Google Workspace: 11 new security features

Google Workspace, Google’s online office suite, is going to become even more secure. This is the message behind Google’s announcement today of the arrival of 11 new features.

Citing a 38% year-over-year increase in cybersecurity attacks in 2023, coupled with an average cost per data breach of $4.3 million, Google has unveiled new IT security improvements, some in preview, others to come later in the year.

It is not yet known which Workspace subscriptions will benefit from these new features. Google has mentioned that some of them are aimed at its largest customers, but it is not yet known if the rest of these improvements will apply to services aimed at SMEs.

On that, here is the complete list of new features:

Zero Trust and DLP

The idea behind the Zero Trust principle is that security extends beyond the first password login. Never trust. Always check. For example, if someone manages to break into your network, they still cannot access the internal resources of the network.

DLP, or Data Loss Prevention, refers to services that prevent data theft on a network.

In this context, Google is introducing new Zero Trust controls and new DLP features for Workspace.

AI-assisted classification and labeling for Google Drive

As in Gmail, labels can be applied to documents in Google Drive. With this new feature, certain labels will be applied automatically, according to conditions specified by the administrators. Automatic labeling configures documents for other controls in Workplace. This feature is now available in preview.

DLP: Contextual controls in Drive

Let’s take an example: Business rules for to-do lists can be configured to send pop-up notifications for specific tasks to specific locations. For example, if you have a task to complete to buy a product at the grocery store, the notification triggers as soon as you enter the store.

The new contextual commands in Drive work in the same way. Administrators can define different levels of security depending on the context. This can be the location of the device, the type of device, the security status, the user’s role, etc. This feature will be available in preview later this year.

New DLP controls in Gmail

Although Google has not specified the exact nature of these controls, they are intended to prevent the sharing of sensitive information. These may be controls that allow messages to be transferred or read in certain contexts. (For example, some messages can only be read at work.) This is speculation on my part, since Google has not given any details about this feature. This feature will be available in preview later this year.

New controls on digital sovereignty

Digital sovereignty describes the idea of geographical location for data governance. For example, is your data located on servers in the United States or Europe? Where are the keys? This point is important when it comes to complying with data security laws (such as the GDPR).

Google says it is going beyond data residency with digital sovereignty checks. Here are the four features introduced.

Improved client-side encryption

The Client Side Encryption (CSE) function is aptly named. Encryption is performed on the device, locally, before the data is sent to the server. The idea is that if the data is encrypted before reaching the network, it is secure.

Google is introducing a wide range of improvements to the CSE, including support for mobile applications such as Calendar, Gmail and Meet, setting CSE defaults based on organizational units, and much more. As this is an exhaustive list of improvements, some are available now, while others will appear over time.

Specify the location of the encryption keys

New partnerships with Thales, Stormshield and FlowCrypt allow Workspace customers to choose the country whose servers host their encryption (and decryption) keys.

Choose the place of processing of your data

Currently, Google allows you to choose where your data is stored – in the EU or in the USA – when it is stored. From now on, Google indicates that you will also be able to choose the place of processing of your data (that is, the place where the processors who process your data are located). This possibility should be presented in preview later this year.

Choose the region that provides Google Support technicians

Administrators can currently specify that access to Google customer support is limited to US-based staff. Later this year, Google will premiere a feature that allows customers to limit access to Google customer support to technicians based in the European Union.

Cyber threat prevention

Google is implementing a series of features designed to prevent cyber threats.

Mandatory two-step verification

Here’s a fascinating statistic from Google’s blog: Two-step verification can reduce the number of compromised accounts by 50%. This is a huge advantage for a relatively simple security tactic. In this series of announcements, Google said that “certain administrator accounts” of resellers and large companies will have to add two-step verification to their accounts. This should start later this year.

Multi-party approval for sensitive administration actions

Google has understood that it is probably not wise to entrust a single system administrator with divine and uncontrolled powers. This is why Google will add, later this year, the obligation for a second administrator to approve certain sensitive actions. This measure protects not only against errors, but also against the actions of a single administrator whose access would have been compromised.

Protection of sensitive actions in Gmail

Although Google is very reluctant to provide details at the moment, the company said that it is starting to foresee the use of artificial intelligence-based defenses to block actions such as filtering or forwarding emails. (It remains to be seen whether this will prevent George, accountant, from sending “I’m hungry, I’m going to lunch” to the entire company for the fifth time this month).

Exporting newspapers to Chronicle in a few clicks

Chronicle is Google’s security suite. Google makes it easier to send logs from Workspace to Chronicle for further analysis. This feature is available in preview now.

Some statistics on Google s security;

Google has also provided some statistics to present the advantages of its services:

This last statistic is interesting. If the report indicates a saving of 50%, this is a saving of 50% compared to the lowest ranked alternative solutions. So there are other solutions whose insurance cost estimates are similar to Google’s.

And there you have it: Eleven new Google features, available this year or next year. They will be available for companies, and possibly for small businesses. Better security is in sight, and it will arrive when it arrives, but it will arrive.

Source: “ZDNet.com “