Google Workspace's New Controls for Modern Threats

Google Workspace has unveiled new security and compliance controls designed to safeguard enterprises and public sector organizations against modern cyber threats. These controls, centered on zero trust, digital sovereignty, and threat defense, leverage Google AI to ensure the safety of organizational data. A U.S. cybersecurity and infrastructure security agency reported zero known exploited vulnerabilities when using Google Workspace's security tools, compared to over 40 in legacy productivity suites.

The first set of controls, known as Zero Trust Controls, continuously classify and label data in Google Drive using Google AI. This ensures that data is appropriately shared and protected from exfiltration. Enhanced data protection controls, including Data Loss Prevention (DLP) or Cloud Access Aggregation (CAA), can be tailored to a company's security policy. Admins can establish criteria for sharing sensitive content, such as device location and security status. Additionally, enhanced DLP controls will soon extend to Gmail, following their availability in Google Chat, Drive, and Chrome.

The second set of controls, Digital Sovereignty Controls, introduces client-side encryption (CSE) enhancements. These enhancements include support for mobile apps in Google Calendar, Gmail, and Meet, making CSE the default for specific organizational units. Google Workspace's strategic partnerships with Thales, Stormshield, and Flowcrypt allow CSE customers to store encryption keys with partners in the country of their choice, aiding local regulatory compliance. Organizations can also choose where data is stored and processed, either in the EU or the US, and have the option to store a copy of their Workspace data in a country of their choice.

The third set of controls, Threat Defense Controls, requires administrator accounts of Google Workspace's resellers and major enterprise customers to implement two-step verification (2SV) for added security. Workspace administrators can also mandate multi-party approval for sensitive administrator actions, including modifying 2SV settings. Google's AI-powered defenses are being extended to provide automated protection for sensitive actions in Gmail, such as email filtering and forwarding. Workspace administrators can export Workspace logs into Chronicle, streamlining the process of identifying anomalies and responding to threats.

In summary, Google Workspace is reinforcing its security and compliance capabilities with zero trust, digital sovereignty, and threat defense controls, powered by Google AI. These measures aim to protect organizational data against modern cyber threats, and the introduction of client-side encryption enhancements, data storage options, and access controls further enhances the platform's security features.