Google Apps for Work Security Guidance

This publication was withdrawn on 11 July 2016

This content has been moved to the CESG website:

Configuration guidance for the use of Google Apps for Work at OFFICIAL


This guidance is for public sector organisations to follow when deploying Google Apps for Work for handling OFFICIAL information. It can be used in conjunction with CESG’s Cloud Security Guidance when considering the information risk associated with using Google Apps for Work for handling OFFICIAL information.

These documents were created as a response to a request for guidance on cloud services from a government department and should not be read as an endorsement of these particular services.

It is important to remember that any guidance points given here are just recommendations; none of which are mandatory. They have been suggested as a way of satisfying the 14 cloud security prinicples that mitigate the threat at OFFICIAL. Risk owners and administrators should agree a configuration which balances the business requirements, usability and security of the platform and use this guidance for advice where needed.

Please send any feedback sent to the address