Google has announced a number of security-related enhancements to Google Workspace products, including GMail and Drive, some of which will take advantage of AI to automate certain tasks.
It’s important to understand that these tools are still in development or various stages of testing, but Google plans to add these updates later this year and in early 2024.
For starters, Google wants to enhance its zero trust model, a concept the company helped develop. Google defines zero trust as, “a cloud security model designed to secure modern organizations by removing implicit trust and enforcing strict identity authentication and authorization. Under zero trust, every user, device, and component is considered untrusted at all times, regardless of whether they are inside or outside of an organization’s network.”
As part of that approach, Jeanette Manfra, senior director of global risk and compliance at Google, says the company is announcing a couple of new capabilities that combine the idea of zero trust with the notion of data loss prevention (DLP). “We’re bringing the two together, and adding an ability to improve how you classify using AI capabilities within Drive. And so what this does is it automatically and continuously classifies and labels sensitive data, and then applies appropriate risk-based controls,” Manfra said at a press event.
In addition she said that they are adding enhanced DLP controls to Gmail to enable administrators to prevent users from inadvertently attaching sensitive data, especially when it shows up especially in unexpected places. “So say a customer inadvertently sends sensitive data in a customer support email. This allows a Gmail customer to take the controls and sort of raise the bar on their security policies,” she said. For instance, admins could disable download or prevent copy and paste on those documents.
Another big area of focus with these new tools is being sensitive to location and what can be shared, so Google is also adding some context-aware controls in Drive so that admins can set criteria such as a device location that must be met in order for users to share sensitive data.
Andy Wen, director of Product Management for Google Workspace, says that the company is also putting AI to work to help admins peruse log data for data breaches and behavioral anomalies, and to look for suspicious actions in Gmail that could indicate a hacker has gained access to the account.
Weir says that central to this is that customers control the encryption keys, meaning that Google can’t see this data, and if law enforcement were to ask, there would be no way for Google to share this information.
“Keep in mind that the key benefit of client-side encryption is it protects your data where regionalization can be inadequate,” he said. “We do it by issuing an additional set of encryption keys that only the customer controls. This additional key encrypts the customer data — we call it from browser to browser — so that Google can never actually see the original content,” he said.