Google Cloud adds 11 security features to G Suite

The updates include BIMI in Gmail, better protection in Meet, phishing protections in Chat, and more.

meeting-safety.jpg

Image: Google

Google Cloud announced 11 new G Suite security features on Tuesday. The updates aim to help IT administrators more effectively manage and secure devices within the admin console, according to a press release.

SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)

With most organizations still working remotely due to the coronavirus pandemic, online collaboration tools are critical to how companies communicate and work. The daily usage of Google Hangouts Meet, for example, was 25 times higher in March than it was in January, indicating how much users are relying on this tech.    

This dependence makes the security of those apps even more important, because employees are now working with confidential company data and personal information from afar. 

The Google Cloud upgrades optimize security across G Suite's key products: Gmail, Meet, and Chat. Here are the major updates aiming to keep remote workers secure.

BIMI standard in Gmail

Email has become a crucial element to successful working from home communication, leading cybercriminals to use inboxes as new avenues for attack. Google said in April that it blocked 18 million COVID-19 themed phishing emails in the span of one week. 

To help ensure emails are coming from trusted sources, Google Cloud announced the pilot of its Brand Indicators for Message Identification (BIMI) in Gmail. The BIMI pilot will allow organizations that authenticate emails using DMARC to validate ownership of their company logos and securely send them to Google. 

Once the authenticated emails are vetted by Google's other anti-abuse tests, Gmail will then  begin displaying the logo within the Gmail UI. 

This authentication provides peace of mind to users that the source of their emails are reliable. Additionally, senders will be able to tout their brand trust and offer customers more immersive experiences, according to the release.

"For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone," said Seth Blank, chair of the AuthIndicators Working Group and vice president of standards and technologies at Valimail, in the release.

The BIMI pilot will be released in the next few weeks with a limited number of senders and DigiCert and Entrust Datacard to validate logo ownership.  

More controls for Meet hosts

Available first for consumer and G Suite for Education accounts, Google is giving meeting hosts more authority over who can "knock" to join their meetings. This feature builds on existing controls requiring those not included on the calendar invite to explicitly knock to ask if they can be admitted in the meeting. 

Once an attendee is ejected from a meeting, they won't be able to try to join the same meeting again through knocking, unless the host were to reinvite them. And, if a knocking request from a user is denied multiple times, the user will be automatically blocked from sending more requests to join, according to the release.

Hosts are also given advanced safety locks to better protect meetings. With safety locks, hosts can decide which methods of joining a meeting will require users to obtain clear approval to join, whether it be via calendar invite, phone, etc.

With safety locks, all users not logged into a Google account who are attempting to join a meeting will be blocked, implementing the  requirement that the host joins first. 

Specific safety locks will allow the host to control the level of participant interactivity within the meeting. The chat lock and present lock, for example, will let hosts control which attendees can chat and present during the meeting. 

The purpose of these new features is to prevent a cyberattackers from guessing a meeting code, entering the meeting, and engaging in brute-force attacks. Even if a malicious user still somehow entered the event, users can still report it directly within the meeting, according to the release.

Chat security features 

Google announced it is extending the existing phishing protections built in Gmail to Chat. If a link is sent to a user via Chat, it will be checked against real-time data from Safe Browsing and flagged if believed to be malicious. In the next few weeks, users will be able to report and block Chat Rooms they suspect cybercriminals to be in, according to the release.

Through Chat security signals, Google can automatically detect and limit abusive content. If a user receives a spammy invitation, for example, the message will be classified as spam and automatically blocked. 

Easier management for admins 

The last group of announcements Google made aimed to improve control for admins to help them keep their organizations secure. 

Google redesigned the devices page in the G Suite admin console to have more intuitive configuration for device management, quickly displaying  the number of devices managed by  each service.

Additionally the company is launching its integration with Apple Business Manager to give G Suite Enterprise, G Suite Enterprise Essentials, Cloud Identity Premium, and G Suite Enterprise for Education Suite admins the capability of security  distributing and managing company Apple iOS devices. 

G Suite is also getting an enhancement to its Data Loss Prevention feature. To help prevent unauthorized access to data, admins use the automated information rights management (IRM) controls to avoid data exfiltration by blocking users from downloading, printing, or copying Google Drive docs, sheets, and slides that hold sensitive content.  

The controls associated with the Data Loss Prevention rules set by the company and admins  can run a complete scan of files with Google Doc and automatically enable the tools for users, according to the release.

Google is also making it easier for admins to control app access. Admins are already able to decide which third-party apps can access users' G Suite data via OAuth 2.0, but with App access control, they can block apps from accessing G Suite services through API without creating a complete allow list for each app, which requires access to G Suite data.

The new features are now available in Beta to Beta to G Suite Enterprise, G Suite Enterprise Essentials, and G Suite Enterprise for Education customers, as stated in the release. 

For more check out G Suite is getting an overhaul that makes Gmail your "home for work" on TechRepublic. 

Also see