In the ever-evolving landscape of cloud migration, the paramount concern remains safeguarding data. Google, a pioneer in this domain, consistently underscores its unblemished track record in terms of exploits within Google Workspace. However, this does not imply complacency; rather, Google diligently strives to proactively outpace security challenges.
Presently, the company has unveiled a series of security-focused upgrades for its Google Workspace suite, encompassing pivotal elements like GMail and Drive. A selection of these enhancements harnesses the potential of artificial intelligence (AI) to automate specific tasks. It is vital to recognize that these tools are presently undergoing development or are at various stages of testing. Google anticipates integrating these updates throughout the upcoming year and into early 2024.
Primarily, Google aims to elevate its zero trust model, a concept it significantly contributed to shaping. This model adheres to the principle of eliminating implicit trust and rigorously enforcing identity verification and authorization. In the realm of zero trust, all users, devices, and components, whether internal or external to an organization’s network, are perpetually regarded as untrusted.
In pursuit of this principle, Jeanette Manfra, the Senior Director of Global Risk and Compliance at Google, disclosed novel capabilities that amalgamate zero trust with data loss prevention (DLP). She elaborated, “We’re merging the two concepts and introducing the ability to enhance classification through AI capabilities within Drive. This entails the automatic and continuous classification and labeling of sensitive data, followed by the application of appropriate risk-based controls.” These developments were shared during a recent press event.
Furthermore, Manfra divulged that enhanced DLP controls are being integrated into Gmail. These controls empower administrators to thwart inadvertent attachment of sensitive data, especially in unexpected contexts. Manfra expounded, “Imagine a scenario where a customer accidentally transmits sensitive data in a customer support email. This enhancement empowers Gmail users to bolster their security policies. For instance, administrators can disable downloads or restrict copy-paste functions for such documents.”
Location sensitivity and judicious data sharing are focal points in these new tools. Accordingly, Google is introducing context-aware controls within Drive, allowing administrators to stipulate criteria, such as device location, that must be met before users can share sensitive data.
Andy Wen, Director of Product Management for Google Workspace, emphasized the deployment of AI to assist administrators in scrutinizing log data for potential data breaches and unusual behavioral patterns. The technology also aids in identifying suspicious activities within Gmail that might indicate unauthorized account access.
A noteworthy challenge is data sovereignty, particularly for companies seeking to maintain control over specific information. To address this, Google currently provides client-side encryption on desktop platforms and intends to extend this to mobile versions of Gmail, Calendar, Meet, and other Workspace tools.
Wen emphasized the core concept: customers retain control over encryption keys, precluding Google’s access to data. In scenarios involving legal requests, Google would be unable to share this information, safeguarding data privacy. “Client-side encryption’s primary advantage is safeguarding data in regions where regionalization measures might fall short,” Wen explained. “We achieve this by issuing a supplementary set of encryption keys under the customer’s control. These keys encrypt customer data—what we term ‘browser to browser’—rendering the original content inaccessible to Google.”
Although the option for customers to choose data residency locations existed previously, Google is augmenting this capability by allowing users to select data processing locations. Initially, this feature will cover the European Union and the United States.
These upcoming features, among others, are presently under development and will be launched in the ensuing months. While Google remains reticent about precise pricing details, it is likely to be contingent on account type and specific features—whether they are included or require additional payment.
