Tag Archives: Security and Compliance

Stronger Admin console protection with risk-based re-authentication challenges

What’s changing 

In August 2022, we announced strengthened safeguards for sensitive actions taken in your Google Workspace end users accounts. Specifically, this update protected users from bad actors taking over accounts via cookie theft. Beginning today, we’re extending this protection to the Admin console. 


Currently, the Admin console prompts users to re-authenticate every hour. We are extending our current protections with additional signals to detect potential cookie theft. If a risky session is detected, we will issue extra challenges such as mobile notifications or the use of a security key. Once the user has successfully verified, they’ll be directed back to the admin page they came from. 



Who’s impacted 

Admins 


Why it’s important 

This added layer of security helps to intercept bad actors who have gained access to the Admin console using a stolen cookie. Cookie theft is a session hijacking technique whereby accounts can be accessed by exploiting cookies stored in the browser. 


The additional “Verify it’s you” challenges help ensure only authorized users are accessing your organization’s sensitive information and data, preventing bad actors from taking damaging actors. Further, these challenge attempts will be logged as Admin log events allowing for further admin investigation. 



Additional details 

To avoid situations where a bad actor has a cookie that marks a device as trusted, admins can configure a device to be trusted based upon login. 




If an admin gets legitimately stuck trying to access the Admin console, other admins can temporarily turn off login challenges, including additional log-in challenges. We strongly recommend only using this option if contact with the user is credibly established, such as via a video call. 



Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources

Google Workspace Client-side encryption beta expanded to include Google Calendar

 This announcement was made at Google Cloud Next ‘22. Visit the Cloud Blog to learn more about the latest Google Workspace innovations for the ever-changing world of work. 


What’s changing 

In 2021, we announced Google Workspace Client-side encryption to help customers strengthen the confidentiality of their data while helping to address a broad range of data sovereignty and compliance requirements. 


Since then, we’ve made this feature available for Google Meet, Drive, Docs, Sheets, and Slides, with support for multiple file types including Office files, PDFs, and more. Today, we’re happy to announce the beta for Client-side encryption for Google Calendar. When using Client-side encryption for Calendar events, your event description, attachments, and Meet data is indecipherable to Google servers. You have control over encryption keys and the identity service to access those keys. 


Google Workspace Enterprise Plus, Education Plus, and Education Standard customers are eligible to apply for the beta here until November 11, 2022. 

Who’s impacted 

Admins and end users 


Why it’s important 

Google Workspace already uses the latest cryptographic standards to encrypt all data at rest and in transit between our facilities. With Client-side encryption, we’re taking this a step further by giving customers direct control of encryption keys and the identity provider used to access those keys. This can help you strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs. 


When using Client-side encryption, your event description, attachments, and Meet data is indecipherable to Google. You can create a fundamentally stronger privacy posture, whether that’s to help your organization comply with regulations like ITAR and CJIS or simply to better protect the privacy of your confidential data. 


Getting started 

  • Admins: This feature will be OFF by default and can be enabled at the domain, OU, and Group levels by going to the Admin console > Security > Access and data control > Client-side encryption. Visit the Help Center to learn more about client side encryption
  • End users: 
    • You will need to be logged in with your Identity Provider to have access to encrypted content.
    • To add encryption to any event in Calendar, click on the shield icon at the top of the event creation card. This will add encryption to event description, attachments, and Meet, while other items such as event tile, time, and guests remain on standard encryption. 

Availability 

  • Available to Google Workspace Enterprise Plus, Education Plus, and Education Standard customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 
  • Not available to users with personal Google Accounts 

Resources 

Preview or download client-side encrypted files with Google Drive on Android and iOS

Quick summary 

Admins for select Google Workspace editions can update their client-side encryption configurations to include Drive Android and iOS. When enabled, users can preview or download client-side encrypted files. This feature is available for file types supported by Google Drive, including Microsoft Office and PDF files. Google Docs, Sheets, and Slides are not yet supported.




Support for Google identity on Drive Android & Drive iOS will be introduced in a future release — we will provide an update on the Workspace Updates blog at that time.


Getting started 


Rollout pace 


Availability 

  • Admins — Configure client-side encryption for Google Drive Android and iOS: Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers
  • End users — Preview or download client-side encrypted files with Google Drive Android and iOS: Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers

Resources 


Google Workspace Updates Weekly Recap – October 14, 2022

New updates 


There are no new updates to share this week. Please see below for a recap of published announcements. 


Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



In-room meeting participants can now join break out rooms 
When using Google Meet Hardware devices, meeting hosts can now assign conference rooms to breakout rooms. | Available to Google Workspace Essentials, Business Standard, Business Plus, Enterprise Starter, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, the Teaching and Learning Upgrade, Frontline, and Nonprofits customers only. | Learn more


Transcribe speech during Google Meet calls into a Google Doc 
You can now transcribe a Google Meet video meeting into a Google Doc. The transcribed file is saved in the hosts “Meet Recordings” folder in Google Drive, similar to meeting recordings. | Available to Google Workspace Business Standard, Business Plus, Enterprise Starter, Enterprise Standard, Enterprise Plus, Education Plus, and the Teaching and Learning Upgrade customers only. | Learn more


Use SIP Link to link phone numbers from local carriers to Google Voice 
For Google Voice Standard and Premier customers, admins can now connect a Session Initiation Protocol (SIP) trunk with Voice. This allows phone numbers (PSTN services) from local carriers to be used for Google Voice through a secure set of certified Session Border Controllers (SBCs), such as Audiocodes, Cisco, Oracle, and Ribbon. | Available with Voice Standard and Voice Premier licenses only. | Learn more


Preview and interact with files using smart chips in Google Sheets 
As an extension of smart canvas, you can now add Google Drive files directly into a Google Sheet as a smart chip. | Learn more


Expanding smart chips to include events in Google Sheets 
In addition to the recent announcement of adding files to Google Sheets using smart chips, we're also making it easier for you to quickly insert Calendar events into Sheets. | Learn more


Join or start a meeting directly from Jamboard on the web to kickstart collaboration 
We’re expanding interoperability with Google Meet and Jamboard with the option to join or start a meeting directly from Jamboard on the web. This makes it easier for you to seamlessly present your jam and start collaborating. | Learn more


Data loss prevention for Google Chat now generally available 
Over the next several weeks, data loss prevention (DLP) rules for Google Chat will become generally available for select Google Workspace editions. Data protection rules for Chat help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. | Learn more

Improve your visibility in Google Meet video calls
Google Meet can now automatically frame your video before joining a meeting to help ensure equal visibility for all participants. The automatic framing happens only once, so there are no motion distractions that can divert attention from the content of the meeting. | Available to Google Workspace Business Standard, Business Plus, Enterprise Essentials, Enterprise Starter, Enterprise Standard, Enterprise Plus, Education Plus, Education Teaching and Learning Upgrade, and Workspace Individual customers with eligible devices. Also available to Google One subscribers with 2TB or more storage space with eligible devices. | Learn more

For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Data loss prevention for Google Chat now generally available

This announcement was made at Google Cloud Next ‘22. Check out Next OnAir to tune into the livestream or watch session recordings following the event. Visit the Cloud Blog to learn more about the latest Google Workspace innovations for the ever-changing world of work. 

What’s changing

In July 2022, we announced data loss prevention (DLP) rules for Google Chat as an open beta. Over the next several weeks, this feature will become generally available for select Google Workspace editions. 


Data protection rules for Chat help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. These leaks, whether accidental or malicious, are a top concern for our customers. 


Admins can selectively apply data protection rules to: 
  • Messages in group conversations, spaces, and/or direct messages 
  • Messages between internal and/or external participants 
  • Message text and/or attachments 

Once DLP rules are applied, messages and files in relevant conversations will automatically be scanned for sensitive information. Admins can configure the action to be taken in response to sensitive data being detected, such as: block from sending, warn before sending, and log for audit. 


In the Security Investigation Tool, we’ve added additional tabs which contain more information on incidents, such as Incident Details, containing information about the message, sender and a triggered rule, and Chat Transcript, showing preceding and following messages to the triggering one, providing a detailed context for investigation.

Additional information regarding Chat events

Getting started 

  • Admins: 
    • This feature will be OFF by default and can be enabled at the domain, OU, or group level. You can create DLP rules in the Admin console under Security > Data Protection
      • Note: You can modify existing DLP rules for Drive and Chrome to also apply to Chat. 
    • Visit the Help Center to learn more about turning data loss prevention in Chat on for your organization
    • If admins opt to log these events, they can be accessed in the Security Investigation Tool
  • End users: There is no action required. 

Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Standard, Education Plus. 
  • DLP for Chat is also available to Cloud Identity Premium users who are also licensed for Workspace editions that include Google Chat and Audit and investigation. Visit the Help Center for more information. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – August 19, 2022

New updates 


There are no new updates to share this week. Please see below for a recap of published announcements. 


Previous announcements


The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.



