New updates to G Suite for more secure remote work
With many companies moving their operations fully online, the security of the tools their employees use to stay connected is more important than ever. That's why Google just announced new security features rolling out in G Suite in the upcoming weeks.
The team at Google understands that in the corporate environment their products are usually a part of a large, complex and interconnected ecosystem. This is why they put a lot of effort into helping to keep the entirety of it secure.
They do this in many ways: by making their technology available to others, as they’ve done with Safe Browsing and TensorFlow Extended (TFX); by collaborating and sharing best practices in industry working groups; and by helping to create and shape many of the standards that secure emailing today.
Trusted brand presence in email with the new BIMI standard
A pilot of a new standard they've been working on called Brand Indicators for Message Identification (BIMI) will be launched in the upcoming weeks. It will enable organisations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of the other security checks, Gmail will start displaying the logo in avatar slots in the Gmail user interface.
Apart from the increased security, BIMI will greatly benefit businesses by helping them build trust towards their brand and providing their customers with a more immersive experience. By requiring strong authentication, users and email security systems can have increased confidence in the source of emails.
“For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone,” said Seth Blank, Chair of the AuthIndicators Working Group, and Vice President, Standards and Technologies, Valimail
BIMI pilot will launch with a limited number of senders, and with two Certification Authorities to validate logo ownership: Entrust Datacard and DigiCert. Once the standard is available for all users, organisations will be able to choose if they want to adopt it. To prepare for this though and generally help secure the ecosystem, we advise starting the adoption of DMARC now.
More control over who and how can join the video meeting
In the coming weeks, new security controls will be rolled out to help ensure that only intended participants are let into a video meeting. In the initial phase, these options will be available for consumer and G Suite for Education accounts.
Meeting hosts will have more control over who can join their meetings. Enhanced meeting “knocking” builds on existing controls that require those not included on a meeting’s calendar invite to explicitly “knock” and ask to be let into a meeting.
Once an attendee is ejected, they won't be able to attempt to join the same meeting again by knocking, unless the host invites them again.
If the host denies a knocking request from a user multiple times, the user will be automatically blocked from sending more requests to join the meeting.
Advanced safety locks feature gives the host control over which methods of joining (via calendar invite or phone, for example) will require users to obtain explicit approval to join.
Engaging safety locks will block all anonymous users’ (users not logged into a Google account) attempts from joining a meeting, and enforce the requirement that the host joins first, for example.
Other safety locks will give the host control over which attendees can chat and present within the meeting.
Safety locks add another layer of protection to security measures already put in place to prevent brute-force attacks. Even if an attacker guesses the meeting code, they wouldn’t be able to enter the meeting without the host’s permission. In the event that the host mistakenly lets the attacker in, the chat and present safety locks would prevent the meetings from getting disrupted. Finally, if any abuse were to occur, users can report it directly within the meeting.
Increased security against phishing attacks
Phishing protection built-in within Gmail will also be extended to Chat. If a link is sent to you via Chat, it will be automatically checked against real-time data from Safe Browsing and flagged if it’s found to be malicious.
In the coming weeks, users will also be able to report and block Chat Rooms if they suspect malicious activity in one.
Easier management and additional security controls for admins
In the past few months, IT Admins have been under a lot more pressure to keep their companies online communication and collaboration secure. They will surely welcome some of the new features rolling out in G Suite soon.
With the redesign of the devices page in the G Suite Admin console to quickly display the number of devices managed by each service, the management of devices will be way easier and more intuitive.
Google will also be launching an integration with Apple Business Manager (formerly DEP) to provide G Suite Enterprise, G Suite Enterprise Essentials, Cloud Identity Premium, and G Suite Enterprise for Education admins the ability to simply and securely distribute and manage company-owned Apple iOS devices.
Another enhancement will be introduced to the Data Loss Prevention to help prevent unauthorized access to data.
Admins will be able to use automated information rights management (IRM) controls to prevent data exfiltration by blocking end users from downloading, printing, or copying Google Drive docs, sheets, and slides that contain sensitive content.
These controls tie in with the Data Loss Prevention rules that have been set for the organisation, and admins can run a full scan of all files within Google Drive and automatically enable these controls for all users.
These features are now available in Beta to G Suite Enterprise, G Suite Enterprise Essentials, and G Suite Enterprise for Education customers.
Last but not least, G Suite will make it simpler for admins to control app access. Admins can already decide which third-party apps can access users’ G Suite data with OAuth 2.0. Now, with App access control, they can save time by blocking apps from accessing G Suite services via API without creating an allow list for each app that requires access to G Suite data.
If you have any questions regarding these updates or anything else we can help you with our team of engineers is here for you. Just contact us at firstname.lastname@example.org. We keep our finger on the pulse of the latest events from the world of Cloud computing and bring you the hottest news straight to your inbox. To stay in the loop subscribe to our newsletter.