Google Workspace
With many companies moving their operations fully online, the security of the tools their employees use to stay connected is more important than ever. That’s why Google just announced new security features rolling out in G Suite in the upcoming weeks.
The team at Google understands that in the corporate environment their products are usually a part of a large, complex and interconnected ecosystem. This is why they put a lot of effort into helping to keep the entirety of it secure.
They do this in many ways: by making their technology available to others, as they’ve done with Safe Browsing and TensorFlow Extended (TFX); by collaborating and sharing best practices in industry working groups; and by helping to create and shape many of the standards that secure emailing today.
Trusted brand presence in email with the new BIMI standard
A pilot of a new standard they’ve been working on called Brand Indicators for Message Identification (BIMI) will be launched in the upcoming weeks. It will enable organisations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of the other security checks, Gmail will start displaying the logo in avatar slots in the Gmail user interface.
Apart from the increased security, BIMI will greatly benefit businesses by helping them build trust towards their brand and providing their customers with a more immersive experience. By requiring strong authentication, users and email security systems can have increased confidence in the source of emails.
“For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone,” said Seth Blank, Chair of the AuthIndicators Working Group, and Vice President, Standards and Technologies, Valimail
BIMI pilot will launch with a limited number of senders, and with two Certification Authorities to validate logo ownership: Entrust Datacard and DigiCert. Once the standard is available for all users, organisations will be able to choose if they want to adopt it. To prepare for this though and generally help secure the ecosystem, we advise starting the adoption of DMARC now.
More control over who and how can join the video meeting
In the coming weeks, new security controls will be rolled out to help ensure that only intended participants are let into a video meeting. In the initial phase, these options will be available for consumer and G Suite for Education accounts.
Meeting hosts will have more control over who can join their meetings. Enhanced meeting “knocking” builds on existing controls that require those not included on a meeting’s calendar invite to explicitly “knock” and ask to be let into a meeting.
Once an attendee is ejected, they won’t be able to attempt to join the same meeting again by knocking, unless the host invites them again.
If the host denies a knocking request from a user multiple times, the user will be automatically blocked from sending more requests to join the meeting.
Advanced safety locks feature gives the host control over which methods of joining (via calendar invite or phone, for example) will require users to obtain explicit approval to join.
Engaging safety locks will block all anonymous users’ (users not logged into a Google account) attempts from joining a meeting, and enforce the requirement that the host joins first, for example.
Other safety locks will give the host control over which attendees can chat and present within the meeting.
Safety locks add another layer of protection to security measures already put in place to prevent brute-force attacks. Even if an attacker guesses the meeting code, they wouldn’t be able to enter the meeting without the host’s permission. In the event that the host mistakenly lets the attacker in, the chat and present safety locks would prevent the meetings from getting disrupted. Finally, if any abuse were to occur, users can report it directly within the meeting.
Increased security against phishing attacks
Phishing protection built-in within Gmail will also be extended to Chat. If a link is sent to you via Chat, it will be automatically checked against real-time data from Safe Browsing and flagged if it’s found to be malicious.
In the coming weeks, users will also be able to report and block Chat Rooms if they suspect malicious activity in one.
Easier management and additional security controls for admins
In the past few months, IT Admins have been under a lot more pressure to keep their companies online communication and collaboration secure. They will surely welcome some of the new features rolling out in G Suite soon.
To proactively identify vulnerabilities and strengthen your organization’s defenses, Revolgy offers comprehensive Google Workspace security audits that analyze your environment across hundreds of risk points and provide actionable recommendations tailored to your needs.
With the redesign of the devices page in the G Suite Admin console to quickly display the number of devices managed by each service, the management of devices will be way easier and more intuitive.
Google will also be launching an integration with Apple Business Manager (formerly DEP) to provide G Suite Enterprise, G Suite Enterprise Essentials, Cloud Identity Premium, and G Suite Enterprise for Education admins the ability to simply and securely distribute and manage company-owned Apple iOS devices.
