Google Workspace has introduced client-side encryption (CSE) to its Gmail, Calendar, and Meet mobile apps, following its initial implementation on the web. This enhancement provides organizations with direct control over encryption keys, ensuring that neither Google nor unauthorized entities can access text, audio, or video content. Particularly beneficial for companies dealing with sensitive or regulated data, this feature is now available for general use.
In the realm of document collaboration, Google Workspace is making strides. CSE will soon support comments in Docs (currently in preview) and is being tested for viewing, editing, and converting Microsoft Excel files. Additionally, Google Meet will soon offer guest access support, and administrators will have the ability to enforce CSE for specific organizational units.
The concept of digital sovereignty is also addressed. Users of CSE will have the option to choose the country where their encryption keys are stored, expanding beyond mere data storage location to include data processing locations, such as the US or EU. Moreover, users will be able to “store a copy of their Workspace data in a country of their choice.”
To enhance data security, Google is leveraging confidentiality-preserving AI models that can be tailored to an organization’s needs. These AI models will classify and label files in Google Drive, providing continuous data loss prevention (DLP) while allowing file owners to adjust labels as required. Workspace administrators can now mandate specific device location or security status requirements before users are allowed to share sensitive content in Drive. Enhanced DLP controls, initially launched in Chrome, Google Chat, and Drive, will also be extended to Gmail.
On the security front, Google is introducing measures to ensure certain sensitive actions require approval from two Workspace administrators. For instance, changing two-factor authentication (2FA) settings will necessitate the consent of two admins. Furthermore, sensitive actions in Gmail, such as configuring email filtering or forwarding, will trigger a secondary identity verification via 2-step verification (2SV) to confirm the user’s authenticity and thwart potential third-party access.
In a bid to bolster security across the board, Google will soon mandate “select administrator accounts of our resellers and largest enterprise customers” to enable 2-Step Verification. This initiative, commencing later this year, mirrors similar efforts made with personal accounts.
Disclaimer: The views, suggestions, and opinions expressed here are the sole responsibility of the experts. No Chronicle Hub journalist was involved in the writing and production of this article.