Google today announced new defensive cybersecurity controls that allow the company's security teams to prevent social engineering attacks against Workspace users, such as thwarting account intrusion attempts, such as phishing.
Among the most important of these new features: the ability to add an additional layer of protection by asking two officials to sign the secret programs (Google Works).
After multilateral approval is enabled and configured in the workspace, administrators must have at least one other administrator approve significant changes.
“If an admin initiates a very sensitive action, like changing 2-Step Verification settings, any other admin can accept it,” said Andy Wein, Director of Product Management at Google Workspace (Google).
"In this initial release of the framework, we currently only support changing two-step verification settings and will expand this functionality to other actions based on feedback from administrators."
The company plans to preview multilateral approval for sensitive Google Workspace software in the coming months.
Later this year, the company also plans to enforce mandatory two-factor authentication, or "two-factor authentication," for some company officials.
In a post on the company's blog, Yuli Kwon Kim and Andy Win said, "Risk management accounts can have a significant impact, and 2-Step Verification can reduce the possibility of an account being compromised."
"Starting later this year, and in a phased approach, select administrator accounts with our resellers and large enterprise customers will be required to add two-factor authentication to their accounts to increase their security," they said.
Google is also working to extend Gmail's AI protection to cover more sensitive email operations, including filtering and forwarding messages. It seems that this possibility can now be realized through experience.
Finally, Google Workspace provides a quick way to export logs to Chronicle, Google's suite of cloud-based security operations. This allows security teams and administrators to export workspace logs faster to improve response time to threats.
Earlier this month, the company announced that it would soon make removing explicit profile photos and personally identifiable information from search results easier with a privacy-focused tool announced in May 2022 and launched in September of the same year.
Google has also explained how Android malware infiltrates the Google Play Store using a release strategy that allows malicious actors to bypass Play Store verification and security checks.