Google has announced enhancements to its Workspace productivity and collaboration suite that it claims will reduce security risks for distributed workforces. The company uses Google AI to improve data loss prevention (DLP) controls in Drive, implement new zero-trust controls, classify data in Drive, and automate the protection of sensitive information in Gmail.
New data sovereignty controls will enhance client-side encryption to give Workspace customers ownership of encryption keys, more options on where to store or process data, and the ability to limit access to support personnel in the European Union. On the admin side, Google will make two-step verification mandatory on select administrator accounts and require multiparty approval on sensitive administrator actions.
Google Workspace includes popular SaaS applications such as Drive, Gmail, Meet, Calendar, Docs, and Slides. Some of the enhancements announced today will apply to both the enterprise and consumer versions of those applications. All are either in the pilot stage or will be released in beta form by the end of the year.
Data loss prevention a key focus
What makes SaaS suites like Workspace attractive to organizations with distributed workforces also increases the risk of data theft or exposure. Workspace makes it easy to share data both within the enterprise and with external parties. Employees might inadvertently or intentionally make sensitive information available to unauthorized parties or leave it accessible to threat actors.
The first step to protecting sensitive information is to accurately identify and label it as such. Then controls must be placed around who has access to it and where it can reside. Available in preview, Workspace can now automatically classify and label data stored in Google Drive using Google AI. Workspace admins can then apply their own DLP or context-aware access (CAA) controls to help implement a zero-trust model. Google will help train customers’ own AI models.
“Context-Aware Access has helped us manage our risks by not making access a binary choice but allowing for more flexibility in access policies and allowing them to be applied to the right people, applications, and data,” Tim Ehrhart, domain lead, information security at Roche, said in a statement. “Since using CAA, we’ve been able to allow our users to use more of Google Workspace for a broader set of scenarios with more confidence in the safety of that work.”