As companies move to the cloud, data security is paramount. Google claims it has never had an exploit in Google Workspace, but it still works to stay ahead of security issues.
Today, Google Workspace products like GMail and Drive received security updates, some of which will use AI to automate tasks. Google plans to update these tools later this year and in early 2024, but they are still in development or testing.
Google wants to improve its zero trust model, which it helped create. Zero trust is a cloud security model that removes implicit trust and enforces strict identity authentication and authorization for modern organizations, according to Google. Zero trust means that every user, device, and component, inside or outside an organization’s network, is untrusted.
In that approach, Jeanette Manfra, senior director of global risk and compliance at Google, says the company is announcing two new capabilities that combine zero trust and data loss prevention. We’re combining the two and adding AI-powered classification to Drive. At a press event this week, Manfra said this automatically classifies and labels sensitive data and applies risk-based controls.
She also said that Gmail is adding enhanced DLP controls to help administrators prevent users from accidentally attaching sensitive data, especially in unexpected places. “Suppose a customer accidentally sends sensitive data in a support email. This lets Gmail users take control and raise their security standards, she said. Admins could disable download or copy/paste on those documents.
Google is also adding context-aware controls to Drive so admins can set criteria like a device location for users to share sensitive data. These new tools focus on location and what can be shared.
Google Workspace director of Product Management Andy Wen says the company is also using AI to help admins search log data for data breaches and behavioral anomalies and Gmail for suspicious activity that may indicate a hacker has accessed the account.
Data sovereignty is a major issue for companies, which must maintain control over certain data. The company offers client-side encryption on the desktop but plans to add it to mobile Gmail, Calendar, Meet, and other Workspace tools.
Wen says that customers control the encryption keys, so Google can’t see this data and can’t share it with law enforcement if they ask.
“Keep in mind that the key benefit of client-side encryption is it protects your data where regionalization can be inadequate,” explained. We issue additional encryption keys that only the customer controls. This additional key encrypts customer data from browser to browser, so Google can never see the original content, he said.
When data is at rest, the company has let customers choose a data residency location, but now they can choose where to process it. That includes only the EU or US.
More features are in development and will be released in the coming months. Google was unclear on pricing, but it will likely depend on your account type and the feature, whether they are included or extra.