A closer look at Google Workspace privacy and data security

Google recently unveiled the next evolution of Google Workspace, including new security and privacy capabilities to help users take advantage of trusted, cloud-native collaboration.

In this interview with Help Net Security, Karthik Lakshminarayanan, Sr. Director, Google Workspace Security, talks about the new features as well as Google’s aim to help teams securely navigate the challenges and opportunities of the hybrid workplace.

The hybrid work environment provides an evolving context for a variety of attacks. How does Google Workspace help the remote workforce stay secure?

Security has always been top of mind at Google and as hybrid work becomes the norm for many employees, it has become increasingly important for us to strengthen this foundation in Google Workspace.

We announced several new security privacy capabilities in Google Workspace recently, including Client-side encryption, trust rules for Drive and Drive labels, as well as enhanced phishing and malware protection for Drive.

These new innovations aim to help Google customers realize the full power of trusted, cloud-native collaboration – by ensuring their employees and company data are protected.

It also furthers our longstanding mission to protect and secure anywhere, anytime collaboration, and demonstrate how we’re helping millions of organizations navigate the challenges and opportunities of the newly emerging work model.

Consider enrolling in Google’s Advanced Protection Program (APP) – we’ve yet to see anyone that participates in the program be successfully phished, even if they’re repeatedly targeted.

Create Client-side encrypted Docs, Sheets, and Slides files

One of the biggest additions to Google Workspace is Client-side encryption, what does it mean for customers?

With Client-side encryption, we are helping customers strengthen the confidentiality of their data while addressing a broad range of data sovereignty and compliance requirements.

We are giving customers direct control of encryption keys and an unprecedented collaboration experience, entirely in the browser, on encrypted content.

Since data is encrypted before it is sent to Google, by keys that the customer has complete and direct control over, it is particularly well suited to store sensitive or regulated data, like intellectual property, healthcare records or financial data, with privacy from the cloud provider.

Set granular sharing rules for organizational units and groups

Google Workspace administrators can now take advantage of additional choices when it comes to setting rules for how files can be shared with trust rules for Drive. What flexibility does this offer?

We know that sharing ideas and information is at the center of trusted collaboration, and with hybrid work, that means working with more people both within and beyond your organizations.

With trust rules for Drive, admins are in control of how files are shared by enforcing restrictions that limit internal and external sharing. Specific rules can even be set for organizational units and groups with coverage of both My Drive and shared drive files, allowing a more granular approach than enforcing blanket policies on every user.

Centralized administration

You’ve introduced more phishing and malware content protection for Google Drive. How do you deal with abusive content?

Our ML models evolve to understand and filter new threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users.

If and when abusive content is found, the relevant file is flagged and made visible only to admins and the file’s owner. This prevents sharing and reduces the number of users potentially impacted by the abusive content.