Tag Archives: Security and Compliance

More ways to prevent data exfiltration on iOS devices

What’s changing 

In 2020, we released several data exfiltration protections for iOS devices. Today, we’re announcing the next set of enhancements for data exfiltration protections for iOS. We’re expanding these security controls to give admins more ways to protect sensitive company data on iOS devices. 


Admins can now turn the following actions on or off for Google Workspace data: 
  • Copying Google Workspace files and data to personal apps 
  • Sharing Google Workspace data to personal accounts via AirDrop and the iOS share sheet 
  • Air Printing Google Workspace files 
  • Saving Google Workspace items to files with the iOS share sheet 
  • Saving Google Workspace images/videos to iOS photos 
  • Assigning items from Google Workspace to Contacts with the iOS share sheet. 


Who’s impacted 

Admins and end users 


Why it’s important 

This is the next step in ensuring we continue to enhance data protections for Google workspace data and how that information is stored, shared, and used across the iOS devices within your organization. Similar protections are already available on Android devices through Work Profiles


Getting started 

  • Admins: These settings can also apply to any OU level throughout the organization, to scale your policy settings to any iOS mobile device within your organization. These settings can be configured in the Admin console under Devices > Mobile and endpoints > iOS settings > Data Sharing. Visit the Help Center to learn more about data protection on iOS devices


  • End users: There is no end-user setting for this feature. Restricted actions are not shown or except for “Save to files”, in which case a dialog pops up notifying the user that this action is restricted. 

Rollout pace


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Enterprise for Education, and Cloud Identity Premium customers. 

Resources 

Google Workspace Updates Weekly Recap – November 18, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 



Drag content from Google Slides into other apps on Android
Over the last several months, we’ve added numerous new features and functionality to products like Google Drive, Docs, Sheets, Slides, and Keep on Android devices. This week, we’ve launched the ability to easily drag text and image content from Google Slides into other apps on Android. | Learn more.

Improving drag & drop on the Google Drive Android app
Earlier this year, we launched drag & drop in Drive, allowing you to quickly upload files by dragging and dropping them into the app. This week, we’re improving this feature by enabling you to also drag & drop files and folders around in your Drive to move their location as you see fit. This can be done either in the two-window view or in the single app view. | Learn more


Full mouse support now available on Google Docs Android App
Expect full mouse support while using Google Docs on Android that will mirror mouse behavior on the web. For example, clicking and dragging across text will now select that specific text instead of panning the entire document. 


Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



Concentrate or disconnect with scheduled Do Not Disturb on Google Chat
You can now set a recurring schedule so you are not disturbed by Chat notifications on web, Android, and iOS. | Learn more


Use Access Approvals to control data access during support or maintenance 
This week, we introduced Access Approvals, which builds on Access Transparency and Access Management. Access Approvals allows customers to explicitly approve or deny Google employees access to data during support and general maintenance. Access approvals will be rolling out over the course of the next several weeks. | Access Approvals is part of Google Workspace Assured Controls, which is available as an add-on for Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative. | Learn more.


New Consolidated Controls Page for Google Takeout
Beginning November 15, 2022, admins can manage Takeout settings from a new consolidated controls page, located at Admin console > Account > Google Takeout > User access to Takeout for Google services. We anticipate the new page to be fully rolled out within the next few weeks. | Learn more


Sharing suggestions in Google Drive make collaborating easier
We've made it easier to share files with the people you typically share with in Google Drive. With this feature, suggested recipients will appear in the sharing dialog to speed up collaboration across your organization. | Learn more



For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

New Consolidated Controls Page for Google Takeout

What’s changing 

Beginning November 15, 2022, admins can manage Takeout settings from a new consolidated controls page, located at Admin console > Account > Google Takeout > User access to Takeout for Google services. We anticipate the new page to be fully rolled out within the next few weeks. Once the new page is fully available, the previous Takeout settings page—located at Admin Console > Apps > Additional Google Services > Google Takeout—will no longer be available. 


