Google has announced the integration of new security controls into its Google Workspace platform, with several of these enhancements being powered by artificial intelligence (AI). The updates aim to bolster the platform's defenses against the rising number of cybersecurity threats.
Zero Trust and Data Loss Prevention
Google is keen on enhancing its zero trust model, a security approach that assumes no user or device is trustworthy, regardless of its location relative to the organization's network. Jeanette Manfra, senior director of global risk and compliance at Google, mentioned in a press event, “We're bringing the two together, and adding an ability to improve how you classify using AI capabilities within Drive.”
This means that data in Google Drive will be automatically and continuously classified and labeled, with appropriate risk-based controls applied. Furthermore, enhanced data loss prevention (DLP) controls will be added to Gmail, allowing administrators to prevent users from accidentally sharing sensitive data.
Digital Sovereignty and Data Control
Digital sovereignty, the concept of having control over where data is stored and processed, is another area Google is focusing on. The announcement from Google Workspace's blog highlights the introduction of client-side encryption enhancements. These enhancements will extend to mobile apps like Calendar, Gmail, and Meet. Moreover, in collaboration with global security providers like Thales, Stormshield, and Flowcrypt, Google will allow Workspace customers to choose the location of their encryption keys. This move is designed to support local regulatory compliance and provide an additional layer of data protection.
Proactive Cyberthreat Prevention
In light of the 38% increase in cybersecurity attacks in 2023, Google is introducing measures to preemptively tackle cyber threats. One notable step is the mandatory implementation of 2-step verification for select enterprise administrators. Google says that “2-step verification results in a 50% decrease in accounts being compromised.” Additionally, to prevent potential missteps or malicious actions by a single system administrator, Google will require multi-party approval for certain sensitive administrative actions.
Incorporating Feedback from the Official Announcement
Yulie Kwon Kim, VP of Product Management for Workspace Platform, and Andy Wen, Director of Product Management for Workspace Security, emphasized in the announcement that security, confidentiality, and compliance remain paramount for both commercial and public sector organizations. They highlighted that Google Workspace was designed with a cloud-native architecture rooted in zero-trust principles and supplemented with AI-powered threat defenses.
Tim Ehrhart, Domain Lead, Information Security at Roche, shared his experience with Google's zero trust capabilities, stating, “Context-Aware Access (CAA) has helped us manage our risks by not making access a binary choice, but allowing for more flexibility in access policies and allowing them to be applied to the right people, applications, and data.”