G-Suite Users: You Are Not NIST 800-171 Compliant
At first search, most results reveal that Google and its G-Suite of products have had a third-party security company review their products and that they are NIST 800-171 Compliant. Most will breathe a collective sigh of relief – the suite is user friendly, accessible and within most budgets.
Unfortunately, those with government contracts in the Aerospace and Defense industries need to look closer at the fine print.
Because Google is an international company, there is no certainty that data will only be accessible in the United States... or that their staff viewing your data are U.S. citizens.
It is also reported that out of all of the G Suite programs, only Google Drive and Gmail offer Data Loss Prevention.
DLP Coverage in G Suite – Image Courtesy of Summit 7
While Google offers wonderful programs that help break down barriers of entry into the business world, you do get what you pay for.
For those who work within the Defense and Aerospace industries – this will not be enough security to maintain government contracts. Or prevent your company from being hacked.
Just read this headline and article. It speaks for itself. "China hacked a Navy contractor and secured a trove of highly sensitive data on submarine warfare" Want to hedge bets on how much work that contractor receives from the Navy henceforth? Or any agency for that matter? - Scott Edwards, Summit 7