With globalization, acquisitions and sometimes simply natural and organic growth, more and more companies today face the challenge of managing a distributed enterprise. Whether managing multiple locations, subsidiaries, or separate brands, companies need to both consolidate and centralize management as well as delegate security responsibilities. This guide uses CloudLock in examples to show how companies using Google Docs can achieve both consolidated control and delegation for departments and organizational units.

Using the Google Apps collaboration suite alleviates many of the IT challenges of designing and maintaining an IT infrastructure and integrating tools that work well for a distributed organization. The introduction of multiple domains within Google Apps allows businesses to keep their distributed structure while allowing administrators to manage the entire organization from one central administration panel.

Some examples of why organizations use multiple domains in their implementation of Google Apps:

• Holding companies
  The parent company is organized in the primary domain while the subsidiaries are organized in subdomains
• Education
  Schools and Universities often choose to organize students and faculty/staff in separate subdomains
• M&A
  Mergers and acquisitions may result in the acquired company still operating as an independent entity

When it comes to e-Discovery, Governance, Risk Management, and Compliance (eGRC), the same principles apply. Companies need the tools to consolidate control for the enterprise to centrally manage all corporate data in the subdomains while delegating tasks to departments and organizational units.

To properly support a distributed enterprise, companies must consider 2 concepts that may look conflicting at first glance:

1. Consolidation and central management
2. Delegation and departmentalization

The following section details the three steps necessary to secure Google Docs in a distributed enterprise, and uses CloudLock as an example:

Step #1:  Centrally Manage All Corporate Data in Subdomains

CloudLock has the option of defining a “scan scope” to include all subdomains in your organization. This approach allows you to view, manage and control all users and documents in your company from a single dashboard.

Regardless of how large the IT department is, managing an enterprise-wide Google Apps implementation requires delegation of security to achieve both data security and operational efficiency.

Step #2:  Assign Additional CloudLock Users

By creating additional CloudLock users you can share and delegate administrative tasks. Each CloudLock user can be given one of the following roles:

• User – Can only perform scans and view reports
• Help desk – Can perform scans, view reports, and transfer ownership
• Administrator – Can use the full functionality of CloudLock (domain administrators are always CloudLock Administrators)

Each user type can be flagged to receive alerts on changes in exposure and can be granted access to perform domain wide searches (for example, searches as part of the e-Discovery process).

Step #3:  Delegate to data owners

In the Google Apps permissions structure, end-users are the real owners of documents and shoulder the bulk of the responsibility when it come to securing the documents they create. CloudLock lets you provide full visibility to end users by classifying document exposure and showing how the documents they own are being shared.

The data owners can see their documents classified into 4 categories:

• Public Exposure – Documents that are exposed to everyone on the Internet
• External Exposure - Documents that are exposed to outsiders
• Internal Exposure – Documents that are shared with everyone in the domain
• New Exposure – Includes all the newly exposed documents in the last 7 days

For more information see How To Delegate Google Docs Security to End Users

Conclusion

Google Docs security in the distributed enterprise requires both consolidated control and delegation for departments and organizational units. Having the ability to control security for all subdomains while also delegating tasks, companies can achieve both data security and operational efficiency.