Google has announced several new security enhancements for its Workspace productivity suite geared towards improving account security and giving organizations more control over how they manage their data. The updates include multi-party approval for administrative actions, AI-based document classification, context-aware DLP, and digital sovereignty controls, such as ownership of client-side encryption keys.
Multi-Admin Approval and 2SV
Google will soon introduce multi-party signoff for mission-critical actions performed by Workspace administrators. The update will require multiple admins to approve sensitive configuration changes prior to implementation. The new security control will help prevent account hijacking by limiting the effectiveness of phishing and social engineering attacks targeting a single user. The initial launch will support only 2-step verification (2SV), but Google plans to release additional options based on user feedback. Google will also make 2SV mandatory for select administrator accounts later this year.
AI Data Classification and DLP
Google AI can now automatically and continually classify and label documents in Google Drive. Using context-aware data loss prevention (DLP) controls, administrators can enforce access based on criteria such as device location or security status. The added DLP functionality will help organizations better control how their data is accessed and shared. DLP functionality is already available in Drive, Chat, and Chrome. Google will be adding support to Gmail later this year.
Digital Sovereignty
Google also announced new digital sovereignty controls, giving organizations more authority over the storing and processing of data based on geographic boundaries. Through ownership of client-side encryption (CSE) keys, Workspace customers can now prevent access to data by third parties, including Google. Other CSE updates include:
- Support of mobile apps in Calendar, Gmail, and Meet (available now)
- The ability to set CSE as the default for organizational units (in preview later this year)
- Guest access support in Meet (in preview later this year)
- Comments support in Docs (in preview later this year)
- The ability to view, edit, or convert Microsoft Excel files (in preview)
Customers can also select the location (EU or US) where their data and encryption keys are stored and processed. Additionally, customers can restrict and monitor access to Google support using Access Approvals, Transparency, and Management.