If you're on a Galaxy Fold, consider unfolding your phone or viewing it in full screen to best optimize your experience.
If you're already using Google's G Suite or Cloud Platform, Cloud Identity is a great option to quickly add identity and access management (IAM) functionality. The Premium plan's flat-rate price per user helps you avoid hidden costs, and it includes 24/7 chat, email, and phone support.
You don't leave your business's doors unlocked at the end of the day, but is that the case with your computer network? Every company and personal device connected to it and each password to log into a company-wide application is a potential entry point for hackers.
A newer identity and access management (IAM) application is Google Cloud Identity, which spun off from Google's G Suite as a stand-alone product in 2018. We'll go over its features, support, and pricing so you can decide if it's the right choice for your small business's network security.
Google Cloud Identity is an IAM and enterprise mobility management (EMM) product. Features include single sign-on (SSO), multi-factor authentication (MFA), and password management.
Account admins use it to manage users, apps, and connected devices (aka "endpoints") from a centralized Google admin console.
You can use your Cloud Identity account with other Google products, such as its Chrome browser, and an extensive catalog of third-party applications. You can also manage users' Chrome browsers and generate reports on their browser usage.
Cloud Identity is part of Google Cloud's suite of over 100 products. These include applications for artificial intelligence (AI) and machine learning, application programming interface (API) management, the Internet of Things (IoT), and serverless computing.
Cloud Identity is similar to Google Identity Platform -- both deal with access management -- but the latter is for developers integrating security features into their apps.
Instead of being an out-of-the-box solution, Identity Platform allows developers to write authorized code using the Google Authenticator API and Google OAuth servers.
Cloud Identity lets information technology (IT) admins:
Cloud Identity is built around the "single pane of glass" concept, a management console that integrates every part of network infrastructure.
We'll start with a close look at its SSO and MFA functionality and related reporting features.
If you use multiple web-based applications for your job -- Gmail, Slack, Trello -- you know what a hassle it is to log into each one every day. So, the human inclination is to either stay logged in 24/7 or to reuse the same password instead of remembering different ones (or maybe you do both).
These bad habits create opportunities for hackers to access your business's network. Google Cloud Identity SSO addresses this situation and creates multiple benefits:
After they log in, employees will find the Cloud Identity portal easy to navigate.
Automated provisioning gives new users immediate access to on-premise and web-based applications instead of adding each app one by one.
SSO, even with the best password policies, isn't effective if bad actors have your login credentials. MFA increases access security through secondary factors based on things you know (answers to security questions), things you have (magic link sent to a separate account), or things you are (biometrics).
Cloud Identity MFA provides:
Research shows MFA reduces the risk from automated cyberattacks by as much as 99.9% over passwords alone.
For streamlined MFA, employees can download the free Google Authenticator app. Setup is automatic via quick response (QR) code, and it generates verification codes even without a data connection.
Cloud Identity reports provide actionable insights to further protect your network and data. Identify users and activities that pose security threats, track app usage, and view audit trails, the detailed records of events, and admin-initiated changes.
Cloud Identity includes three report types:
In the suspicious login report below, Google detected a sign-in that didn't match a user's normal behavior, such as coming from an unusual location. Admins can set automatic alerts when events like this occur instead of waiting to run a report.
If you have a network security operations center (SOC), these reports are integral to inform your security and incident response protocols to prevent cyberattacks through endpoint detection and response (EDR).
IT admins and departments like Cloud Identity because it was first developed for G Suite.
Even though it's only been available as a stand-alone application since 2018, it's a mature product hundreds of thousands of customers have used.
The straightforward pricing with no extra costs for support is a big plus, and Google's customer service receives high marks.
Cloud Identity is still available in G Suite, but as part of Google Cloud Platform, it's integrated with even more enterprise-level Google applications.
This includes Google's built-in security features, which promise 99.9% uptime. Your IT department will also have a single console to manage users, access, apps, and endpoint devices.
Cloud Identity is meant to give the best identity management software, such as Okta and Microsoft's Azure Active Directory, a run for their money, but some IT professionals have commented it's not quite there yet.
