a robust suite of tools that can help meet these cybersecurity requirements effectively.

1. Application Control

Objective: Ensure that only approved and trusted applications are executed to prevent the installation and execution of malware, ransomware, and unauthorised programs.

Google Workspace:

  • Whitelist/Blacklist Applications: Use the Google Admin Console to create and enforce application whitelisting for Chrome OS and Android devices. This prevents unauthorised or untrusted applications from being downloaded or executed.
  • App Restrictions on Google Play: Enforce restrictions on apps that users can install from Google Play. Limit access to only verified and approved apps to reduce exposure to potentially harmful software.
  • Chrome Extensions Control: Use the Admin Console to control the installation of Chrome extensions, ensuring only vetted and secure extensions are used by employees.

Microsoft 365:

  • AppLocker Policies: Implement AppLocker policies via Microsoft Endpoint Manager to control which applications can run on Windows devices. This helps ensure only approved applications are used across your network.
  • Defender for Cloud Apps: Use Microsoft Defender for Cloud Apps to monitor and block unsanctioned or risky cloud applications. This adds a layer of control over cloud-based tools.
  • Windows Defender Application Control: Configure Windows Defender Application Control (WDAC) to enforce code integrity policies, allowing only trusted and signed applications to run.

2. Patch Applications

Objective: Ensure applications are regularly updated and patched to address known vulnerabilities and reduce the risk of exploitation by cybercriminals.

Google Workspace:

  • Automatic Updates for Google Workspace Apps: Google Workspace apps like Docs, Sheets, and Gmail are automatically updated, ensuring that the latest security patches are applied without requiring user intervention.
  • Chrome OS and Android App Updates: Use the Google Admin Console to enforce automatic updates for Chrome OS devices and Android apps, ensuring that all third-party apps remain secure.

Microsoft 365:

  • Windows Update for Business: Leverage Windows Update for Business to ensure regular patching of applications across all devices in your organisation. This service allows you to manage how and when updates are applied.
  • Third-Party Application Patching: Use Microsoft Endpoint Manager to manage and patch third-party applications, reducing the risk of vulnerabilities being exploited.
  • Compliance Policies: Enforce compliance policies in Intune to ensure that all apps and devices are running the latest updates before accessing corporate data.

3. Configure Microsoft Office Macro Settings

Objective: Restrict or disable the use of macros in office documents to prevent malicious code execution, which is a common tactic used in phishing and malware attacks.

Google Workspace:

  • Google Docs, Sheets, and Slides: Google’s office applications do not rely on macros, eliminating the risk associated with macro-based attacks. However, for organisations using Google Apps Script, it's important to review and restrict access to sensitive scripts.
  • Admin Console Restrictions: Use the Admin Console to control third-party add-ons that may introduce security risks into Google Workspace documents.

Microsoft 365:

  • Group Policy Management: Use Group Policy to disable or restrict the execution of macros in Microsoft Office applications, particularly for files received from the internet.
  • Trusted Locations: Enable macros only in trusted documents and locations using Trusted Locations to control macro execution.
  • Microsoft Endpoint Manager: Use Microsoft Endpoint Manager to enforce macro policies and prevent users from enabling potentially dangerous macros in Office files.

4. User Application Hardening

Objective: Harden user applications by disabling unnecessary features and settings, reducing the number of attack surfaces available to cybercriminals.

Google Workspace:

  • Chrome Extension Management: Disable or restrict unnecessary Chrome extensions using the Google Admin Console, thereby reducing exposure to potential security threats.
  • Safe Browsing Policies: Enforce Safe Browsing to protect users from visiting malicious websites or downloading harmful files. Chrome’s built-in protections can block phishing and malware attempts.

Microsoft 365:

  • Microsoft Defender Application Guard: Use Microsoft Defender Application Guard to isolate untrusted websites and Office documents in a secure container, preventing them from affecting the host system.
  • Harden Browsers: Disable risky features such as ActiveX controls or Flash in browsers using Endpoint Manager to prevent exploitation through web-based vulnerabilities.

5. Restrict Administrative Privileges

Objective: Limit administrative privileges to reduce the risk of unauthorised access and to protect sensitive systems from compromised accounts.

Google Workspace:

  • Role-Based Access Control (RBAC): Use RBAC in the Admin Console to assign specific administrative roles with the principle of least privilege, ensuring that only authorised users can perform certain actions.
  • Admin Audit Log: Regularly audit admin activities using the Admin Audit Log to detect any unusual or suspicious behaviour from accounts with elevated privileges.

Microsoft 365:

  • Azure Active Directory (AAD) RBAC: Use Azure Active Directory to assign roles and limit privileged access to sensitive resources. Define roles carefully to ensure that users have only the permissions they need.
  • Privileged Identity Management (PIM): Implement PIM to provide temporary administrative access when needed, and automatically revoke elevated privileges when no longer required.

6. Patch Operating Systems

Objective: Ensure operating systems are regularly patched to close security vulnerabilities and reduce the risk of exploitation.

Google Workspace:

  • Auto-Updates for Chrome OS: Enable automatic updates for Chrome OS devices through the Admin Console to ensure they receive the latest security patches as soon as they become available.
  • Update Frequency Management: Set policies for managing the frequency of updates to avoid disruptions while keeping devices secure.

Microsoft 365:

  • Windows Update for Business: Automate operating system updates using Windows Update for Business to ensure all Windows devices are always running the latest security patches.
  • Endpoint Manager Compliance: Use Microsoft Endpoint Manager to monitor and enforce compliance with OS patching policies, ensuring devices remain secure and up-to-date.

7. Multi-Factor Authentication (MFA)

Objective: Implement Multi-Factor Authentication (MFA) to protect user accounts from unauthorised access, even if passwords are compromised.

Google Workspace:

  • Two-Step Verification: Enable two-step verification across all Google Workspace accounts using Google Authenticator or physical security keys.
  • Advanced Protection for High-Risk Users: Use Google’s Advanced Protection Program for high-risk users such as executives or employees handling sensitive data, offering stronger MFA protections.

Microsoft 365:

  • Azure MFA: Enforce MFA for all users using Azure MFA and the Microsoft Authenticator app. Ensure that users must complete a second authentication step before gaining access.
  • Conditional Access Policies: Use Conditional Access to require MFA based on location, device compliance, or other factors, adding an additional layer of protection for high-risk activities.

8. Daily Backups

Objective: Ensure daily backups of critical data are performed to protect against data loss and facilitate quick recovery in case of incidents such as ransomware attacks.

Google Workspace:

  • Google Vault for Archiving: Use Google Vault to archive important data from Google Drive, Gmail, and other Workspace applications. This ensures compliance and data retention policies are enforced.
  • Third-Party Backup Solutions: Integrate with third-party backup services like Backupify for enhanced backup management and off-site storage of Google Workspace data.

Microsoft 365:

  • OneDrive and SharePoint Backup: Use OneDrive for Business and SharePoint to automatically back up user data. This ensures easy access to backups in case of accidental deletions or data loss.
  • Third-Party Backup Tools: Employ third-party backup solutions like Veeam or Acronis for additional redundancy, ensuring backups are securely stored off-site.

Conclusion

By leveraging the extensive tools and services available in Google Workspace and Microsoft 365, organisations can effectively implement the Essential Eight cybersecurity strategies. These platforms provide robust solutions for application control, patch management, privilege restrictions, and data backup, helping organisations reduce their risk of cyber-attacks while ensuring compliance with regulatory frameworks.