Here is a review of the current security features of each of the components of the platform :
AppSheet :
The App Definition and the AppSheet backend are hosted in the Microsoft Azure Cloud. The infrastructure inherits the information security baselines and standard operating environments of Microsoft Azure. The data center is protected by the various physical safeguards (CCTV, fences, swipe cards, etc) employed by Microsoft Azure.
Additionally, security maintenance processes like the application of urgent security patches, malware detection, and physical security audits occur automatically as part of the Microsoft Azure security management regime. AppSheet services are hosted in the US-West data center of the Microsoft Azure’s cloud
On each mobile device, the local data used by the app is persisted in the HTML5 local storage of a web browser instance embedded within the AppSheet mobile app and is subject to the same isolation and security rules of any HTML5 local storage data.
Data-centric communications between the mobile app and the AppSheet cloud service are logged to provide an audit trail for analysis or forensic investigation. This log is saved in Azure table storage. If there is important “personally identifiable information” (PII) content that should not be logged, the AppSheet model allows the app creator to indicate this, and the PII content is explicitly excluded from the audit log. As an additional safeguard, the lifetime of the audit log can be explicitly controlled by the app creator.
The AppSheet backend is not a persistent repository for the data used in the app. This is an important tenet of the AppSheet design. The data repository is in the app creator’s G Suite account on Google Cloud.
AppSheet requires access to the cloud storage of the app creator in order to allow the app to connect with multiple data sources—like spreadsheet files and other documents indicated by the app creator—and to store images, signatures, and drawings captured through the app. AppSheet will only access the spreadsheets indicated by the app creator and saves files based on the app creator’s file structure. Users of apps created with AppSheet only have access to the data available in the app.
Like every modern platform, AppSheet records usage events from app creators and app users for the purposes of reporting, analytics and machine learning. To do so, AppSheet utilizes two industry standard cloud-based eventing platforms—Google Analytics and MixPanel—both of which provide stellar security and privacy capabilities.
AppSheet has achieved compliance with the AICPA Service Organization Control (SOC) reporting platform for SOC 2, Type 1, via an independent audit that shows proper, effective controls for AppSheet’s Secure and Corporate Plans. SOC 2 focuses on a business’s non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.
All user authentication utilizes external user authentication services like Google, Office365, Dropbox, Box, or Smartsheet, using the OAuth protocol. AppSheet uses the OAuth protocol to acquire an access token with the permissions to access the data in Google Drive / Sheets.
When an app is configured for secure access, App usage is only possible if both the authentication as well as authorization succeed :
(1) The very first user interaction in the app is a sign-in screen, where the user is asked to authenticate using one of the standard authentication mechanisms supported by AppSheet.
(2) Once authenticated, AppSheet also checks if the user is authorized to access the app by comparing the user’s credentials with an explicit user white list maintained for every app.
AppSheet apps have a variety of mechanisms to provide differentiated access to different categories of users. These include access control white lists, row-level security filters, as well as user-specific condition logic used in many parts of the application (in workflow rules, in slice definitions, in format rules, in actions, etc.).
Google Cloud :
G Suite is an integrated suite of secure, cloud-native collaboration and productivity apps powered by Google AI. It includes Google Sheets and Google Apps Script.
Because G Suite runs on the same infrastructure as Google itself, your organization will benefit from the protections Google has built and use everyday. Their robust global infrastructure, along with dedicated security professionals and their drive to innovate, enables Google to stay ahead of the curve and offer a highly secure, reliable, and compliant environment.
Google has industry-leading knowledge and expertise building secure cloud infrastructure and applications at scale.
G Suite offers administrators enterprise control over system configuration and application settings – all in a dashboard that you can use to streamline authentication, asset protection, and operational control.
Google designed G Suite to meet stringent privacy and security standards based on industry best practices. In addition to strong contractual commitments regarding data ownership, data use, security, transparency, and accountability, G Suite gives you the tools you need to help meet your compliance and reporting requirements.
The customer – not Google – owns his data. Google does not sell your data to third parties, there is no advertising in G Suite, and Google never collects or use data from G Suite services for any advertising purposes.
Google Cloud Platform (GCP) is a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products. It includes Google BigQuery and Google DataStudio.
The “Forrester Wave : Public Cloud Platform Native Security, Q2 2018” report names Google Cloud a Leader. The report evaluates the native security capabilities and features of public cloud providers, such as encryption, identity and access management (IAM) and workload security. Of the seven vendors, Google Cloud scored highest in the Strategy category.
GCP enables customers to monitor their own account activity. GCP provides reports and logs that make it easy for a customer’s administrator to examine potential security risks, track access, analyze administrator activity, and much more. Administrators in your organization can also leverage Cloud Data Loss Prevention (DLP) capabilities to protect sensitive information. DLP adds a layer of protection to identify, react, and prevent sensitive or private information from leaking outside of an organization
Furthermore, GCP undergoes independent, third-party audits and certifications to verify that their data protection practices match their commitments. For example, as part of the ISO 27018 certification process associated with the protection of personally identifiable information (PII), Google is audited against a set of controls relating to purpose legitimacy and specification, thereby ensuring that PII is not processed by public cloud providers for commercial use.
Automation Services such as Zapier or IFTTT are optional. If they are used, they will be isolated in a separate dedicated G Suite user account in order to limit their access rights. Data files will be transferred between the mobile App G Suite account and this dedicated account using Google Apps Script.
The File Transfer Client will run on premise or on a Google Cloud server, to avoid data being processed on an third-party cloud service.