Google Workspace: 11 new security features
Google announces a large number of cybersecurity improvements for its Workspace offerings. Some might even concern you and your business
Google Workspace 11 new security features |
Google Workspace, Google's online office suite, will become even more secure. That's the message behind Google's announcement today of 11 new features.
Citing a 38% year-over-year increase in cybersecurity attacks in 2023, coupled with an average cost per data breach of $4.3 million, Google unveiled new IT security improvements, some previews, others coming later in the year.
It is not yet clear which Workspace subscriptions will benefit from these new features. Google mentioned that some of these were aimed at its largest customers, but it's not yet clear whether the rest of these improvements will apply to services aimed at SMBs.
With that, here is the complete list of new features:
Zero Trust and DLP
The idea behind Zero Trust is that security extends beyond the first password login. Never trust. Always check. For example, if someone manages to break into your network, they still cannot access the network's internal resources.
DLP, or Data Loss Prevention, refers to services that prevent data theft on a network.
In this context, Google is introducing new Zero Trust controls and new DLP features for Workspace.
AI-assisted classification and labeling for Google Drive
Like in Gmail, labels can be applied to documents in Google Drive. With this new feature, certain labels will be applied automatically, based on conditions specified by administrators. Automatic tagging configures documents for other controls in Workplace. This feature is now available in preview.
DLP: Contextual controls in Drive
Let's take an example: Business rules for task lists can be configured to send pop-up notifications for specific tasks to specific locations. For example, if you have a task to purchase a product at the grocery store, the notification will trigger as soon as you enter the store.
Drive's new context-sensitive commands work the same way. Administrators can set different security levels depending on the context. This could include device location, device type, security status, user role, and more. This feature will be available in preview later this year.
New DLP controls in Gmail
Although Google has not specified the exact nature of these controls, they are intended to prevent the sharing of sensitive information. Perhaps these will be controls for forwarding messages or reading them in certain contexts. (For example, some messages can only be read at work.) This is speculation on my part, since Google hasn't given any details about this feature. This feature will be available in preview later this year.
New digital sovereignty controls
Digital sovereignty describes the idea of geographic location for data governance. For example, is your data located on servers in the United States or Europe? Where are the keys located? This is important when it comes to complying with data security laws (like GDPR).
Google says it goes beyond data residency with digital sovereignty controls. Here are the four features introduced.
Improved client-side encryption
The Client Side Encryption (CSE) feature lives up to its name. Encryption is performed on the device, locally, before the data is sent to the server. The idea is that if data is encrypted before reaching the network, it is secure.
Google is introducing a wide range of improvements to CSE, including support for mobile apps like Calendar, Gmail, and Meet, setting CSE defaults based on organizational units, and more. As this is an extensive list of improvements, some are available now, while others will appear over time.
Specify the location of encryption keys
New partnerships with Thales, Stormshield and FlowCrypt allow Workspace customers to choose the country whose servers host their encryption (and decryption) keys.
Choose where your data is processed
Currently, Google allows you to choose where your data is stored - in the EU or the US - when it is stored. Now, Google says you will also be able to choose where your data is processed (i.e. where the processors that process your data are located). This possibility should be presented in preview later this year.
Choose the region that provides Google support technicians
Administrators can currently specify that access to Google Customer Support be limited to staff based in the United States. Later this year, Google will preview a feature allowing customers to limit access to Google customer support to technicians based in the European Union.
New digital sovereignty controls
Digital sovereignty describes the idea of geographic location for data governance. For example, is your data located on servers in the United States or Europe? Where are the keys located? This is important when it comes to complying with data security laws (like GDPR).
Google says it goes beyond data residency with digital sovereignty controls. Here are the four features introduced.
Improved client-side encryption
The Client Side Encryption (CSE) feature lives up to its name. Encryption is performed on the device, locally, before the data is sent to the server. The idea is that if data is encrypted before reaching the network, it is secure.
Google is introducing a wide range of improvements to CSE, including support for mobile apps like Calendar, Gmail, and Meet, setting CSE defaults based on organizational units, and more. As this is an extensive list of improvements, some are available now, while others will appear over time.
Specify the location of encryption keys
New partnerships with Thales, Stormshield and FlowCrypt allow Workspace customers to choose the country whose servers host their encryption (and decryption) keys.
Choose where your data is processed
Currently, Google allows you to choose where your data is stored - in the EU or the US - when it is stored. Now, Google says you will also be able to choose where your data is processed (i.e. where the processors that process your data are located). This possibility should be presented in preview later this year.
Choose the region that provides Google support technicians
Administrators can currently specify that access to Google Customer Support be limited to staff based in the United States. Later this year, Google will preview a feature allowing customers to limit access to Google customer support to technicians based in the European Union.
Cyber threat prevention
Google is implementing a series of features intended to prevent cyber threats.
Mandatory two-step verification
ere's a fascinating statistic from Google's blog: Two-step verification reduces the number of compromised accounts by 50%. This is a huge advantage for a relatively simple security tactic. In this series of announcements, Google said that "certain admin accounts" from retailers and large businesses will need to add two-step verification to their accounts. This should begin later this year.
Multi-party approval for sensitive administrative actions
Google understands that it's probably not a good idea to entrust a single system administrator with uncontrolled, god-like powers. This is why Google will add, later this year, the obligation for a second administrator to approve certain sensitive actions. This measure not only protects against errors, but also against the actions of a single administrator whose access may have been compromised.
Protecting sensitive actions in Gmail
Although Google is very reluctant to provide details at the moment, the company said that it is starting to plan the use of artificial intelligence-based defenses to block actions such as filtering or forwarding of emails. -emails. (Whether this will stop George, the accountant, from sending "I'm hungry, I'm going to lunch" to the entire company for the fifth time this month remains to be seen).
Export newspapers to Chronicle in just a few clicks
Chronicle is Google's security suite. Google makes it easy to send logs from Workspace to Chronicle for further analysis. This feature is available in preview now.
Some statistics on Google security
Google also provided some statistics to showcase the benefits of its services:
Zero known exploited vulnerabilities compared to over 40 in legacy productivity suite (The U.S. Cybersecurity and Infrastructure Security Agency, 11/2021 - 8/2023)
41% fewer security incidents on average compared to other email solutions (At-Bay, Ranking Email Security Solutions, 2/2023)
Up to 50% savings on cybersecurity insurance premiums (At-Bay, Ranking Email Security Solutions, 2/2023)
This last statistic is interesting. If the report shows a 50% savings, that's a 50% savings compared to the lowest-ranked alternatives. So there are other solutions whose insurance cost estimates are similar to those of Google.
There you have it: Eleven new features from Google, available this year or next. They will be available to businesses, and eventually to small businesses. Better security is on the horizon, and it will come when it comes, but it will come.
Comments
Post a Comment