Join top executives in San Francisco on July 11-12, to hear how leaders are integrating and optimizing AI investments for success. Learn More

Google on Monday announced new security features for Google Workspace and Google Drive to better ensure data security and privacy protection in hybrid work environments.

The new security tools include client-side encryption for Workspace and several enhanced data protection features in the platform’s Drive service, including more granular control over trust rules, enhanced phishing and malware protection, and the addition of integrated data loss prevention (DLP) in Drive labels.

Google director of product management Karthik Lakshminarayanan told VentureBeat that the new security features in the search giant’s enterprise collaboration platform were the result of several factors, including Google’s “security first” philosophy, the rapid increase in remote work environments due to the pandemic, and the company’s experience with its BeyondCorp zero trust security model.

BeyondCorp Enterprise, released earlier this year, is based on Google’s own internal security framework developed over more than a decade.


Transform 2023

Join us in San Francisco on July 11-12, where top executives will share how they have integrated and optimized AI investments for success and avoided common pitfalls.


Register Now

“Our security model has been built around the fact that just being in the office doesn’t give users any additional security. For years, we have been building the BeyondCorp model around the philosophy of being able to securely work from anywhere,” Lakshminarayanan said.

“So, if you’re out of the office and your laptop tanks, maybe you need to spin up a personal tablet or a phone to work. That’s not a managed device and now we have to take this into account and make our data access controls more granular, stricter. We have to adapt security to the conditions people actually work in.”

Putting data encryption control in customers’ hands

To this end, the introduction of client-side encryption for Workspace gives Google’s enterprise customers direct control of the encryption keys for their data, making data at rest an in transit on the platform “indecipherable to Google,” Lakshminarayanan said. The new encryption controls will be rolled out for beta testing by customers “in the coming weeks,” he said.

Previously, Google alone handled the encryption of customer data in Workspace. The new client-side encryption capabilities are aimed at organizations that need direct control over sensitive or regulated data for security and compliance reasons, such as Airbus, an early tester of the new capabilities.

In beta testing of the new feature for Google Workspace Enterprise Plus and Google Workspace Education Plus, customers will be able to choose encryption key access services from Google partners FlowCrypt, Futurex, Thales, and Virtru.

Google will first make client-side encryption available for Workspace services Drive, Docs, Sheets, and Slides, promising support for multiple file types such as Microsoft Office files and PDFs. The new controls will be made available for Google Meet in the fall of this year, with support for Gmail and Calendar also planned at an unannounced time.

Fortifying Google Drive for more secure collaboration

Google also unveiled some security enhancements for Drive, the company’s file storage and synchronization service subscribed to by more than 1 billion users around the world.

In the coming months, Workspace Enterprise and Workspace Education Plus customers will be able to access new trust rules that give IT administrators greater control over how files can be shared with Drive inside and outside of their organizations. Lakshminarayanan said the new rules allow for more customizable file-sharing permissions for organizational units and groups, in contrast with “blanket” policies available now.

Google’s Drive labels, used to classify security levels for files stored in Drive, now incorporate Google’s DLP for Workspace. With labels, users can classify content so it is stored under retention policies for different sensitivity levels set by IT administrators. Admins can also create rules to automate classification of files, using 60 new AI-powered content detectors which can identify sensitive content such as “resumes, SEC filings, patents, and source code,” according to Google.

Drive labels are available in beta now for Google Workspace Business Standard, Workspace Business Plus, Workspace Enterprise, Workspace for Education Standard, and Workspace Education Plus.

Google will in the coming weeks be adding new internal protections against phishing and malware for Drive. The file storage service currently protects against such threats from external sources, but the enhancement will add safeguards against phishing and malware that originates within an organization, whether by a malicious actor or unintentionally via user error or a compromised system. Google said all future Workspace SKUs will include the new internal phishing and malware protections.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.