Google has announced a ream of security upgrades for the Google Workspace suite of cloud productivity and collaboration tools, citing recent spikes in ransomware statistics and other alarming cybersecurity data.
Updates include new automation features powered by AI, as well as the strengthening of its existing zero trust model. The changes will further bolster data protection for businesses on Workspace, while threats like Google Chat scams continue to proliferate.
Google Workspace is the umbrella under which popular apps like Gmail, Google Drive, and Google Docs live, as well as add-ons such as Google Voice. While empowering employees with one of the best password managers will help protect sensitive data stored on Workspace, now Google is upping the ante with these new security features.
Zero Trust and DLP: A Match Made in Heaven?
If there was a flagship update among the new Google Workspace security features just announced, it would be the merging of zero trust and data loss prevention (DLP) strategies.
What do these two bits of infosec jargon actually mean? Zero trust is an approach to cybersecurity based on the principle of “never trust, always verify,” which in practice means the implementation of additional security controls beyond the initial log-in to a network or account. Think of how many times your boarding pass and passport gets checked before you're actually let on a flight, in addition to the main TSA airport security controls, and you start to get the idea.
DLP is more self-explanatory and refers to services or features that that help to prevent data loss. At the heart of Google's latest Workspace updates are new features that combine the two principles to fortify its defenses.
How Google Is Using AI to Boost Workspace Security
For starters, AI can now automatically apply labels to documents stored in Google Drive. Workspace admins will set the conditions for how different types of documents are labelled, and any additional security measures that are applied to certain categories thereafter. AI will take care of the grunt work, though, and this feature is already available in preview.
In addition, Google Drive offer new context-aware DLP controls to Workspace admins, starting later this year. Most Gmail users have probably been asked to complete two-step verification when logging in on a new device, and the idea here is similar. Admins will be able to configure different security protocols for a variety of different situations, including device type, location, user privilege level and more. However, admins won't be able to run riot with their new powers, as a further tweak will see Google requiring multi-party approval for select sensitive admin actions.
Lastly, Google has hinted at enhanced Gmail DLP measures. These haven't been revealed in full, but the company has said that it's currently testing how AI could be used to block certain sensitive actions (such as email filtering or forwarding) under specific conditions. As above, these could be related to location (in the office), though bear in mind that this is pure speculation on our part. Some of the Google Workspace upgrades aren't set to land until 2024, the company added, and this looks likely to be one of them.
Data Sovereignty Co-Stars Alongside Data Loss Prevention
Alongside new data loss prevention measures, data sovereignty is also spotlighted by Google Workspace's latest updates.
Basically, Google will be giving you (or your company) a whole heck of a lot more power to decide where your data is handled. Currently, the internet giant lets you choose where you data is stored (the US or EU), but going forward you'll also be able to choose where your data is processed. In practice, this means where the physical CPUs doing the tango with your data are located.
Similarly, you'll also be able to choose where the servers storing your encryption/decryption keys are located. This new capability comes alongside new client side encryption (CSE) improvements, such as baked in support for the Gmail and Google Meet apps.
Finally, companies will now have the power to choose if Google support techs are based in the US or EU. As is the case with the other choices Google will be offering you, this is relevant beyond pure patriotism because of the EU's more robust approach to data governance and protection.