Google Workspace

New security and privacy announcements for Google Workspace

#security

Today, we announced Google Workspace, which brings together everything you need to get anything done, now in one place. It’s never been more critical to protect the connections that Google Workspace enables everyday, and we’re constantly innovating to deliver the best in security. Our security features help you create flexible workspaces that scale, no matter what device or browser you are using. At the same time, we want to make sure security doesn’t get in the way of you accomplishing your goals, but rather helps you easily protect the data that's so critical to your organization. For this reason, today’s announcements include new security features that help facilitate safe communication and give admins increased visibility and control for their organizations.

More helpful safety features for Meet and Chat for users and admins

We’re adding safety features designed to combat abuse, including new classification, audit logging, and detection capabilities to Meet, available in the coming weeks. To prevent abusive users from disrupting your meetings, we classify users that were marked abusive and ejected from prior meetings, and prevent similar users from joining your meetings in the future. Also, Meet will automatically detect abusive display names or codes, and then disallow users from joining. And for admins, we’re helping you investigate any abuse your users might be seeing by showing admins audit logs of instances when users in your domain report abuse within Meet.

1 - Preventing abusive users from disrupting your meetings.jpg
Preventing abusive users from disrupting your meetings

As a core component of keeping your communications safe, we’re adding new security features to Chat to help admins stay informed of and manage what’s going on in their organizations. First, we’re helping admins stay better apprised of what’s happening in their organizations with new audit logs, and helping admins identify potentially malicious behaviors in Chat that could indicate phishing or data exfiltration, for example. We’re also classifying spammy or abusive Chat rooms as such to help ensure that your users aren’t added to those rooms. For a holistic view of actions taken across Google Workspace products, admins can see logs related to Chat, Meet, Groups, Calendar, and Voice in the Security Center’s Investigation Tool. These features will be generally available in the coming weeks.

2 - Chat logs in the Investigation Tool.jpg
Chat logs in the Investigation Tool

Helping you keep your organization’s data safe with security insights

Next, let’s take a look at how Google Workspace helps protect your organization’s data. We know that keeping your data safe is one of the most critical missions for any organization, and we are here to help support that effort. 

We’re increasing admins’ visibility into matters of data security to help you make the best decisions around protection. Last month we introduced audit logs for Gmail in general availability that show when users enable email auto-forwarding outside of their domain, which could indicate potential data loss from a policy violation, malicious insider, or hijacked account. These logs can help you determine if something needs to be done to mitigate the chances for data loss or leakage.

3 - Audit logs for out of domain forwarding in Gmail.jpg
Audit logs for out of domain forwarding in Gmail

Next week we’re launching data protection insights in general availability to proactively create reports that help admins understand the sensitive information that is stored in their organization. These insights help you act on the visibility you have, providing information that can help you make more informed decisions about how to protect your organization’s data.

4 - Data protection insights reports.jpg
Data protection insights reports

In the coming weeks, you’ll see a redesigned rules page in the Google Workspace admin console to centralize rule discovery, creation, and management for both Google-provided and custom rules. As part of this redesign, we’re also bringing together activity, data protection, device management, reporting, and system defined rules to consolidate security rules into a centralized experience for increased visibility and convenience. We’ll also be launching fully customizable templates in general availability that enable quick creation and setup of rules based on some of our best practices. These enhancements build off of our recent improvements, including new time series charts that show rule log events history for data protection rules (now in alpha), and advancements to make triage faster with people cards in Alert Center (now generally available).

5 - Redesigned rules page.jpg
Redesigned rules page

Reinforcing our commitment to privacy

Earlier this year we announced that we received an accredited ISO/IEC 27701 certification for Google Cloud Platform as a data processor. Today, we’re pleased to announce that Google Workspace is the first major productivity suite to receive an accredited ISO/IEC 27701 certification as a data processor. Published in 2019, ISO/IEC 27701 is a global standard designed to help organizations align with international privacy frameworks and laws. It provides guidance for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS), and can be used by both data controllers and processors—a key consideration for organizations that must align with the GDPR.

Our accredited ISO/IEC 27701 certification for Google Workspace provides customers with benefits including simplified audit processes, universal privacy controls, and greater clarity around privacy-related roles and responsibilities. Certifications provide independent validation of our ongoing dedication to world-class security and privacy, and you can see a list of our certifications here.

New security controls for admins to help create safer and more flexible workspaces

Next, let’s look at the new security controls that can help you manage the protection of data.

Organizations often use other enterprise cloud applications along with Google Workspace. To maintain a safer ecosystem across all applications, last month we announced the general availability of context-aware access for SAML apps. This can be used to create granular access control policies for pre-integrated or custom SAML apps based on specific attributes including the user, geolocation, device security status, and IP address, thus reducing the chances of unintended access to specific apps or the data within them.
6 - Context-aware access for SAML apps.jpg
Context-aware access for SAML apps

Next, we’re helping you understand exactly which apps meet Google’s privacy and security verification requirements for access to Google Workspace data, and then giving you the power to decide how much access they should get. Apps often require access to Google Workspace data to help your users get work done. We work with app developers to make sure that third-party apps comply with Google privacy and security requirements. If an app meets specific requirements, they are considered “Google verified.” Using App access control, you can now choose which apps can access Google Workspace data, restricting or allowing the data access for unverified apps.

7 - Showing Google verified apps in Admin Console.jpg
Showing Google verified apps in Admin Console

Google Vault enables data retention and eDiscovery in Google Workspace, and in the coming weeks we’ll be launching a redesigned Vault UI. This update introduces a new user interface with several workflow enhancements such as text filters and side panel content navigation, making content review much faster and more convenient. And launching soon to continue supporting your organization’s retention and eDiscovery needs, we’re expanding the Google Workspace services covered in Vault by supporting Google Voice data, enabling search, holds, and retention of specific Google Voice data.

8 - Redesigned Google Vault UI.jpg
Redesigned Google Vault UI

We are adding these features to your Google Workspace security toolkit to help prevent abuse and malicious behavior, and to help admins with powerful tools that help them manage security for their organization. To help you navigate the latest thinking in cloud security, explore the latest installment of our Google Cloud Security Talks, on-demand now.