Google Workspace beefs up security and privacySyah Ismail
It’s never been more critical to protect the connections that Google Workspace enables every day. Google’s security features help you create flexible workspaces that scale, no matter what device or browser you are using. At the same time, Google makes sure that security doesn’t get in the way of you accomplishing your goals but rather helps you easily protect the data that’s so critical to your organisation. Here are new security features that help facilitate safe communication and give admins increased visibility and control for their organisations.
New safety features for Meet and Chat users and admins
Google is adding safety features designed to combat abuse, including new classification, audit logging, and detection capabilities to Meet. To prevent abusive users from disrupting your meetings, Google classifies users that were marked abusive and ejected from prior meetings and prevent similar users from joining your meetings in the future. Also, Meet will automatically detect abusive display names or codes and then disallow users from joining. For admins, Google is helping you investigate any abuse your users might be seeing by showing admins audit logs of instances when users in your domain report abuse within Meet.
As a core component of keeping your communications safe, Google is adding new security features to Chat to help admins stay informed of and manage what’s going on in their organisations. First, Google is helping admins stay better apprised of what’s happening in their organisations with new audit logs and identify potentially malicious behaviours in Chat that could indicate phishing or data exfiltration. Google is also classifying spammy or abusive Chat rooms as such to help ensure that your users aren’t added to those rooms. For a holistic view of actions taken across Google Workspace products, admins can see logs related to Chat, Meet, Groups, Calendar and Voice in the Security Center’s Investigation Tool.
Keep your organisation’s data safe with security insights
Google is increasing admins’ visibility into matters of data security to help you make the best decisions around protection. Google introduced audit logs for Gmail in general availability that show when users enable email auto-forwarding outside of their domain which could indicate potential data loss from a policy violation, malicious insider or hijacked account. These logs can help you determine if something needs to be done to mitigate the chances for data loss or leakage.
Google is launching data protection insights in general availability to proactively create reports that help admins understand the sensitive information that is stored in their organisation. These insights help you act on the visibility you have, providing information that can help you make more informed decisions about how to protect your organisation’s data.
In the coming weeks, you’ll see a redesigned rules page in the Google Workspace admin console to centralise rule discovery, creation and management for both Google-provided and custom rules. As part of this redesign, Google is also bringing together activity, data protection, device management, reporting and system-defined rules to consolidate security rules into a centralised experience for increased visibility and convenience. Google will also be launching fully customisable templates in general availability that enable quick creation and setup of rules based on some of its best practices. These enhancements build off of Google’s recent improvements, including new time series charts that show rule log events history for data protection rules and advancements to make triage faster with people cards in Alert Center.
Reinforcing Google’s commitment to privacy
Earlier this year, Google received an accredited ISO/IEC 27701 certification for Google Cloud Platform as a data processor. Today, Google Workspace is the first major productivity suite to receive an accredited ISO/IEC 27701 certification as a data processor. Published in 2019, ISO/IEC 27701 is a global standard designed to help organisations align with international privacy frameworks and laws. It provides guidance for implementing, maintaining and continuously improving a Privacy Information Management System (PIMS) and can be used by both data controllers and processors, a key consideration for organizations that must align with the GDPR.
Our accredited ISO/IEC 27701 certification for Google Workspace provides customers with benefits including simplified audit processes, universal privacy controls and greater clarity around privacy-related roles and responsibilities.
New security controls for admins
Organisations often use other enterprise cloud applications along with Google Workspace. To maintain a safer ecosystem across all applications, last month Google announced the general availability of context-aware access for SAML apps. This can be used to create granular access control policies for pre-integrated or custom SAML apps based on specific attributes including the user, geolocation, device security status and IP address, thus reducing the chances of unintended access to specific apps or the data within them.
Next, Google is helping you understand exactly which apps meet Google’s privacy and security verification requirements for access to Google Workspace data and then giving you the power to decide how much access they should get. Apps often require access to Google Workspace data to help your users get work done. We work with app developers to make sure that third-party apps comply with Google privacy and security requirements. If an app meets specific requirements, they are considered “Google verified.” Using App access control, you can now choose which apps can access Google Workspace data, restricting or allowing the data access for unverified apps.
In the coming weeks, Google will be launching a redesigned Google Vault UI. This update introduces a new user interface with several workflow enhancements such as text filters and side panel content navigation, making content review much faster and more convenient. Google is expanding the Google Workspace services covered in Vault by supporting Google Voice data, enabling search, holds and retention of specific Google Voice data.
All of the new security and privacy features shows Google’s commitment to protecting users from abuse and malicious behaviour and equip admins with powerful tools that help them manage security for their organisation.