Once the rollout is complete, admins can modify Takeout settings from the new consolidated controls page, as well as from additional service setting pages for services with an individual Takeout control (see here for a list of those services: Allow or block Google Takeout for users). 



Who’s impacted 

Admins 


Why it matters 

Admins can now specify which services users are allowed or not allowed to export data from via Google Takeout all from one place in the Admin Console.


Getting started 



Rollout pace 



Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 


Resources 

Use Access Approvals to control data access during support or maintenance

What’s changing 

Today, we’re introducing Access Approvals, which builds on Access Transparency and Access Management. Access Approvals allows customers to explicitly approve or deny Google employees access to data during support and general maintenance. Access approvals will be rolling out over the course of the next several weeks.


We’ve designed our systems to limit the number of employees that have access to customer data and to actively monitor the activities of those employees. Access Approvals allows our customers to set up granular controls—at an organizational unit or admin group level—to require explicit permission for Google to access covered content for a limited time period.




Who’s impacted 

Admins 


Why it’s important 

Access Approvals provides admins granular control over how Google accesses that data when support requests are initiated or maintenance is being performed. Critically, this gives customers the ability to approve or decline access on individual requests. 


We know it’s essential that our customers have visibility and control over their systems and how they’re accessed by Google. This update, along with Sovereign Controls for Google Workspace, Client-side encryption, data regions, and Access Management capabilities, provide solutions for our customers to reach their digital sovereignty goals. 


Getting started 


Rollout pace 


Availability 

  • Access Approvals is part of Google Workspace Assured Controls, which is available as an add-on for Google Workspace Enterprise Plus customers only. For more information, contact your Google account representative. 

Resources 

Google Workspace Updates Weekly Recap – November 11, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 



Easily assign Tasks from Google Docs on mobile
Earlier this year, we made it easier for you to assign Tasks from Google Docs. This enables you to assign a checklist item to yourself or a colleague that will then show up in the assignee’s Tasks list. When edits are made to an assigned item in Tasks, such as a change to the title, due date or completion state, those updates will show in the Doc, and vice versa. We’re excited to announce that this is now available on the Docs Android and iOS apps. | Learn more here and here.



Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



The new Gmail user interface is becoming the standard experience
At the beginning of 2022, we announced a new user interface and a customizable, integrated view for Gmail, bringing critical applications like Gmail, Chat, and Meet in one unified location. Starting this month, this user interface will become the standard experience for Gmail, with no option to revert back to the “original view.” With the new UI, users are still able to change their Gmail theme, inbox type, and more through quick settings. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers only. | Learn more.



Trust rules in Google Drive now generally available
In July 2022, we announced an open beta for trust rules in Google Drive. Beginning today, this feature will become available for eligible Google Workspace customers. Trust rules give admins more control over how files can be shared, both within and outside of their organization. For example, admins can limit what specific departments can access versus other parts of their organization. See our original announcement for more information. | Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Education Standard customers only. | Learn more



Use Key Migration to change or add key services for Client-side encryption
As we continue to expand Client-side encryption (CSE) across Google Workspace products, we’re introducing Key Migration which allows admins to enable additional key services or change their existing key service. In both cases, built-in controls ensure key migrations are performed safely, with support for backup key services and potential roll backs. These ensure encrypted data remains inaccessible to Google and fidelity is maintained through the migration process. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers only. | Learn more


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Use Key Migration to change or add key services for Client-side encryption

What’s changing 

As we continue to expand Client-side encryption (CSE) across Google Workspace products, we’re introducing Key Migration which allows admins to enable additional key services or change their existing key service. In both cases, built-in controls ensure key migrations are performed safely, with support for backup key services and potential roll backs. These ensure encrypted data remains inaccessible to Google and fidelity is maintained through the migration process. 




