Tag Archives: Security and Compliance

Updated and improved audit logs experience in the Admin console

What’s changing 

We’re updating the user interface for audit logs in the Admin console to allow for richer insights and query based reporting capabilities. This will bring the experience inline with the security investigation tool and create a more unified reporting experience across the Admin console. 


Some improvements you’ll notice are: 
  • Enhanced search attribute options: We’ve introduced a new search field that will help admins quickly find and apply search attributes. For larger lists (more than 15 items), admins will be able to pin commonly used attributes. 
  • The ability to perform searches in “filter” or “condition builder” mode: 
    • In filter mode, admins can add simple parameter and value pairs, such as viewing externally shared files with sensitive data or external emails with attachments, to filter for search results. 
    • In condition builder mode, admins can view previously applied filters as conditions with AND/OR operators to further refine search results. 
  • New data sources for the investigation tool: We’re expanding our list of data sources to 31 sources — see here for a complete list of data sources.



Who’s impacted 

Admins 


Why it’s important 

We hope this updated and streamlined experience makes it easier for admins to identify, triage, and act on security issues within their organization without having to switch between multiple tools. Additionally, by providing admins with new ways to set and filter for specific search attributes and establish reporting and activity rules, this will make it easier to stay apprised of what’s happening in their organization. 


Additional details 

Admins will no longer be able to export audit log data to CSV files, they can only be exported to Google Sheets going forward. Additionally, you may notice the renaming and merging of previously existing data sources and other minor UI changes. For a complete list of what’s changing, see this article in our Help Center

Getting started 


Rollout Pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

View more information on email delegate activity in the Security Investigation Tool

What’s changing 

Admins can now surface post-delivery actions taken by delegated users in the Security Investigation Tool. Specifically, you can now see if a delegate: 
  • Opened, replied, or marked a message as unread. 
  • Moved a message to the trash or back to their inbox. 
  • Clicked links or attachments. 
  • Downloaded attachments. 




Who’s impacted 

Admins 


Why it’s important 

It’s important to understand the exact user performing actions related to an investigation or audit — this change will give admins greater insight into actions taken by delegated users versus the account owner. 


Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Standard Enterprise Plus, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Expanded Access Management Controls help support your information governance goals

What’s changing 

Google Workspace Assured Controls enables customers to meet strict regulatory information governance requirements. With Access Management, customers can limit the Google staff who can take support actions related to their data. 

Customers can now use Access Management to set policies that support compliance to the Criminal Justice Information Services (CJIS) standard and the IRS' Publication 1075 (IRS 1075) by restricting access to CJIS-authorized and IRS-1075-authorized personnel within Google. Visit the Help Center to learn more. 

We’ve also extended existing coverage so customers can now apply Access Management Controls to the following applications: 

  • Google Chat 
  • Google Meet 
  • Google Forms 
  • Google Sites 

Visit the Help Center to learn more. 

Finally, we’re adding new information to Access Transparency logs to help you better understand support actions relating to your data. Customers with Access Management policies will see a new field “Access Management Policy” that denotes the validated policy at the time of access. All Access Transparency customers will now see a new “On Behalf Of” field that describes the target user of an access. Visit the Help Center to learn more

For more information on this and other Google Workspace Security launches, see our Cloud Blog post.

Who’s impacted 

Admins 

Why you’d use it 

Some customers in regulated industries, particularly the public sector, have compliance requirements related to cloud service provider access to data. Since Assured Controls is available on Google Workspace’s native platform, you don’t need to move to a separate GovCloud environment for access to these capabilities. This can help reduce costs and complexity, while allowing your organization to benefit from the full set of advanced features that Google Workspace offers. 

Additional Details 

Note that we do not access customer data for any reason other than those necessary to provide support services and fulfill our contractual and legal obligations. 

Getting started 

  • Admins: 
    •  Once you’ve purchased the Assured Controls add-on, you can assign licenses and manage the feature at Admin Console > Access Management. Users assigned the policy will have any data owned by them restricted to designated selected personnel within our support teams. 
    • Access Management is surfaced for logging in the Access Transparency logs
    • Access Management can also be used to support CJIS and IRIS-1075 requirements. 
  • End users: There is no end user impact 

Rollout pace 

These changes will be rolling out by the end of March 

  • Existing Assured Controls customers will automatically have controls applied to the newly available products on any active Access Management policies 
  • New customers should contact your Google account representative to learn more about availability and timing 

Availability 

  • Google Workspace Assured Controls is available as an add-on to Google Workspace Enterprise Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, and Education Plus, as well as G Suite Basic, Business, and Nonprofits customers 

Resources 

New intelligent, content based detection and additional regional security detectors for data loss prevention

What’s changing 

We’re adding 40+ content detectors, which expand the type of content that data loss prevention (DLP) in Drive can scan and detect. 

New intelligent, machine learning based detectors for content inspection of documents, such as: 

  • SEC filings 
  • Legal briefs and court orders 
  • Tax documents 
  • Contracts 
  • Patents 
  • Resumes 
  • Finance Forms 
  • Source codes, system logs, and more. 

These machine based learning detectors are pre-trained to automatically detect sensitive content, requiring no additional work on the part of the admin. 

Additionally, we’ve added over forty new parameters for regional security, such as: 

  • Auth token 
  • API Keys 
  • Belgium ID 
  • Global VIN
  • Germany TIN 
  • India GST and more.

Visit the Help Center for a complete list of pre-defined detectors for DLP data loss prevention in Google Drive


Adding conditions to define data that you want to scan for


Who’s impacted 

Admins 

Why it’s important 

Admins can use data loss prevention to create and apply rules to control what content your users can share in Google Drive files outside your organization, helping to prevent unintended exposure of sensitive information. 

These additional detectors, along with intelligent based scanning, help to further secure your environment and sensitive data. Administrators can enforce policies to restrict external sharing, applying classification labels, preventing uploads or warning users based on these intelligent detectors. 

Getting started 

  • Admins: This feature can be configured at the domain, OU, or group level within the DLP system at Admin console > Security > Data Protection. Use our Help Center to learn more about creating DLP for Drive rules and custom content detectors and using predefined content detectors. 
  • End users: No action required. 

Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, as well as Cloud Identity Premium customers. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, legacy G Suite Basic and Business customers, and Cloud Identity Free customers. 

Resources 

Categorize content and enhance content protection at scale with Google Drive labels

What’s changing 

Automated classification with Google Workspace DLP and labels-driven sharing restrictions are now generally available. These features were part of a beta we announced last year for enhanced content classification, governance, and data loss prevention (DLP) with Google Drive labels. 

A new Admin console setting can now automatically apply up to 5 labels to all new files your users create, or to all newly created files owned by specific parts of your organization.