Reports are not customizable to the same degree as those of some of its competitors, and despite being web-based, it could be better integrated with the Mac OS. Google also uses almost no screenshots in its online technical documentation, which some users will find a disappointment.
The rest of your employees will discover that using Cloud Identity is a seamless experience. Almost everyone has a Gmail or other Google account, so the login interface is likely familiar.
The Password Alert browser extension -- we'll discuss it below -- is also handy to keep your Google password secure. Sure, the user experience is impacted when MFA is used -- who wants an extra login hoop to jump through? -- but Cloud Identity and the Authenticator app work to create a hassle-free login process.
Google Cloud Identity's two plans are:
The Cloud Identity Premium plan doesn't include some security center features relating to Gmail and Google Drive data.
A good reason to choose the Cloud Identity Premium plan is the one-on-one customer support you'll get compared to the free plan: 24/7 versus none.
Self-service resources include:
The free plan does include 24/7 personal support if you have a Cloud Platform support package or a G Suite subscription.
Cloud Identity includes more features beyond SSO and MFA that provide extra security benefits and enhance the user experience.
Cloud Identity helps you create a network diagram to monitor each digital device endpoint. You can also push network configurations, such as server-side certificates, to company hardware and employees' personal devices.
Other endpoint security tools include:
Cloud Identity endpoint management balances two competing concerns: the need for employees to use devices, including personal ones, when and where they want versus the security of your company's network, data, and applications.
Google's Titan Security Key is another security option beyond password management policies and MFA.
This hardware, which plugs into an endpoint device or connects wirelessly via Bluetooth, verifies a user's identity to prevent hackers from accessing an account even with valid login credentials.
These keys also ensure the user is interacting with a legitimate website.
Titan Security Keys use a hardware chip with Google firmware to verify keys aren't compromised. These chips also resist physical attacks meant to extract the key's information and firmware.
Google's Password Alert browser extension provides another security layer. It sends an alert if you attempt to use your Google password at a non-Google site, because it's an online security maxim to never reuse passwords.
It also checks each page you visit to determine if it's impersonating Google's sign-in page and lets you know if that's the case.
You must use Google's Chrome browser to employ this extension, but other major browsers have launched their own similar extensions. It's hard, however, to beat Password Alert's integration with Cloud Identity.
Your company's enterprise network and data are too valuable to leave unprotected, and Google Cloud Identity has the tools to secure your digital assets.
Like Microsoft's Azure Active Directory that steers users toward other Windows products, Google does the same with Cloud Identity for G Suite and Cloud Platform applications.
But if you're already using Google's web-based software, Cloud Identity is a no-brainer to add identity, access, and endpoint management.
Free Plan | Phone Support | Monthly Billing | Mobile App | |
---|---|---|---|---|
Google Cloud Identity | ||||
##PRODUCT-LINK-lastpass-for-business## | ||||
##PRODUCT-LINK-okta## | ||||
##PRODUCT-LINK-onelogin## | ||||
##PRODUCT-LINK-azure-active-directory## |
Cloud Identity has enterprise identity and access management (IAM) functionality that will serve the needs of large companies. Its pricing, however, also makes it a viable option for smaller businesses. For those already using G Suite or other Google Cloud applications, you can easily roll it into your existing IT infrastructure.
Google Cloud Identity has a free plan with basic SSO and MFA features, and the Premium plan, which includes a unified management console and service-level agreement (SLA), is $6/month per user. You need the Premium plan for one-on-one customer support. Unlike many IAM providers, Google doesn't charge extra for technical support.
Support for the free plan, unless you have a Google Cloud support package or a G Suite subscription, is limited to self-service resources. The Premium plan has 24/7 support by phone, chat, and email.
We're firm believers in the Golden Rule, which is why editorial opinions are ours alone and have not been previously reviewed, approved, or endorsed by included advertisers. The Ascent, a Motley Fool service, does not cover all offers on the market. The Ascent has a dedicated team of editors and analysts focused on personal finance, and they follow the same set of publishing standards and editorial integrity while maintaining professional separation from the analysts and editors on other Motley Fool brands.