IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image
Google unveils security overhaul across G Suite products
Wed, 22nd Jul 2020
FYI, this story is more than a year old

Google has announced 11 new security features across G Suite, to provide stronger security in Gmail, Meet, and Chat.

It has also unveiled new ways to help IT admins easily manage and secure devices in the Admin Console.

With so many people working remotely, Google says it is more important than ever that the tools people use to stay in touch and productive are safe and secure.

Support for the BIMI standard in Gmail
"While we have many defenses built into Gmail, we recognise that email functions in a large, complex, interconnected ecosystem. This is why we're working not just to keep Gmail safe, but to help keep the entire ecosystem secure," the company says.

"We do this in many ways: by making our technology available to others, as we've done with Safe Browsing and TensorFlow Extended (TFX); by collaborating and sharing best practices in industry working groups; and by helping create and shape many of the standards that secure email today."

The company has announced the pilot of Brand Indicators for Message Identification (BIMI). which will enable organisations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of Google's other anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI.

"BIMI provides benefits to the whole email ecosystem. By requiring strong authentication, users and email security systems can have increased confidence in the source of emails, and senders will be able to leverage their brand trust and provide their customers with a more immersive experience," Google says.

Google will be starting the BIMI pilot in the coming weeks with a limited number of senders, and with two Certification Authorities to validate logo ownership: Entrust Datacard and DigiCert.

New controls for Meet
In the coming weeks, Google will be rolling out new security controls to help ensure that only intended participants are let into a video meeting. In the initial rollout, these options will be available for consumer and G Suite for Education accounts.

"First, we're giving meeting hosts increased control over who can knock and join their meetings. Enhanced meeting knocking builds on existing controls that require those not included on a meetings calendar invite to explicitly knock and ask to be admitted to a meeting," Google says.

Once an attendee is ejected, they won't be able to attempt to join the same meeting again by knocking, unless the host re-invites them. If a knocking request from a user has been denied multiple times, the user will be automatically blocked from sending more requests to join the meeting.

"Second, we're giving hosts advanced safety locks so they can better protect meetings with a few simple clicks."

With the safety locks, hosts can decide which methods of joining (via calendar invite or phone, for example) require users to obtain explicit approval to join.

Engaging safety locks will block all anonymous users (users not logged into a Google account) attempts to join a meeting, and enforce the requirement that the host joins first, for example.

Specific safety locks enable the host to control the level of participant interactivity in the meeting. The chat lock and present lock will let hosts control which attendees can chat and present within the meeting.

Meet Safety Locks
"These features add to the protections we've already put in place to prevent brute-force attacks, so even if an attacker guesses the meeting code, they wouldn't be able to enter the meeting without the hosts permission," Google explains.

"If the host mistakenly admits the attacker, the chat and present locks would help prevent the meetings from getting disrupted. Finally, if any abuse were to occur, users can report it directly within the meeting."

New security features in Chat
Google is extending its phishing protections it built within Gmail to Chat.

"If a link is sent to you via Chat, it will be checked against real-time data from Safe Browsing and flagged if its found to be malicious," it says.

"By taking advantage of security signals in Chat, as well as the rest of G Suite, we automatically detect and limit abusive content. For instance, spammy invitations can be classified as spam and in some cases automatically blocked."

Easier management and additional security controls for admins
"The way we work looks very different now than it did six months ago, and IT admins are at the centre of keeping their workforces online, productive, and secure. We're introducing several new features to help admins keep their organisations secure," says Google.

"We've redesigned the devices page in the G Suite admin console to include more intuitive navigation for device management and to quickly display the number of devices managed by each service."

Google will launch its integration with Apple Business Manager (formerly DEP) to provide G Suite Enterprise, G Suite Enterprise Essentials, Cloud Identity Premium, and G Suite Enterprise for Education admins the ability to simply and securely distribute and manage company-owned Apple iOS devices.

"Second, we've always prioritised keeping your sensitive data protected and private, and today we're announcing another enhancement to our Data Loss Prevention feature that helps prevent unauthorised access to data."

Admins can now use automated information rights management (IRM) controls to prevent data exfiltration by blocking end users from downloading, printing, or copying Google Drive docs, sheets, and slides that contain sensitive content.

These controls tie in with the Data Loss Prevention rules that have been set for the organisation, and admins can run a full scan of all files within Google Drive and automatically enable these controls for all users.

Safety and security are a priority for us at Google Cloud, and we hope these updates make it easier for IT admins to protect their organisation while saving them time and effort."