Google Workspace, the cloud-based suite of productivity and collaboration tools and services, is getting new capabilities to enhance account and data security. These updates aim to make it more difficult for unauthorized individuals to take over admin and user accounts and exfiltrate sensitive data. Some of these options are already available in preview, while others will be released by the end of the year.
The Google Workspace team has announced several account security enhancements. One of the upcoming changes is that 2-Step verification (2SV) will soon be mandatory for enterprise administrators of Google’s largest enterprise customers and resellers. This extra layer of security will help protect against unauthorized access to sensitive information.
Workspace administrators will also have the option to require that sensitive actions, like changing 2SV settings for a user, must be approved by two administrators. This multi-party approval process adds an additional safeguard and reduces the risk of unauthorized changes.
Google’s AI-powered defenses will provide automated protection for sensitive actions in Gmail, such as setting email filtering or forwarding. These actions are often exploited by attackers to delete or intercept emails. With automated protection, users can feel more confident that their email settings are secure.
Another enhancement is the ability for Workspace administrators to easily export Workspace logs into Chronicle. Chronicle is Alphabet’s cybersecurity subsidiary that offers cloud-based analytics of enterprise security-related data. This integration provides administrators with a centralized platform to monitor and analyze security events, enabling quicker detection and response to potential threats.
To further increase account security, Google has recently started supporting passkeys for Google Workspace accounts. Passkeys function as an additional layer of authentication, making it more difficult for unauthorized individuals to gain access to accounts.
In addition to account security enhancements, Google is also introducing new capabilities to enhance enterprise data loss prevention (DLP). These updates give security teams more control over the sharing of sensitive information via Gmail and in Google Drive. Administrators can define who can share sensitive content based on security status, providing more fine-grained control and reducing the risk of data leaks.
Google is leveraging AI technology to automatically and continuously classify and label data in Google Drive. This helps ensure that data is appropriately shared and protected from exfiltration. By using AI to analyze and categorize data, organizations can have better visibility into their data and make informed decisions about access and sharing permissions.
In terms of data sovereignty, Google is introducing new controls to give organizations more options for storing and processing their data. Organizations will be able to choose whether their data is processed in the EU or the US, allowing them to comply with regional data protection regulations. Furthermore, organizations can store a copy of their Workspace data in a country of their choice, ensuring compliance with local data residency requirements. Access to the stored data can also be restricted to specific regional support personnel, further enhancing data security.
Overall, these new capabilities in Google Workspace aim to empower enterprises with stronger account and data security measures. With mandatory 2-Step verification, multi-party approval processes, AI-powered defenses, passkeys, enhanced DLP controls, and improved data sovereignty options, organizations can better protect their sensitive information and mitigate the risk of unauthorized access and data breaches.