Another enhancement will be introduced to the Data Loss Prevention to help prevent unauthorized access to data.
Admins will be able to use automated information rights management (IRM) controls to prevent data exfiltration by blocking end users from downloading, printing, or copying Google Drive docs, sheets, and slides that contain sensitive content.
These controls tie in with the Data Loss Prevention rules that have been set for the organisation, and admins can run a full scan of all files within Google Drive and automatically enable these controls for all users.
These features are now available in Beta to G Suite Enterprise, G Suite Enterprise Essentials, and G Suite Enterprise for Education customers.
Last but not least, G Suite will make it simpler for admins to control app access. Admins can already decide which third-party apps can access users’ G Suite data with OAuth 2.0. Now, with App access control, they can save time by blocking apps from accessing G Suite services via API without creating an allow list for each app that requires access to G Suite data.
If you have any questions regarding these updates or anything else we can help you with our team of engineers is here for you. Just contact us at ask@revolgy.com. We keep our finger on the pulse of the latest events from the world of Cloud computing and bring you the hottest news straight to your inbox. To stay in the loop subscribe to our newsletter.
FAQs
Q1: Why did Google announce new G Suite security features in April 2020?
The increased number of companies moving operations fully online highlighted the critical importance of securing the tools used by remote employees for connection and collaboration.
Q2: What is BIMI (Brand Indicators for Message Identification)?
BIMI is a standard, being piloted by Google in the weeks following April 2020, designed to allow organizations that authenticate their emails (using DMARC) to have their validated corporate logos displayed in the avatar slots within the Gmail interface.
Q3: What are the intended benefits of the BIMI standard?
BIMI aims to enhance email security by encouraging strong authentication, help organizations build trust in their brand, and provide recipients with a more immersive experience.
Q4: How could organizations prepare for the eventual wider availability of BIMI?
Organizations were advised to start adopting DMARC (Domain-based Message Authentication, Reporting & Conformance) for their email domains.
Q5: What new security controls were being introduced for Google Meet hosts?
New controls included enhanced meeting “knocking” (requiring non-invited attendees to ask for entry, preventing ejected attendees from re-knocking unless re-invited, and auto-blocking users denied multiple times) and advanced “safety locks” (giving hosts control over joining methods, blocking anonymous users, and managing who can chat or present).
Q6: Which users were initially scheduled to receive these new Google Meet controls?
These options were first being made available for consumer accounts and G Suite for Education accounts.
Q7: How was phishing protection being extended within G Suite?
The phishing protection built into Gmail was also being applied to Google Chat. Links sent via Chat would be checked in real-time against Safe Browse data and flagged if found to be malicious.
Q8: What action regarding Chat Rooms was planned for users?
In the upcoming weeks (from April 2020), users would gain the ability to report and block Chat Rooms if they suspected malicious activity.
Q9: How was the management of devices being improved for G Suite administrators?
The devices page in the G Suite Admin console was being redesigned to be more intuitive and to quickly display the number of devices managed by each service.
Q10: What new capability was being introduced for managing company-owned Apple iOS devices?
An integration with Apple Business Manager (formerly DEP) was being launched, allowing administrators of specific G Suite editions (Enterprise, Enterprise Essentials, Enterprise for Education) to securely distribute and manage these devices.
Q11: How was Data Loss Prevention (DLP) in G Suite being enhanced?
Automated Information Rights Management (IRM) controls were being introduced to help prevent data exfiltration. These controls could block users from downloading, printing, or copying sensitive content within Google Drive files (Docs, Sheets, Slides) based on the organization’s DLP rules.
Q12: Who had access to these enhanced DLP/IRM features initially?
These features were available in Beta for customers using G Suite Enterprise, G Suite Enterprise Essentials, and G Suite Enterprise for Education.
Q13: What change was made to simplify admin control over third-party app access?
A new feature called App Access Control was introduced, allowing admins to block specific apps from accessing G Suite services via API without needing to maintain detailed allow lists for every permitted application.
