Comprehensive Guide to Implementing the Essential Eight Using Google and Microsoft Products
The Essential Eight framework provides organisations with a practical set of strategies to reduce the risk of cyber-attacks. This guide outlines how Google Workspace and Microsoft 365 can be used to implement the Essential Eight, helping organisations strengthen their cybersecurity posture using tools already available within these platforms.
1. Application Control
Application control is critical for preventing the execution of untrusted programs. In Google Workspace, admins can whitelist apps via the Admin Console, while in Microsoft 365, tools like AppLocker and Defender for Cloud Apps provide strong controls over application usage.
2. Patch Applications
Regular patching is key to addressing software vulnerabilities. Google Workspace apps automatically update, and admins can manage third-party app patches through the Admin Console. Microsoft 365 allows patching through Windows Update for Business and compliance enforcement using Microsoft Endpoint Manager.
3. Configure Macro Settings
Restricting or disabling macros in office applications prevents the execution of malicious code. Google Workspace users benefit from macro-free environments, while Microsoft 365 admins can disable macros through Group Policy or limit execution to trusted documents.
4. User Application Hardening
User application hardening reduces attack vectors by disabling unnecessary features. Google Workspace allows admins to disable Chrome extensions and enable Safe Browsing. In Microsoft 365, tools like Defender Application Guard protect users by isolating risky websites and files.
5. Restrict Administrative Privileges
Limiting admin privileges is essential to reducing security risks. Google Workspace uses role-based access control (RBAC) and audit logs to manage privileges. In Microsoft 365, Azure AD and Privileged Identity Management help control and monitor elevated access.
6. Patch Operating Systems
Ensuring operating systems are up-to-date is a core defense against vulnerabilities. Google Workspace enables automatic Chrome OS updates, while Microsoft 365 automates OS patching through Windows Update for Business and monitors compliance via Endpoint Manager.
7. Multi-Factor Authentication (MFA)
MFA is critical for preventing unauthorised access. Google Workspace supports two-step verification, while Microsoft 365 implements MFA through Azure AD and Conditional Access Policies.
8. Daily Backups
Daily backups ensure quick recovery in the event of data loss. Google Workspace uses Google Vault for archiving and supports third-party backup solutions like Backupify. Microsoft 365 automatically backs up data via OneDrive for Business and SharePoint, with third-party options like Veeam for enhanced protection.