Google will soon improve its automated AI-based data protection capabilities in its Workspace productivity suite for organizations storing data in Google Drive.
The enhanced features include the ability to automatically and continuously classify and label data in Drive, the ability of administrators to enforce context-aware data loss prevention controls, and digital sovereignty controls.
But while many of the new features can be tested now or soon in previews, Google officials told reporters in a pre-announcement briefing that they won’t be officially and fully available until late this year or early next year.
And their availability will also depend on which version of Workspace organizations subscribe to.
“Many customers have said, ‘It’s so hard to label our data, I can’t ask my administrators or users to label all our sensitive data,’” Andy Wen, director of product for Workspace security and compliance, told reporters. Through AI, he said, Google can help identify sensitive documents just by dropping files into a folder for analysis.
The new features include:
— giving Workspace administrators the ability to use AI models they can customize to automatically classify and label new and existing files in Drive. Data protection controls, such as data loss prevention (DLP), can then be applied based on the firm’s security policy and risk tolerance;
— adding some DLP enhancements to Gmail, similar to capabilities already in Google Chat, Drive, and Chrome.
“This will help particularly organizations who struggle with protecting sensitive data when it shows up in unexpected places — say a customer inadvertently sends sensitive data in a customer support email,” said Jeanette Manfra, senior director of global risk and compliance for Google Cloud.
— Workspace admins will also be able to set criteria, such as device location or security status, that must be met in order for a user to be able to share sensitive content in Drive;
— making two-step verification (2SV) mandatory for select enterprise administrator accounts. These will include accounts of Workspace resellers, and the largest enterprise customers will be required to add 2SV to their accounts to strengthen their security;
— requiring approval of more than one administrator to complete a sensitive action, such as changing 2SV settings for a user, as an extra layer of defence against malicious actions;
— the ability of administrators to export Workspace logs into Google Chronicle to identify anomalies and help improve their response time to threats.
For organizations that have to face data residency requirements obliging them to keep sensitive data within a country
— existing support for client side encryption (CSE) for mobile apps in Google Calendar, Gmail, and Meet is now available, with the ability to set CSE as default for select units within firms available in preview later this year. CSE is an additional encryption key the customer controls. It adds protection against the potential of stolen cloud authentication keys;
— admins will be able to locally store their encryption keys through strategic partnerships with global security providers Thales, Stormshield and Flowcrypt;
— coming will be the option of deciding where data can be processed. Initially the choices will be in the U.S. or Europe.