Google Workspace Gets ‘AI-Powered’ Security: 10 New Gmail, Drive Enhancements

Here are 10 new AI-powered security features for Google Workspace around Gmail, Drive, Meet, Docs and Chat unveiled Wednesday.

Google is unleashing a slew of new security features inside Gmail, Drive, Meet, Docs and Chat in a move to make Workspace more powered by artificial intelligence.

“In security, the job is never done,” said Andy Wen, director of product management for Google Workspace, in a statement. “Which is why we’re unveiling new zero trust, digital sovereignty and threat defense controls powered by Google AI to help organizations keep their data safe.”

New AI-powered security features in Google Workspace include enhanced data loss prevention control in Gmail, the ability to automatically classify and label data in Google Drive, as well as new client-side encryption enhancements to improve digital sovereignty.

[Related: Google Hires 5 Key Execs From AWS, Microsoft: Here’s Who]

Google’s Wen said there is a better way for organizations to combat modern cyberattacks and protect their data, which is “a cloud-native architecture rooted in zero trust principles and augmented with AI-powered threat defenses.”

CRN breaks down the 10 new AI-powered security features coming to Google Workspace, which is the company’s flagship communication and collaboration suite of products.

Google Workspace And Cloud Sales Hit $8 Billion

Before jumping into the 10 new security features and capabilities inside Workspace, it’s key to know that Google Cloud sales hit a record high of over $8 billion during its most recent quarter.

Google Cloud revenue include sales from Workspace, Google Cloud Platform and other services. In Google’s second-quarter 2023, which ended June 30, Google Cloud generated total sales of $8.03 billion, representing an increase of 28 percent year over year compared with $6.28 billion in second-quarter 2022.

Google CEO Sundar Pichai said his company is “making it easier” for customers to innovate using Google’s AI and generative AI new offerings. “Our generative AI capabilities give us an opportunity to win new customers and upsell into our install base of 9 million paying Google Workspace customers,” said Pichai on Google’s second-quarter 2023 earnings call last month.

CRN breaks down how the 10 new capabilities Google Workspace is providing give security teams more granular controls over data use, access and more.

Google Drive’s New Automatic Data Classification

In terms of new AI-powered zero trust controls, Google is leveraging its AI to automatically and continuously classify and label data in Google Drive. This is to help ensure data is appropriately shared and protected from exfiltration.

Administrators can now use confidentiality-preserving AI models that are customized for their organization to automatically classify and label new and existing files in Google Drive. Data protection controls—such as data loss prevention (DLP) or content-aware access (CAA)—can then be applied based on the security policy.

Availability: Now available in preview.

Gmail Gets Data Loss Prevention Controls

Another new enhancement around zero trust control is Google extending enhanced DLP controls to Gmail.

Already available in Google Chat, Drive and Chrome to help security teams control sharing sensitive information inside and outside the organization, enhanced DLP controls are coming to Gmail later this year.

Availability: In preview later this year.

Preventing Third-Party Access To Sensitive Data

On the digital sovereignty front, Google is launching new client-side encryption enhancements. This includes new guest access support in Google Meet, comments support in Google Docs, and the ability for users to view, edit or convert Microsoft Excel files.

Other enhancements include the ability to set client-side encryption (CSE) as default for select organizational units and new support of mobile apps in Google Calendar, Gmail and Meet.

Google said through the ownership of the encryption keys, CSE helps organizations add an additional layer of data protection and prevent third-party access from external entities such as Google or foreign governments.

Availability: New support of mobile apps is now generally available. The ability to convert Microsoft Excel files is now available in preview. Guest support for Meet available will be in preview later this year. Comments support in Docs will be available in preview later this year. The ability to set CSE as default will be available in preview later this year.

Context-Aware Data Loss Prevention Controls in Google Drive

By enforcing context-aware data loss prevention (DLP) controls in Google Drive, Workspace admins can now set criteria—such as device location or security status—that must be met in order for a user to be able to share sensitive content in Drive.

This new AI-powered zero trust capability provides more granular controls to help prevent unintended data loss, Google said.

Availability: In preview later this year.

Making Two-Step Verification Mandatory

Google is making two-step verification mandatory for select enterprise administrators to boost Workspace’s threat defense.

Compromised administrator accounts can have a massive impact on a company. A two-step verification process can result in a 50 percent decrease in accounts being compromised, according to Google. Later this year, select administrator accounts for Google resellers and large enterprise customers will be required to add two-step verification to their accounts to strengthen their security.

Availability : Later this year.

Requiring Multi-Party Approval

Also on the threat defense front, Workspace is requiring multi-party approval for sensitive administrator actions. Workspace administrators can require additional approval by another administrator to complete a sensitive action—such as changing two-step verification settings for a user—to provide an extra layer of defense against malicious actions.

Availability: In preview later this year.

Protecting Sensitive Actions In Gmail

Google Workspace is getting a new capability threat defense front to help protect sensitive actions in Gmail. The company is extending Google’s AI-powered defenses to provide automated protection for additional sensitive actions in Gmail, such as email filtering or forwarding.

Availability: Now available in preview.

Exporting Logs To Chronicle

Google is enabling users to export logs in just a few clicks to Chronicle, which is the company’s cloud-native security operations suite. Workspace administrators can now export Workspace logs into Chronicle to identify anomalies and help improve their response time to threats.

Availability: Now available in preview.

Choosing Where Data Is Stored And Processed

On the digital sovereignty front, Google will soon let organizations choose where their covered data is processed: in the European Union or United States. Customers also have the option to store a copy of their Workspace data in a country of their choice.
Availability: In preview later this year.

Encryption Keys Location

When selecting the location of a customer’s encryption keys, Google is enabling CSE customers to store their encryption keys with their trusted partner in the country of their choice. The goal is to simplify the setup process and make sure users are supporting local regulatory compliance. This was made possible through strategic partnerships with security providers Thales, Stormshield and Flowcrypt.

Availability: Now available.