The News: Google announced in late August that it is adding several AI-backed features to cover zero-trust, digital sovereignty, and threat defense controls, as part of a series of enhancements to its Workspace platform. Largely developed in response to the continuing cybersecurity threats to commercial and public sector organizations, the new zero-trust controls include:
- AI classification for Google Drive, which allows admins to use customizable, confidentiality-preserving AI models to classify and label their files
- Enhanced data loss prevention (DLP) controls for Gmail, allowing admins to set conditions that must be met for someone to be able to share files through Drive
- Context-aware DLP controls in Drive to allow security teams to better control the sharing of sensitive information around and outside the organization
The company also announced the release of enhanced controls for data, ensuring that companies can manage digital sovereignty issues as AI and cloud computing marches toward ubiquity.
You can read the post detailing the new security features on the Google Workspace blog.
Google Strengthens Workspace With Zero-Trust and Digital Sovereignty
Analyst Take: In response to growing cybersecurity threats that are often targeted at enterprise commercial and public sector organizations, Google announced three new zero-trust controls for Google Workspace. Zero-trust is a security framework requiring all users, whether in or outside the organization’s network, to be authenticated, authorized, and continuously validated before being granted or keeping access to applications and data. A zero-trust framework assumes that there is no traditional network edge; as such, networks can be local, in the cloud, or a combination of the above, with resources and workers located at any location.
Google noted in its press release announcing the features that in 2022, cybersecurity attacks grew 38%, with each data breach costing organizations an average of $4.4 million. Further, the growing scale and sophistication of these attacks are overwhelming the capabilities of legacy productivity solutions’ defenses. As a result, Google cited statistics that underscored the benefits of its cloud-native architecture rooted in zero-trust principles and augmented with AI-powered threat defenses.
Enhanced Security for Hybrid and Work-from-Anywhere Workforces
The zero-trust security model has become a vital part of reducing security risks for a distributed workforce, which, in addition to providing more flexibility and scalability than traditional office networks, also introduces more opportunities for cybercriminals to exploit weaknesses. Indeed, social engineering attacks, where cybercriminals create lures that are designed to get workers to inadvertently violate security protocols and best practices, can create massive security holes. Further, the prevalence of bring-your-own-device policies may also introduce additional vulnerabilities.
Threat defense controls already deployed in Workspace help customers prevent, detect, and respond to social engineering and other identity-based attacks before they emerge. Now, the announcement of Workspace’s new built-in controls, such as DLP and context-aware access (CAA), will help organizations tighten their security defenses. By enforcing context-aware DLP controls in Drive, administrators can set criteria, such as device location or security status, that must be met for a user to be able to share sensitive content in Drive. This new capability offers more granular controls to help prevent unintended data loss and will be available later this year in preview.
Similarly, by extending enhanced DLP controls to Gmail, these tools will help security teams control sharing sensitive information inside and outside the organization. Enhanced DLP controls are already available in Google Chat, Drive, and Chrome, and will be available in preview within Gmail later this year.
Google is also deploying Google AI to automatically and continuously classify and label data in Google Drive to help ensure data is appropriately shared and protected from exfiltration. System administrators will be able to use confidentiality-preserving AI models, customized uniquely for their organization, to automatically classify and label new and existing files in Drive. Data protection controls, such as DLP or CAA, can then be applied based on the security policy. This feature is now available in preview.
These tools will provide additional layers of security that increasingly are required to ensure network integrity and security, as well as the protection of valuable and sensitive corporate and personal data. Given the ease with which data can be shared or exposed through digital collaboration tools such as Workspace, enterprises should be incorporating these types of zero-trust tools, even if they introduce additional layers of user friction.
Deploying Digital Sovereignty Controls to Ensure Regulatory Compliance
Digital sovereignty, which refers to the rules and reference architectures that govern data residency (where data is stored); data jurisdiction (who has legal control of the data); data protection (the ability to store and process data securely); data independence and mobility (the ability to use, store and transfer data); and interoperability and portability (the ability to exchange and make use of data), has become extremely important to organizations that operate across multiple physical jurisdictions.
Due to the complex nature of managing digital sovereignty issues, Google also is introducing enhanced controls over data that help prevent third-party access to sensitive data; select the location of encryption keys; choose where data is stored and processed; and enforce regional support personnel access.
Managing digital sovereignty will continue to be a major issue, particularly as AI training and inference tasks continue to proliferate. Without the proper governance and controls in place, organizations may find themselves running afoul of regulations, thereby putting their operations and data at risk.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
Google Cloud NetApp Volumes Is Launched
Adults in the Generative AI Rumpus Room: Google, DynamoFL, and AWS
Google Search Generative Experience: Will Gen AI Impact Search?
Author Information
Keith has over 25 years of experience in research, marketing, and consulting-based fields.
He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.
In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.
He is a member of the Association of Independent Information Professionals (AIIP).
Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.