Improved quality and performance for Google Meet effects on the web 
Background effects are now more accurate for Google Meet users on the web. This allows you to experience more accurate background blur, background replace, and immersive background and styles. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus customers, and Workspace Individual users on eligible devices in eligible countries (Northern America, Europe, Northern Africa, Central Asia, Southeastern Asia). Visit the Help Center to learn more about availability. | Learn more

More control over accessibility preferences in Docs, Sheets, Slides, and Drawings 
You’re now able to set preferences for Docs, Sheets, Slides, and Drawings individually, rather than having the same accessibility settings apply across these products. | Learn more

Updated user interface for managing email quarantines 
In the coming weeks, you will see a new user interface when using the email quarantine tool. This brings the email quarantine experience inline with other tools in the Admin console, making it more intuitive to navigate and use. | Learn more

See how much noise is being removed during Google Meet video calls 
Google Meet can now remove background noises such as typing, construction sounds, or background chatter. | Available to Google Workspace Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, and Workspace Individual customers only. | Learn more

Conveniently connect site visitors with social channels in new Sites 
Site editors can now insert stylized social media links into pages within their site, enabling you to more conveniently connect site visitors with additional information and content on your social channels. | Learn more

Enhancements to the “Frame people” feature on Google Meet hardware devices 
We’ve introduced two enhancements on Google Meet hardware devices for the “Frame people” feature: 
  • The “Frame people” feature is now more easily discoverable and can be accessed in a meeting from the touch panel in fewer steps. 
  • A solution to a recent bug impacting the auto framing capability for some Google Meet hardware devices. The auto framing functionality has been restored to impacted devices with improved reliability and performance. 
Available to all supported Google Meet hardware devices that have not yet reached their auto-update expiration date. | Learn more

New color categorization in Calendar to better understand how you’re spending your time 
You can now categorize your time by naming and assigning a corresponding color label to an event within Time Insights in Calendar. | Available to Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Plus and Nonprofits customers only. | Learn more

Easily assign Tasks from Google Docs 
In Google Docs, you can now assign a checklist item to yourself or a colleague that will then show up in the assignee’s Tasks list. | Learn more


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Updated user interface for managing email quarantines

Quick summary 

In the coming weeks, you will see a new user interface when using the email quarantine tool. This update will bring the email quarantine experience inline with other tools in the Admin console, making it more intuitive to navigate and use. Quarantines help minimize data loss, protect confidential information, and manage message attachments. 


Some improvements you’ll notice are: 
  • A collapsible side panel for filtering quarantines 
  • A paginated table view displaying quarantines with custom names row by row 
  • The option to view the original, raw content of a selected message for easier referencing. 

Quarantines with custom names are displayed row by row


Original, raw content can be viewed for each quarantine



Getting started 

  • Admins: The admin quarantine can be found in the Admin console at Apps > Google Workspace > Gmail > Manage Quarantines. Visit the Help Center to learn more. Visit the Help Center to learn more. 
  • End users: There is no end user impact. 

Rollout pace 


Availability 

  • Available to all Google Workspace editions, as well as legacy G Suite Basic and Business customers 

Resources 



Google Workspace Updates Weekly Recap – August 12, 2022

New updates

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 


Delegate access to a shared inbox using a group address 
You can now give an entire Google Group access to your Gmail account through mail delegation. With this feature, delegated users can read, send, and delete messages on the account owner's behalf. We hope this will enable teams to more effectively process incoming requests and tasks via a single shared email address. | Available to Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Granular controls for app allowlisting in the Google Workspace Marketplace 
Admins can now choose which Google Workspace Marketplace apps are available to be installed by users in a particular department (OU) or group by managing Marketplace apps on their allowlist. Previously, admins could only manage the allowlist for an entire domain. Additionally, the Marketplace apps access settings, Allow all apps, Allow selected apps, and Block all apps, can now be set for your entire organization or for an OU or group. This new functionality provides a solution when only a subset of domain users need permissions to install certain Marketplace apps. Examples include Chat apps required for your Engineering organization and IT security group or Classroom add-ons required for high-school teachers. | Available to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Seamlessly delete subsets of Sites 
Site editors can now delete a page with subpages and delete pages that were copied into another site during a partial site copy. | Roll out to Rapid Release began August 8, 2022; launch to Scheduled Release planned for August 29, 2022. | Learn more



Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Office Building support for Working Locations 
We’ve added the ability to select a specific office building as your working location. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improving data privacy with Client-side encryption for Google Meet 
We’ve added Workspace Client-side encryption to Google Meet, giving customers increased control over their data. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers hosting client-side encrypted calls only. | Learn more


Stronger protection for sensitive Google Workspace account actions 
There are now stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to. | Learn more


The Google Meet and Google Duo app icons are changing, additional information for Google Workspace users 
As part of the announcement that we are upgrading the Duo experience to include all Google Meet features, users will now begin to see their app name and icon update to Google Meet. | Learn more


