skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN)

G Suite and Office 365: Security, privacy when going to the Cloud

Cloud war between G Suite and Office 365.

In the whirlwind of the 4.0 technology revolution, more and more businesses are deciding to invest Cloud Platform – cloud computing platform into applications because of the benefits it brings. However, when Cloud Platform becomes popular, many options appear on the market and make businesses consider carefully before deciding to invest. And as the digital business environment is facing more and more cyber security risks, choosing a solution that meets the security requirements of the business is paramount.

For businesses looking for a “Productivity suite” of productivity tools Google's G Suite and Microsoft's Office 365 are the two Cloud options that receive the most attention. Office 365 is known for its familiar set of text editing tools (Word, Excel, Powerpoint,...).

Workspace G Suite It hasn't been around that long, but in terms of security, no supplier can surpass the history of releasing security software from Google - the giant in the technology industry. Although Microsoft also has a solid infrastructure foundation, the company has also had to repeatedly address security vulnerabilities in its products. So if we consider only the two solution packages G Suite and Office 365 alone, can these two platforms protect the entire business from the risks of cyber attacks?

G Suite security strategy: Advanced spam and malware detection

1. Data monitoring & Protection – Data monitoring and protection

Google has a very large network of data centers and operates these centers itself by designing its own hardware, with separate operating systems and file systems. Each element in the system will be optimized for security purposes and system operation. Because Google has complete control over the hardware, any potential threats or vulnerabilities will be handled and prevented quickly.

With G Suite, all data is always encrypted – whether it is stored on a hard drive, in backup storage, when traveling across the Internet or between data centers. Encryption is an important part of G Suite's security strategy because it helps protect email data, chat content, Google Drive documents and other data. Besides, application strategy Machine learning helps the system detect potential risks intuitively.

In terms of user data protection, Google has built a track record in this area. For Google, risks from malicious software (malware) are always approached with vigilance, caution and using a variety of strategies to prevent, detect and thoroughly handle them. Google's malware handling strategies will focus on preventing widespread spread and spread, using automated and manual scanning systems. This scanner system will search the Google search index to detect websites that may contain malware or phishing traps.

G Suite and Office 365: Security and privacy when going to Cloud 1

2. Compliance – Compliance with regulations

G Suite is designed with the following principles: Always ensure strict privacy and security standards – based on industry-wide best security practices. For businesses operating in fields that require strict assurance and compliance in data protection (for example, organizations and businesses working on protecting children's rights, personal health information, etc.) kernel,...) G Suite is completely responsive. In addition to its ability to meet data protection principles, Google also offers strong contractual terms, ensuring that its customers maintain strict compliance in the fields in which they operate. .

Here are some certifications that Google has achieved:

  • ISO 27001: ISO 2701 is one of the independent security standards, widely recognized and accepted internationally. Google has earned ISO 27001 certification for the systems, applications, processes, and data centers that run G Suite.
  • ISO 27018: The motto of ISO 27018 includes: Do not use your data for advertising; ensure that data stored in G Suite services is under your control; provides tools to delete and extract data, protect your information and data from requests from third parties, and be transparent about where your information is stored.
  • SOC 2, SOC 3 (Service Organization Controls): The SOC audit framework of the American Institute of Public Accountants (AICPA) is based on its Principles and Credibility Criteria to verify safety, stability, and consistency in processes. handling and security.
  • HIPAA: This is the Health Insurance Portability and Accountability Act. HIPAA governs the protection, use, and disclosure of protected health information (PHI).
  • FERPA: The G Suite for Educaton service complies with the Family Educational Rights and Privacy Act (FERPA).
  • COPPA: Children's Online Privacy Protection Act of 1998 (COPPA)
  • EU Data Protection Directive & GDPR: General Data Protection Regulations
  • User Access

G Suite has encountered many challenges in this area because initially, the security management features that Google provided in the Admin Console were very limited. However, in recent years, Google has made many great strides in improving its management system and the company is still continuing to come up with new strategies. Now company admins can manage accounts, control access rights and users more easily. This helps prevent company employees from granting access or sharing sensitive information outside (without permission).

3. Security Logs – Security logs

In G Suite, all information stored in activity logs cannot be edited by anyone – so this becomes real evidence if a business needs to investigate a certain behavior. G Suite's Activity Log feature can be accessed via the Google API Console.

4. Automatic Update – Update automatically

When it comes to system and software updates, G Suite is always at the top. Because from the beginning, G Suite has been built and developed on the Cloud, so everything related to updates is happens regularly and automatically Fix security holes or weaknesses without requiring users to take action or waste time waiting.

