G Suite news: Anomalous alert activity for Google Drive, Advanced Protection for enterprise users
Google is rolling out new security options for G Suite users and admins, aimed at alerting organizations about data exfiltration attempts on Google Drive and helping them protect their high-risk users.
The options are both still in beta and some are currently only available to some G Suite customers, but wider availability is likely just a matter of time.
Anomaly detection for Google Drive
“Super admins and admins with delegated privileges for the alert center for G Suite will be alerted when potential data exfiltration risks occur based on unusual Google Drive behavior,” Google explained the new capability.
This includes detections and alerts for anomalous (and suspicious) external file sharing and download behavior.
“Additionally, since the alert center integrates with the security center investigation tool for G Suite, organizations can directly launch remediation efforts from within the alert center,” the company added.
The option is available only to G Suite Enterprise and G Suite Enterprise for Education customers for the moment.
Advanced Protection Program for enterprise users
Advanced Protection Program has been available to high-risk Google users since late 2017.
“Google’s strongest security for those who need it most” includes additional protections such as strong authentication and protection against phishing with physical security keys, restrictions on third-party access to Google account data, and extra identity verification steps during the account recovery process in order to thwart attackers.
Some of these individual options are already available to G Suite accounts and can be set up by helpful administrators, but administrators will now be able to make them available as a set for employees in their organization that are most at risk for targeted attacks (IT admins, executives, employees in regulated or high-risk verticals such as finance or government, etc.).
The admin has to allow enrollment for one or more organizational units from the G Suite Admin console, and end users will be able to individually enroll through this page. (They will need two security keys to set up advanced account authentication.)
From then on, they will have to use a security key to access their account, they will not be able to use risky third-party apps that require access to their G Suite account, and they will benefit from enhanced email scanning, a new feature in Google Chrome that will reduce a user’s exposure to potentially risky downloads, and a stricter account recovery process.
“Users who lose both of their security keys will need admin help to regain access to their accounts on new devices. This prevents automated recovery flows from becoming an attack vector,” Google explained.
Advanced Protection Program for enterprise beta can be enabled by all G Suite administrators through the Admin console.
In relation to this news comes another: Google’s Titan Security Keys, which were previously available only in the U.S., are now available on the Google Store in Japan, Canada, France, and the U.K.