Better location context for events and RSVPs in Calendar 
We’ve made it even easier to use RSVPs in Google Calendar and let others know how you’re planning to join a meeting. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, Teaching & Learning Upgrade, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improved notifications when editing Microsoft Office files in Docs, Sheets, and Slides 
We’ve rolled out a series of improvements to the notifications you see when editing a Microsoft Office-formatted file with Office editing mode. | Learn more


Unified experience for Gmail logs in BigQuery, configure your existing Gmail logs to route to Workspace logs 
In the coming months, we will move the location of the existing Gmail logs in BigQuery to Google Workspace logs and reports in BigQuery. | Available to Google Workspace Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, Education Standard customers only. | Learn more


Google Meet call control for USB peripheral devices
We've introduced additional call control for Google Meet which will allow you to toggle between mute and unmute using headsets, speaker microphones, and other USB peripheral devices. | Learn more


Control visibility of admin alerts with admin role privileges
There is a new control that allows super admins to create a custom rule which ensures only admins with the DLP privilege can see DLP alerts. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Google Workspace Updates Weekly Recap – August 12, 2022

New updates

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all Google Workspace and G Suite customers. 


Delegate access to a shared inbox using a group address 
You can now give an entire Google Group access to your Gmail account through mail delegation. With this feature, delegated users can read, send, and delete messages on the account owner's behalf. We hope this will enable teams to more effectively process incoming requests and tasks via a single shared email address. | Available to Business Starter, Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Granular controls for app allowlisting in the Google Workspace Marketplace 
Admins can now choose which Google Workspace Marketplace apps are available to be installed by users in a particular department (OU) or group by managing Marketplace apps on their allowlist. Previously, admins could only manage the allowlist for an entire domain. Additionally, the Marketplace apps access settings, Allow all apps, Allow selected apps, and Block all apps, can now be set for your entire organization or for an OU or group. This new functionality provides a solution when only a subset of domain users need permissions to install certain Marketplace apps. Examples include Chat apps required for your Engineering organization and IT security group or Classroom add-ons required for high-school teachers. | Available to Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Frontline, Nonprofits, and legacy G Suite Basic and Business customers only. | Learn more


Seamlessly delete subsets of Sites 
Site editors can now delete a page with subpages and delete pages that were copied into another site during a partial site copy. | Roll out to Rapid Release began August 8, 2022; launch to Scheduled Release planned for August 29, 2022. | Learn more



Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


Office Building support for Working Locations 
We’ve added the ability to select a specific office building as your working location. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improving data privacy with Client-side encryption for Google Meet 
We’ve added Workspace Client-side encryption to Google Meet, giving customers increased control over their data. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers hosting client-side encrypted calls only. | Learn more


Stronger protection for sensitive Google Workspace account actions 
There are now stronger safeguards for sensitive actions taken in your Google Workspace account. These apply to actions that, when done by hijackers, can have far reaching consequences for the account owner or the organization it belongs to. | Learn more


The Google Meet and Google Duo app icons are changing, additional information for Google Workspace users 
As part of the announcement that we are upgrading the Duo experience to include all Google Meet features, users will now begin to see their app name and icon update to Google Meet. | Learn more


Better location context for events and RSVPs in Calendar 
We’ve made it even easier to use RSVPs in Google Calendar and let others know how you’re planning to join a meeting. | Available to Google Workspace Business Standard, Business Plus, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, Education Standard, Teaching & Learning Upgrade, Nonprofits, and legacy G Suite Business customers only. | Learn more


Improved notifications when editing Microsoft Office files in Docs, Sheets, and Slides 
We’ve rolled out a series of improvements to the notifications you see when editing a Microsoft Office-formatted file with Office editing mode. | Learn more


Unified experience for Gmail logs in BigQuery, configure your existing Gmail logs to route to Workspace logs 
In the coming months, we will move the location of the existing Gmail logs in BigQuery to Google Workspace logs and reports in BigQuery. | Available to Google Workspace Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, Education Standard customers only. | Learn more


Google Meet call control for USB peripheral devices
We've introduced additional call control for Google Meet which will allow you to toggle between mute and unmute using headsets, speaker microphones, and other USB peripheral devices. | Learn more


Control visibility of admin alerts with admin role privileges
There is a new control that allows super admins to create a custom rule which ensures only admins with the DLP privilege can see DLP alerts. | Learn more.


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Control visibility of admin alerts with admin role privileges

What’s changing 

We’re introducing a new control that allows super admins to create a custom rule which ensures only admins with the DLP privilege can see DLP alerts. Previously, DLP alerts were visible to all admins — this change helps ensure the right people have access to list, update, or delete alerts. Further, this cuts down on the visibility of alerts that aren’t relevant to specific admins. 



Getting started 


Rollout pace 

  • This feature is available now for all users. Availability Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources