Google has unveiled new features for its office productivity suite Workspace, including one that utilizes generative AI to automatically classify and label files in Drive for zero trust purposes. This addition to Workspace follows the introduction of other generative AI tools, such as virtual assistant Duet AI. In addition to the generative AI capabilities, Google also announced data loss prevention (DLP) capabilities and “digital sovereignty” controls.
According to a blog post by Google, its AI technology will be able to automatically and continuously classify and label data in Google Drive, ensuring that data is appropriately shared and protected from exfiltration. Administrators can utilize customizable LLM models to classify and label new and existing Drive files using risk-based controls. This feature aims to automate certain manual aspects of zero-trust security, such as setting specific access controls on a per-user basis. The feature is currently available in preview.
Jeanette Manfra, Director of Risk and Compliance at Google Cloud, highlighted the uniqueness of this feature, stating, “No one else in the market can do this.” Google believes that it is the first to apply AI to data classification, customized by each customer’s classification. This automated and continuous data classification is essential for organizations to adopt a zero-trust framework and qualify for the optimal level of zero-trust security. By classifying sensitive data, organizations can add extra protection to that specific data, ensuring that security measures are agile and dynamic.
Jack Poller, an analyst at TechTarget’s Enterprise Strategy Group, commented on the application of AI to data security and classification. Traditionally, classification relied on sophisticated pattern matching that required significant time and effort to tune to specific needs. However, AI engines can identify and classify data in context, are more tolerant of formatting errors, and training is simpler. Applying AI to data classification improves accuracy and reduces false alerts.
Google also announced new DLP controls for Drive and Gmail. For Drive, Workspace admins can set criteria and requirements for users to share sensitive content. This includes device location and security status for more granular controls. For Gmail, the DLP controls provide security teams with better control over the sharing of sensitive information via features available in Google Chat, Drive, and Chrome. These DLP control enhancements will be available in preview later this year.
Digital sovereignty controls were also announced for Workspace, with a focus on client-side encryption (CSE) enhancements. CSE refers to data encrypted locally on the organization’s end to provide additional protection. The CSE enhancements include the ability to set CSE as default for select organizational units, guest access support in Google Meet, and comment support in Google Docs and Microsoft Excel file viewing and modification. The Excel features are currently in preview, while others will be available later this year.
Customers using CSE will have the option to store encryption keys with select providers in their country of choice and choose whether data is stored and processed in the EU or US. They can also enforce regional access controls.
Google also announced new security controls centered around preventative defense. These include requiring two-step verification for select administrator accounts, allowing Workspace admins to require multi-party approval for certain sensitive actions, exporting Workspace logs to Chronicle, and using AI-powered defenses to automate protection on certain actions in Gmail, such as email filtering and forwarding.
With these new capabilities, Google aims to enhance the security and privacy features of its Workspace productivity suite. The addition of generative AI for automatic classification and labeling of files in Drive, along with DLP controls and digital sovereignty enhancements, provides users with better tools to protect their data, comply with regulations, and strengthen their overall security posture.
In conclusion, Google’s introduction of generative AI capabilities, DLP controls, and digital sovereignty enhancements to its Workspace productivity suite aims to provide users with advanced security and privacy features. These features automate data classification, provide granular controls for sensitive content sharing, and enhance encryption and access control options. By continuously innovating and integrating AI-driven technologies, Google aims to improve data protection and help organizations adopt a zero-trust security framework.