As corporations transition their operations to cloud-based infrastructures, safeguarding data integrity assumes paramount importance. Google, while underscoring its absence of past security breaches in its Google Workspace suite, remains unceasingly committed to proactively addressing potential security vulnerabilities.
Today, Google has unveiled a series of security-oriented enhancements designated for its suite of Google Workspace applications, including prominent offerings like GMail and Drive. Some of these enhancements incorporate the utilization of artificial intelligence (AI) for the purpose of automating select operational tasks. It is crucial to recognize that these tools are presently undergoing developmental phases or assessments of various degrees. However, Google’s strategy entails implementing these updates in the latter part of the present year and the early months of 2024.
In its initial endeavor, Google is concentrating on bolstering its zero trust framework, a conceptual approach it played a pivotal role in developing. Zero trust, in Google’s delineation, embodies “a cloud security model designed to secure modern organizations by removing implicit trust and enforcing strict identity authentication and authorization. Under zero trust, every user, device, and component is considered untrusted at all times, regardless of whether they are inside or outside of an organization’s network.”
As an integral facet of this paradigm, Jeanette Manfra, the senior director responsible for global risk and compliance at Google, has articulated the introduction of novel capabilities that amalgamate the principles of zero trust with the essence of data loss prevention (DLP). In her explanation, she states, “We are amalgamating these two facets and introducing the capacity to refine data classification through AI capabilities within Drive. This mechanism proactively and continuously classifies and categorizes sensitive data, subsequently applying appropriate risk-based controls.” These comments were made during a recent press event.
Furthermore, Manfra notes the incorporation of enhanced DLP controls within Gmail, empowering administrators to preclude inadvertent inclusion of sensitive information, especially when it emerges unexpectedly. “For instance, if a client unintentionally discloses confidential data through a customer support email, this enhancement equips Gmail users with the authority to augment their security protocols,” she elucidates. As a practical example, administrators could deactivate the capacity to download attachments or inhibit copy-paste actions concerning certain documents.
Another pivotal focal point of the enhanced toolset pertains to a heightened sensitivity toward geographical context and the sharing of data. To address this concern, Google is introducing context-aware controls within Drive, thereby furnishing administrators with the capacity to stipulate prerequisites such as device location that must be fulfilled prior to the sharing of sensitive information by users.
Andy Wen, who serves as the director of Product Management for Google Workspace, affirms that AI is being harnessed to enable administrators to scrutinize log data for potential instances of data breaches and anomalous behavioral patterns. Additionally, AI is leveraged to identify suspicious activities within Gmail, indicative of unauthorized access by malicious actors.
Particularly pertinent in this context is the issue of data sovereignty, which poses considerable challenges for organizations seeking to retain control over specific data sets. In this regard, Google currently extends client-side encryption to desktop platforms. However, the company plans to extend this feature to mobile iterations of Gmail, Calendar, Meet, and other Workspace components. Wen emphasizes that the cornerstone of this approach is endowing customers with the ability to manage encryption keys. Consequently, Google remains incapable of accessing this data, even in the event of legal entreaties. Wen expounds, “It is imperative to recognize that the chief advantage of client-side encryption lies in its ability to safeguard data in cases where regional compliance measures might be insufficient. This is achieved through the generation of an additional set of encryption keys, entirely under the control of the customer. These keys encrypt customer data during transmission between browsers, rendering the original content impervious to Google’s scrutiny.”
Although customers were hitherto afforded the option of designating a data residency location when data was at rest, Google is introducing the capability to specify the processing location for data. At present, this option is limited to the European Union (EU) and the United States.
The aforementioned enhancements, among others, are presently under development and are slated for release in the forthcoming months. While specifics regarding pricing remain elusive, it is likely that the associated costs will be contingent upon the type of account and the specific features desired, potentially involving supplementary charges.