Who’s impacted 

Admins 


Why it’s important 

Client-side encryption gives admins direct control of their encryption keys and the identity service that they choose to authenticate for those keys. Google never has access to the keys, rendering the data indecipherable, which may help organizations meet regulatory compliance in many regions. 


This update gives admins the flexibility to perform key rotations that best suit their organizational policies—including having different key services —or resolve key service availability issues. Customers can add a new key, assign it to an organizational unit or group and migrate any content encrypted by the previous key to be encrypted by the new key. During this migration process the new key is backed up by an existing key as a safeguard mechanism. Once customers are confident in their new key and have completed any migrations they can remove the backup key. 


Additionally, this release provides more granular control for our customers in maintaining their encryption keys by accommodating situations where they may choose to switch key service providers, move from on-premise to a managed service, and migrate encrypted content. 


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 

Resources

Trust rules in Google Drive now generally available

What’s changing 

In July 2022, we announced an open beta for trust rules in Google Drive. Beginning today, this feature will become available for eligible Google Workspace customers. 

Trust rules give admins more control over how files can be shared, both within and outside of their organization. For example, admins can limit what specific departments can access versus other parts of their organization. See our original announcement for more information. 



Getting started 

  • Admins: Eligible Admins can enable this feature in the Admin console by going to the Rules > Turn on trust rules. Visit the Help Center to learn more about trust rules


  • End users: Your Admin’s trust rules will determine who you can share and collaborate with on Drive files.

Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Enterprise Standard, Education Plus, and Education Standard Customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – October 28, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 



New keyboard shortcuts for Keep
In continuing our efforts to provide a top-class user experience on large screen devices, we’re releasing updated keyboard shortcuts for Keep on Android that better align with the web experience. | View the full list of shortcuts and learn more here

Enhancing spell check in Google Docs
Words whose spelling is not recognized will now be underlined in red, even if there is no suggestion. When you click on such a word, you'll see it labeled as an "unknown word" -- from here you can choose to add the word to your personal dictionary or ignore the suggestion. This improvement will highlight more potential spelling errors - helping you write correctly and with confidence. Note that this feature is only available in English at this time. | Learn more. 
Improved hearing aid support for Google Meet on Android
We’ve expanded Google Meet hearing aid support on Android devices to recognize a wider variety of hearing aid devices. Meet will automatically default to using hearing aid support when they’re connected. You can also select hearing aids during a meeting from the audio settings menu. If the hearing aid has a built-in microphone, this microphone will be used. If it doesn’t the mobile phone or tablet microphone will be used.

Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



Use built-in mail merge tags like @firstname to personalize multi-send emails
We’ve launched the ability to personalize multi-send emails with mail merge tags like @firstname and @lastname. | Available to Google Workspace Business Standard, Business Plus, Enterprise Starter, Enterprise Standard, Enterprise Plus, Education Plus, and Workspace Individual customers only. | Learn more.


Stronger Admin console protection with risk-based re-authentication challenges
In August 2022, we announced strengthened safeguards for sensitive actions taken in your Google Workspace end users accounts. Specifically, this update protected users from bad actors taking over accounts via cookie theft. Beginning this week, we’re extending this protection to the Admin console. | Learn more.


Custom emojis coming to Chat
We’re making emojis even more expressive and personalized by allowing people to create custom emojis. Everyone in an organization can view and use custom emojis uploaded by their colleagues in Chat messages and reactions. | Learn more


Save time by adding in grading category information before exporting Google Assignments in Google Classroom
Starting this week, teachers can include grading category information when exporting Google Classroom assignments to the SIS. | Available to Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, and Aspen and Skyward 2.0 (SaaS Customers Only) SIS customers only. | Learn more.


Create and manage AppSheet databases, available in public preview
AppSheet is Google’s platform for building and deploying end-to-end apps and automation without writing code. As we continue to enhance and streamline app creation, we’re introducing a built-in structured database in public preview. | Available to Google Workspace Enterprise Plus customers, as well as those with an AppSheet license. | Learn more


Configure App Access Control for third-party applications in bulk
You can now use that CSV file to specify the status of each app—trusted, blocked, or limited—and upload the file back into the Admin console for updates. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, Frontline, and Nonprofits, legacy G Suite Basic and Business, and Cloud Identity Pro customers only. | Learn more. 





