I've been pondering the security of GSuite compared to Microsoft Office 365, especially considering the security issues around token replay phishing that Microsoft users face. I know many companies are switching to Google Workspace, but I wonder if moving to GSuite actually provides better security against these kinds of attacks? Most Microsoft accounts need extra layers of protection like anomaly detection and advanced email filtering on top of MFA to prevent issues from token reuse attacks. If we implement MFA with GSuite, does that mean we don't have to worry about token replay vulnerabilities? Just to clarify, when I say 'a lot of companies,' I'm referring mostly to larger firms like Costco that I've noticed making the switch. Also, token replay is essentially reusing a Microsoft refresh token by inserting it into the browser's cookies and reloading the web app.
EDIT: I see I've overgeneralized by saying 'lots of companies' - I really meant to highlight a few major companies with many employees that have switched.
3 Answers
Honestly, token theft can affect any platform, including GSuite. Even with MFA, GSuite users are not immune to these attacks. Context-Aware Access does provide some added layers of security, but it's not as comprehensive as Microsoft’s solutions. Most companies I know using GSuite usually have third-party identity providers like Okta to add better security measures.
So, while GSuite has its advantages, it might still warrant additional layers of protection similar to what you’d need with Microsoft.
I'm not convinced by the idea that many companies are switching from Microsoft to GSuite. In fact, I generally see the opposite—businesses try GSuite, then ultimately revert back because they find it lacking for documents and meetings. Yes, token replay can happen on any system, but for larger companies, I think they are still opting for the features that Microsoft offers. So it's not that common to see a significant migration to GSuite for mid to large-sized firms.
It seems like a lot of companies are moving from O365 to GSuite, but I'd love to see some data on that. As for your concern, GSuite does have a feature called Context-Aware Access, which is similar to Microsoft's Conditional Access. While it keeps some security in place, it still might not cover everything like Microsoft's options. From what I know, GSuite has basic token expiration and refresh features that would help, but it's not as robust as Microsoft’s offerings.
Also, you might need additional tools for anomaly detection, but MFA is a solid start for keeping things secure.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures