Google on Thursday introduced new AI-powered security controls for its Workspace customers, targeting zero trust, digital sovereignty, and threat defense.
The new AI-powered zero trust capabilities, Google says, are meant to provide organizations with more granular control over how data is accessed and used.
To ensure data protection and prevent inappropriate sharing of data in Google Drive, Google AI can now be used to automatically and continuously classify and label new and existing files, and then apply necessary controls based on the organization’s security policies.
Context-aware DLP controls will allow administrators to set specific criteria to be met before a user can share sensitive content in Drive – the capability will become available in preview later this year.
Gmail will receive enhanced DLP controls too – also in preview later this year – to improve control over the sharing of sensitive information, both inside and outside the organization.
The internet giant also announced new digital sovereignty controls to help prevent unauthorized access to sensitive data, storing encryption keys, selecting where data is processed, and limiting Google support access.
To prevent third-party access to sensitive data, Google is introducing new client-side encryption (CSE) improvements, such as generally available support of mobile apps in Google Calendar, Gmail, and Meet, or the ability to view, edit, or convert Excel files (in preview).
Later this year, in preview, Google Workspace will let organizations set CSE as default for select units, will provide guest access support in Meet, and support for comments in Docs.
Google also announced that it has partnered with Thales, Stormshield, and Flowcrypt to allow CSE customers to store encryption keys in their country of choice.
Functionality set to arrive in preview later this year will allow organizations to choose where their data is processed (European Union or US), and to limit Google support access to EU-based support.
To improve protections against account takeover, later this year, the internet giant will make two-step verification (2SV) mandatory for select administrator accounts of resellers and largest enterprise customers, and will enable multi-party approval for sensitive administrator actions, in preview.
Google also announced the preview availability of automated protections for sensitive actions in Gmail, including filtering and forwarding, and the ability to export Workspace logs into Chronicle.
Related: Google Workspace Gets Passkey Authentication
Related: Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar
Related: Google Workspace Gets Client-Side Encryption in Gmail