5. Anti-spam & Virus Protection – Anti-spam and virus protection

To ensure that emails sent from businesses are highly reputable and are not classified as "spam" when they arrive in the recipient's mailbox, G Suite uses many important factors to help the emails you send. gain “trust” from other systems, by installing:

  • SPF (Sender Policy Framework): Helps prevent spammers from sending fake messages from your domain address. SPF authenticates the origin of emails by checking the sender's IP address against the owner of the sending domain.
  • DKIM (Domain Key Identified Mail): a method of authenticating e-mail using the digital signature of the sending domain. DKIM will add a special digital signature to the email you send. The recipient's system will then use this digital signature to confirm whether the message you sent is fake or not. Current mail hosting services usually only install SPF records, if customers want to install DKIM, there will be an additional fee.
  • DMARC:  DMARC is a standard to block spammers from using the owner's domain without their permission (which we often call spoofing). In fact, when using mail, anyone can easily fake the address in the "From" field in sent mail. DMARC will ensure these fake emails are blocked before they reach the recipient's mailbox. These will ensure the reputation of the sender's domain, so that sent mail will not be marked as spam.

G Suite and Office 365: Security, privacy when going to the Cloud

Business email: Compare apps and features between G Suite and Office 365

Office 365 security strategy: Advanced protection and user management

1. Data monitoring & Protection – Data monitoring and protection

Although Office 365 still has some bugs that need to be resolved regarding its ability to detect threats, its most recent update – Exchange Oline Advanced Threat Protection (ATP – Advanced Threat Protection ) can be considered a plus point worth considering. ATP is an email filtering service that detects and targets sophisticated spam emails and security risks, including viruses and malware. ATP provides businesses with real-time protection, especially for URLs that contain phishing traps or protects users from the effects of malware. . This is an add-on feature that Office 365 users can pay extra to use. However, businesses need to research carefully before deciding because Microsoft itself has previously admitted there was a problem with the Advanced Threat Protection module when allowing malicious URLs to bypass the mail protection solution.

With Office 365, the design and implementation of the platform is also followed by Cloud security principles. Data encryption is also one of the top priorities of this solution. The platform is equipped with multiple layers of encryption technology to protect all types of data – whether in transit or at rest.

2. Compliance – Ability to comply

Office 365 has more than 900 built-in management features according to the company's compliance framework. This allows Microsoft's platform to always meet changing and regularly update standards in different industries and fields. Microsoft also has a team of experts in this field to regularly follow management standards and principles, thereby developing management tools to include in the product suite.

Here are some certifications that Office 365 has achieved:

  • ISO 27001, 27018
  • SSAE16 (Statement on Standards for Attestation Engagements 16): This is an auditing standard for service providing businesses. These guidelines were created by the AICPA to redefine and update how service businesses report on management and compliance.
  • SOC1 Type II & SOC2 Type II
  • FISMA (Federal Information Security Management Act): Federal Information Security Management Act
  • EU Data Protection Directive and GDPR
  • User Access & Administration

In Office 365, user management is built into every part. When using Office 365, admins have full management rights: review and set security policies for applications, revolving around sharing content or sharing with outside parties. This allows admins to set their own infrastructure policies to meet the business's own special security requirements.

Office 365 also offers many options in this area. If admins take the time to set up security controls correctly and communicate this information to team members (effectively), cloud productivity and collaboration will improve. maintained more securely than ever.

3. Security Logs – Security logs

In Office 365, there are a number of controls that allow activity logs to be deleted. The ability to delete activity logs is considered useful because it allows users to delete unnecessary data, thereby making searching, investigating and monitoring activities more effective.

Although only privileged accounts can do this, businesses also need to consider carefully because this feature can creates a security hole, allowing internal members to “erase their tracks”.  

4. Automatic Update – Update automatically

Updates in Office 365 used to cause a lot of trouble and discomfort for users. Not to mention: if they use desktop software, they will have to install it and be vulnerable to many security risks during the system update and error correction process. However, since being integrated with the cloud computing platform, Office 365 now operates more smoothly and helps users' systems be protected regularly.

5. Anti-spam & Virus Protection – Anti-spam and virus protection

Previously, Microsoft products only had SPF (Sender Policy Framework) records installed., helps prevent spammers from sending fake messages from your domain address. After that, Microsoft's email system was also more perfected and added DKIM and DMARC records like Google's Gmail.


From the comparison information above, it can be seen that both G Suite and Office 365 have infrastructure with many layers of solid security, designed according to a special strategy to protect all users in the business. Karma. With superior security compared to other cheap email or storage solutions, we can understand why not only the world but also Vietnamese businesses are quickly converting to two platforms. platforms from Google and Microsoft. Based on their own job requirements and operational characteristics, businesses can choose one of two solutions.

Security is a part, to decide which platform to choose for the business, it still requires the admin to have an understanding between G Suite and Office 365. 


Update: Gimasys

Maybe you are interested: 

  1. Manage your business better with G Suite
  2. What to do when you run out of storage space in Gmail
  3. Instructions to create Gmail under G Suite business domain name
  4. Limit the amount of Email sent in Gmail and what you need to know
  5. Business Email G Suite or Mail Hosting
  6. Manage sales more effectively with G Suite and CRM
Back To Top
0974 417 099