March 21st, 2018
Security tools are only effective at stopping threats if they are deployed and managed at scale, but getting everyone in your organization to adopt these tools ultimately hinges on how easy they are to use. It’s for this reason that G Suite has always aimed to give IT admins simpler ways to manage access, control devices, ensure compliance and keep data secure.
Today we announced more than 20 updates to deepen and expand Google Cloud customers’ control over their security. Many of these features will be turned on by default for G Suite so that you can be sure the right protections are in place for your organization. And, even better, in most cases your users won’t have to do a thing. Here’s the break down.
1. Helping to protect your users and organization with new advanced anti-phishing capabilities
We're applying machine learning (ML) to billions of threat indicators and evolving our models to quickly identify what could be a phishing attack in the making. Information from these self-learning ML models helps us flag suspicious content. At the same time, updated phishing security controls can be configured to automatically switch on the latest Google-recommended defenses.
These new default-on protections can:
- Automatically flag emails from untrusted senders that have encrypted attachments or embedded scripts.
- Warn against email that tries to spoof employee names or that comes from a domain that looks similar to your own domain.
- Offer enhanced protections against spear phishing attacks by flagging unauthenticated email.
- Scan images for phishing indicators and expand shortened URLs to uncover malicious links.
With the protections we have in place, more than 99.9% of Business Email Compromise (BEC) scenarios—or when someone impersonates an executive to get sensitive information—are either automatically moved to the spam folder or flagged with anomaly warnings to users.
2. Giving you more control over mobile devices with default-on mobile management
Securing endpoints like mobile devices is one of the best ways for businesses to keep data safe. More than 7 million devices are already managed with G Suite’s enterprise-grade mobile management solution. With new proactive security settings, basic device management is automatically enabled for your mobile devices that access G Suite.
This means employees don’t have to install profiles on iOS and Android devices. It also means admins get added security management controls to help them:
- See which devices access corporate data in a single dashboard.
- Enforce pass codes and erase confidential data with selective account wipe for Android and iOS.
- Automatically protect Android and iOS devices, with no user intervention or device profile required.
And you may have noticed we launched updates to Cloud Identity—a way for enterprises to manage users, apps and devices centrally. Cloud Identity includes user lifecycle management, account security, SSO, robust device and app management and unified reporting. Check it out.
3. Offering you more visibility and insights to stay ahead of potential threats
IT admins who operate in the cloud seek tools, visibility and assistive insights to stop threats or gaps in operations before they become security incidents. This is why we introduced the security center for G Suite earlier this year. The security center is a tool that brings together security analytics, actionable insights and best practice recommendations from Google to help you protect your organization, data and users.
Today, we’re introducing additions to the security center for G Suite including:
- New security charts to show OAuth activity and Business Email Compromise (BEC) scam threats that are specifically focused on phishing emails that may not have links.
- New mobile management charts to help IT admins examine activity analytics and show when devices have been hijacked, rooted or jailbroken, as well as when other suspicious device activity has been detected.
- Ways to reorganize the dashboard to focus on what is most important to your organization.
- Ways to analyze your organization’s security health and get custom advice on security key deployment and protection against phishing scams.
If you’re new to using the G Suite security center, check out these instructions to get started.
4. Providing built-in protections and controls for Team Drives
Enterprises share and store an enormous amount of content, which means admins need more controls to keep this data protected. That’s why we’re enhancing Team Drives with new security controls to give you more ways to safeguard highly-sensitive content. Now, your data can be protected by Information Rights Management (IRM) controls so you can feel confident that your company’s ideas stay “yours.”
Specific updates include the ability to modify settings for Team Drives to:
- Limit file access privilegesto Team Drives members, or only to users within your domain.
- Add IRM controls to prevent users from printing, downloading and copying files within Team Drives.
These new security features for Team Drives will roll out over the next few weeks.
Phishing and mobile management controls are available now across all G Suite versions, and you’ll be able to use Team Drives controls in the coming weeks. If you’re a G Suite Enterprise customer, you can access the security center in the Admin console.