For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Google Workspace Updates Weekly Recap – October 28, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 



New keyboard shortcuts for Keep
In continuing our efforts to provide a top-class user experience on large screen devices, we’re releasing updated keyboard shortcuts for Keep on Android that better align with the web experience. | View the full list of shortcuts and learn more here

Enhancing spell check in Google Docs
Words whose spelling is not recognized will now be underlined in red, even if there is no suggestion. When you click on such a word, you'll see it labeled as an "unknown word" -- from here you can choose to add the word to your personal dictionary or ignore the suggestion. This improvement will highlight more potential spelling errors - helping you write correctly and with confidence. Note that this feature is only available in English at this time. | Learn more. 
Improved hearing aid support for Google Meet on Android
We’ve expanded Google Meet hearing aid support on Android devices to recognize a wider variety of hearing aid devices. Meet will automatically default to using hearing aid support when they’re connected. You can also select hearing aids during a meeting from the audio settings menu. If the hearing aid has a built-in microphone, this microphone will be used. If it doesn’t the mobile phone or tablet microphone will be used.

Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



Use built-in mail merge tags like @firstname to personalize multi-send emails
We’ve launched the ability to personalize multi-send emails with mail merge tags like @firstname and @lastname. | Available to Google Workspace Business Standard, Business Plus, Enterprise Starter, Enterprise Standard, Enterprise Plus, Education Plus, and Workspace Individual customers only. | Learn more.


Stronger Admin console protection with risk-based re-authentication challenges
In August 2022, we announced strengthened safeguards for sensitive actions taken in your Google Workspace end users accounts. Specifically, this update protected users from bad actors taking over accounts via cookie theft. Beginning this week, we’re extending this protection to the Admin console. | Learn more.


Custom emojis coming to Chat
We’re making emojis even more expressive and personalized by allowing people to create custom emojis. Everyone in an organization can view and use custom emojis uploaded by their colleagues in Chat messages and reactions. | Learn more


Save time by adding in grading category information before exporting Google Assignments in Google Classroom
Starting this week, teachers can include grading category information when exporting Google Classroom assignments to the SIS. | Available to Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, and Aspen and Skyward 2.0 (SaaS Customers Only) SIS customers only. | Learn more.


Create and manage AppSheet databases, available in public preview
AppSheet is Google’s platform for building and deploying end-to-end apps and automation without writing code. As we continue to enhance and streamline app creation, we’re introducing a built-in structured database in public preview. | Available to Google Workspace Enterprise Plus customers, as well as those with an AppSheet license. | Learn more


Configure App Access Control for third-party applications in bulk
You can now use that CSV file to specify the status of each app—trusted, blocked, or limited—and upload the file back into the Admin console for updates. | Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, Frontline, and Nonprofits, legacy G Suite Basic and Business, and Cloud Identity Pro customers only. | Learn more. 





For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Configure App Access Control for third-party applications in bulk

What’s changing 

Currently, you can download and view a CSV file with information on accessed and configured apps. Now, you can use that CSV file to specify the status of each app—trusted, blocked, or limited—and upload the file back into the Admin console for updates. 





In the Admin console, under Security > API Controls > App Access Controls, you’ll see the option to “Bulk update list”. 


Controlling how apps across your organization access Google Workspace data is critical to the security of your end users and sensitive data. This change makes it easier for Admins to set these policies in bulk, versus taking these actions individually, which can be time consuming. 


Getting started 


Rollout pace


Availability 

  • Available to Google Workspace Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, the Teaching and Learning Upgrade, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 
  • Available to Cloud Identity Pro customers 
  • Not available to Google Workspace Essentials customers 

Resources