Connect with us

Hi, what are you looking for?


Artificial Intelligence

Google Workspace Introduces New AI-Powered Security Controls

Google has announced new AI-powered zero trust, digital sovereignty, and threat defense controls for Workspace customers.

Google on Thursday introduced new AI-powered security controls for its Workspace customers, targeting zero trust, digital sovereignty, and threat defense.

The new AI-powered zero trust capabilities, Google says, are meant to provide organizations with more granular control over how data is accessed and used.

To ensure data protection and prevent inappropriate sharing of data in Google Drive, Google AI can now be used to automatically and continuously classify and label new and existing files, and then apply necessary controls based on the organization’s security policies.

Context-aware DLP controls will allow administrators to set specific criteria to be met before a user can share sensitive content in Drive – the capability will become available in preview later this year.

Gmail will receive enhanced DLP controls too – also in preview later this year – to improve control over the sharing of sensitive information, both inside and outside the organization.

The internet giant also announced new digital sovereignty controls to help prevent unauthorized access to sensitive data, storing encryption keys, selecting where data is processed, and limiting Google support access.

To prevent third-party access to sensitive data, Google is introducing new client-side encryption (CSE) improvements, such as generally available support of mobile apps in Google Calendar, Gmail, and Meet, or the ability to view, edit, or convert Excel files (in preview).

Advertisement. Scroll to continue reading.

Later this year, in preview, Google Workspace will let organizations set CSE as default for select units, will provide guest access support in Meet, and support for comments in Docs.

Google also announced that it has partnered with Thales, Stormshield, and Flowcrypt to allow CSE customers to store encryption keys in their country of choice.

Functionality set to arrive in preview later this year will allow organizations to choose where their data is processed (European Union or US), and to limit Google support access to EU-based support.

To improve protections against account takeover, later this year, the internet giant will make two-step verification (2SV) mandatory for select administrator accounts of resellers and largest enterprise customers, and will enable multi-party approval for sensitive administrator actions, in preview.

Google also announced the preview availability of automated protections for sensitive actions in Gmail, including filtering and forwarding, and the ability to export Workspace logs into Chronicle.

Related: Google Workspace Gets Passkey Authentication

Related: Google Workspace Client-Side Encryption Now Generally Available in Gmail, Calendar

Related: Google Workspace Gets Client-Side Encryption in Gmail

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...