Google Workspace has introduced new security and compliance controls to protect enterprises and public sector organisations against modern cyberattacks.
These will be zero trust, digital sovereignty, and threat defence controls using Google AI to keep organisational data safe.
A U.S. cyber security and infrastructure security agency recently shared that whilst using Google Workspace’s security tools it has had zero known exploited vulnerabilities, compared with over 40 in a legacy productivity suite.
In the related press release, Google Workspace wrote: “Security, confidentiality, and compliance continue to be top of mind for commercial and public sector organizations.
“And for good reason: last year cybersecurity attacks grew 38% with each data breach costing organizations an average of $4.35M.
“The sheer scale of modern attacks and the sophistication of motivated adversaries is something that legacy productivity solutions can’t keep pace with.
“There is a better way — a cloud-native architecture rooted in zero-trust principles and augmented with AI-powered threat defences.”
Zero Trust Controls
Continuously classifying and labelling data in Google Drive using Google AI helps to ensure that data is correctly shared and protected from exfiltration.
Data protection controls, including DLP or CAA, can be applied to fit with a company’s security policy.
Admins can set criteria that must be met to share sensitive content in Drive, like device location and security status.
Enhanced DLP controls can soon be extended to Gmail, with a preview due to be available later this year. These are already available in Google Chat, Drive, and Chrome to help security teams protect sensitive organisational information.
Digital Sovereignty Controls
By using encryption keys, client-side encryption (CSE) adds a further layer of data protection and prevents third-party access to sensitive data, including Google and foreign governments.
Now, Google Workspace is adding CSE enhancements, such as support of mobile apps in Google Calendar, Gmail, and Meet, making CSE the default for specific organisational units, guest support access for Meet, comments support in Docs, and viewing, editing, or converting Microsoft Excel files.
Strategic partnerships with Thales, Stormshield, and Flowcrypt allow CSE customers to store encryption keys with partners in the country of their choice to help support local regulatory compliance.
Available in preview later this year, organisations can also choose where data is stored and processed, either in the EU or the US. Companies will also have the option of storing a copy of their Workspace data in a country of their choice.
Customers worldwide will be able to use Access Approvals to control Google support access for troubleshooting and monitor Google actions with Access Transparency.
They will also be able to use Access Management to limit approved access to US-based support and, in preview later this year, they will be able to limit access to EU-based support.
Threat Defence Controls
Administrator accounts of Google Workspace’s resellers and biggest enterprise customers will be required to add 2-step verification (2SV) to their accounts to bolster their security.
In preview later this year, Workspace administrators will be able to require multi-party approval for sensitive administrator actions, including changing 2SV settings for a user.
Available in preview, Workspace is extending Google’s AI-powered defences to add automated protection for sensitive actions in Gmail, like email filtering and forwarding.
Also in preview, Workspace administrators can now export Workspace logs into Chronicle in just a few clicks to locate anomalies and improve response times to threats.
In June 2023, Google Workspace launched passkeys in open Beta as a replacement for passwords.
More recently, Workspace added an innovative meeting scheduling feature, enabling users to offer availability directly within draft messages.
