Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification.
But at the event Google also announced a number of G Suite enhancements, many of which are aimed at improving user and enterprise security.
Some of the features are still in beta. Some are available to users of all G Suite editions, others only to G Suite Enterprise and G Suite Enterprise for Education customers.
First and foremost, Gmail now supports SMTP MTA Strict Transport Security (MTA-STS), a standard that improves email security by requiring authentication checks (that look for a valid public certificate) and good encryption for email in transit (TLS 1.2 or higher).
“MTA-STS is a new internet standard that will increase email security by acting as a deterrent against pervasive monitoring of email traffic and protecting against man-in-the-middle attacks,” Google explained.
“You can make your email communications more secure by setting MTA-STS policies and ask the organizations with which you communicate to also set MTA-STS policies for their mail servers.”
By turning on MTA-STS for their domain and SMTP TLS reporting (another new standard for which support has been made available), organizations can make sure that external mail servers that connect to it will report any connection problems, so that admins can identify and fix security issues with the org’s mail server.
(SANS ISC handler and Dean of Research at the SANS Technology Institute Johannes Ullrich also recently offered a helpful write-up on how to configure MTA-STS and TLS Reporting for one’s domain.)
Organizations’ G Suite admins will now have even more controls for advanced anti-phishing and malware protections, as well as a security sandbox for securely executing potentially malicious attachments and analyzing the side effects on the operating system to determine malicious behavior.
“By virtually opening an attachment in a secure environment that can analyze the effects on the target operating system, it’s better able to detect ransomware, sophisticated malware propagated through embedded scripts (like files containing macros or .js files), and zero-day threats,” Google noted.
“If desired, admins will be able to set up custom rules to control which messages are tested in the security sandbox. If custom rules are not applied, all messages with attachments sent to the OU will be checked in the sandbox.”
Enhancements to the G Suite security center
A new beta program will help admins assess their organization’s exposure to security issues and collaborate with colleagues to remediate them, through new admin collaboration and automation features.
“This beta will also allow you to send notifications to the alert center, where teams of admins and analysts can work together to take ownership of alerts and update status as they work through security investigations,” Google explained.
Enhancements to the alert center will also improve the management of and collaboration on alerts.
Security assessments for apps on G Suite Marketplace
Google is now offering app developers the option of submitting their apps for review by a third-party security firm, which will include penetration tests, a deployment review, and a policy and procedure review.
“Apps that pass the security assessment will display a security badge on their Marketplace listing,” Google says.
The goal is to make it easier for admins to find apps that meet their organizational policies and whitelist them for the org’s employees.