Google to add more granular security controls to Workspace

Share post:

Google will soon improve its automated AI-based data protection capabilities in its Workspace productivity suite for organizations storing data in Google Drive.

The enhanced features include the ability to automatically and continuously classify and label data in Drive, the ability of administrators to enforce context-aware data loss prevention controls, and digital sovereignty controls.

But while many of the new features can be tested now or soon in previews, Google officials told reporters in a pre-announcement briefing that they won’t be officially and fully available until late this year or early next year.

And their availability will also depend on which version of Workspace organizations subscribe to.

“Many customers have said, ‘It’s so hard to label our data, I can’t ask my administrators or users to label all our sensitive data,'” Andy Wen, director of product for Workspace security and compliance, told reporters. Through AI, he said, Google can help identify sensitive documents just by dropping files into a folder for analysis.

The new features include:

— giving Workspace administrators the ability to use AI models they can customize to automatically classify and label new and existing files in Drive. Data protection controls, such as data loss prevention (DLP), can then be applied based on the firm’s security policy and risk tolerance;

— adding some DLP enhancements to Gmail, similar to capabilities already in Google Chat, Drive, and Chrome.

“This will help particularly organizations who struggle with protecting sensitive data when it shows up in unexpected places — say a customer inadvertently sends sensitive data in a customer support email,” said Jeanette Manfra, senior director of global risk and compliance for Google Cloud.

— Workspace admins will also be able to set criteria, such as device location or security status, that must be met in order for a user to be able to share sensitive content in Drive;

— making two-step verification (2SV) mandatory for select enterprise administrator accounts. These will include accounts of Workspace resellers, and the largest enterprise customers will be required to add 2SV to their accounts to strengthen their security;

Screen shot of Google Workspace admin console
This screen shot shows the new option for enabling multi-party approval for certain changes

— requiring approval of more than one administrator to complete a sensitive action, such as changing 2SV settings for a user, as an extra layer of defence against malicious actions;

— the ability of administrators to export Workspace logs into Google Chronicle to identify anomalies and help improve their response time to threats.

For organizations that have to face data residency requirements obliging them to keep sensitive data within a country

— existing support for client side encryption (CSE) for mobile apps in Google Calendar, Gmail, and Meet is now available, with the ability to set CSE as default for select units within firms available in preview later this year. CSE is an additional encryption key the customer controls. It adds protection against the potential of stolen cloud authentication keys;

— admins will be able to locally store their encryption keys through strategic partnerships with global security providers Thales, Stormshield and Flowcrypt;

— coming will be the option of deciding where data can be processed. Initially the choices will be in the U.S. or Europe.

The post Google to add more granular security controls to Workspace first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways