As organizations transition to cloud solutions, safeguarding data remains a top priority. Google emphasizes that Google Workspace has never experienced a security exploit; however, the company is committed to proactively addressing potential security challenges.
Today, Google unveiled several security enhancements for Google Workspace products, including Gmail and Drive. Some of these upgrades will leverage AI to automate essential tasks. It's crucial to note that these tools are currently in development or testing phases, with plans for rollout later this year and in early 2024.
To begin with, Google aims to strengthen its zero trust model, which it was instrumental in creating. Google defines zero trust as “a cloud security model designed to secure modern organizations by removing implicit trust and enforcing strict identity authentication and authorization.” In this framework, every user, device, and component is treated as untrusted at all times, regardless of network location.
As part of this initiative, Jeanette Manfra, Senior Director of Global Risk and Compliance at Google, announced new features that integrate zero trust principles with data loss prevention (DLP) strategies. “We’re merging these concepts and enhancing classification within Drive through AI capabilities. This will automatically and continuously classify and label sensitive data while implementing effective risk-based controls,” Manfra shared during a press conference this week.
Additionally, the team is introducing enhanced DLP controls for Gmail that allow administrators to prevent the inadvertent attachment of sensitive data, particularly when it appears in unexpected contexts. “For example, if a customer accidentally sends sensitive information in a support email, our enhanced controls enable Gmail users to elevate their security measures,” she explained. This could include disabling downloads or restricting copy and paste functionalities for specific documents.
Another key focus of these updates is improving awareness of location when sharing sensitive information. Google is adding context-aware controls in Drive, enabling administrators to set criteria based on device location, which must be met before users can share sensitive data.
Andy Wen, Director of Product Management for Google Workspace, highlighted how AI will assist administrators in analyzing log data for potential data breaches and behavioral anomalies, looking out for suspicious activities in Gmail that could indicate unauthorized access to accounts.
Data sovereignty remains a significant challenge for organizations that must retain control over certain information. Currently, Google offers client-side encryption for desktop users, with plans to extend this feature to mobile versions of Gmail, Calendar, Meet, and other Workspace tools.
“Crucially, customers hold the encryption keys, which means Google cannot access this data. Consequently, if law enforcement seeks information, Google will have no means of compliance,” Wen noted. “The primary advantage of client-side encryption is to protect your data, especially where regionalization may fall short. We achieve this by issuing an extra set of encryption keys controlled solely by the customer, securing their data ‘from browser to browser’ so that Google cannot view the original content.”
While Google has previously allowed customers to select a data residency location for stored data, it is now expanding this option to include the locale for data processing, initially limited to the EU or the United States.
These features are under development and expected to be released in the coming months. Although Google provided limited details on pricing, it is likely to vary depending on account type and specific features, determining whether they are included or require additional costs.