The dramatic increase in remote devices brought on by the move to remote work makes securing devices even more important. It’s critical to ensure that all devices are updated with the latest patches, have secure controls turned on, and are in compliance with organisational policies. Additionally, some users may need to buy their own devices or work on personal ones and access sensitive corporate data on non-corporate devices. These eight new features can help you enable security at scale.
1. Fundamental desktop security
With fundamental desktop security, when a user logs into G Suite in a browser on a Windows, Mac, Chrome or Linux device, they will be automatically registered with endpoint management, and admins will get controls such as the ability to remotely sign out users if a device is lost or stolen. More than 110 million, 30-day-active devices licensed through G Suite, Cloud Identity, and Chrome Enterprise are managed by our endpoint management solution. Within G Suite and Cloud Identity, multiple devices per user can be managed at no additional cost.
2. Enhanced management and security for Windows 10
IT admins can now manage and configure Windows 10 devices through the Admin console, just as you would for Android, iOS, Chrome and Jamboard devices today. You can perform device actions like device wiping from the cloud. Users will also be able to use existing G Suite account credentials to log in to Windows 10 devices and easily access apps and services with single sign-on (SSO).
3. Data protection insights
As an IT admin, you play a critical part in protecting your organisation’s sensitive data. That’s why Google launched data protection insights (Beta) to help you with insights such as “What are the top sensitive data types in your organisation.” Insights like these can help you prioritise your security efforts and focus on the most relevant data types for your organisation.
4. Automated classification
Google is also making it easier to manage data proliferation with the ability to automate data classification for Drive files. Automated classification (Beta) enables admins to apply security labels to their data with data loss prevention rules. Coupled with advanced detection technologies, incident management tools, and enhanced alerts, these tools can help you better manage your sensitive data with a remote workforce. Data protection insights and automated classification are both available as part of G Suite Enterprise.
5. iOS copy/paste protection
Next, Google launched additional measures to help ensure that sensitive data does not leave your organisation. The Android platform has always provided a clear separation between work and personal accounts in G Suite. This is the first of several capabilities that help bring the Android for Work experience to G Suite on iOS. With iOS copy/paste protection, you have the ability to prevent data leaks outside of Gmail, Drive, Docs, Sheets, and Slides for G Suite Enterprise, G Suite Enterprise for Education, and Cloud Identity Premium accounts.
6. Group-based policies
No matter where your users are in the world, it’s important that admins can scale security across different geographies. Based on the zero-trust security model and Google’s BeyondCorp implementation, context-aware access enables you to provide secure access for your users based on dynamic context such as IP, geolocation, and device status. Google is making it even easier to deploy context-aware access by enabling group-based policies as well as extending context-aware access controls to SAML applications. This level of control can be especially helpful to admins who manage teams working from different places globally, as well as those who manage a mix of full-time and part-time workers, as it enables the ability to enact policies for very specific groups of users, irrespective of organisational unit structure.
7. Context-aware access for SAML applications
In addition to G Suite applications, your users can use Google sign-in to access critical SAML applications like Salesforce if you are using Google as your primary identity provider (IdP). With context-aware access for SAML applications (Beta), you can now ensure secure sign-in to SAML applications from wherever users are.
8. Monitor G Suite and Google Cloud Platform logs in one place
Google is making it easier for security teams to monitor G Suite and Google Cloud Platform logs in a single console. G Suite customers can view their G Suite Admin logs directly on Log Viewer, track them with Cloud Monitoring or export them to their preferred security information and event management provider, like Splunk. This feature is now available in Beta for all G Suite customers.