Posted by Suzanne Frey, Director, Security, Trust, and Privacy, Google Apps

Every company has data that it must keep secure — whether that data is about confidential innovations, strategic plans or sensitive HR issues — keeping all of your data safe from inadvertent or purposeful leaks needs to be simple, quick and reliable. Google for Work already helps admins manage information security with tools such as encryption, sharing controls, mobile device management and two-factor authentication. However, sometimes user actions compromise the best of all of these controls; for example, a user might hit “Reply all” when meaning to send a private message with sensitive content.

Starting today, if you’re a Google Apps Unlimited customer, Data Loss Prevention (DLP) for Gmail will add another layer of protection to prevent sensitive information from being revealed to those who shouldn’t have it.

How Gmail DLP works Organizations may have a policy that the Sales department shouldn’t share customer credit card information with vendors. And to keep information safe, admins can easily set up a DLP policy by selecting “Credit Card Numbers” from a library of predefined content detectors. Gmail DLP will automatically check all outgoing emails from the Sales department and take action based on what the admin has specified: either quarantine the email for review, tell users to modify the information or block the email from being sent and notify the sender. These checks don’t just apply to email text, but also to content inside common attachment types ― such as documents, presentations and spreadsheets. And admins can also create custom rules with keywords and regular expressions.

Check out the DLP whitepaper for more information including the full list of predefined content creators, and learn how to get started. Gmail DLP is the first step in a long-term investment to bring rule-based security across Google Apps. We’re working on bringing DLP to Google Drive early next year, along with other rule based security systems.

As we round out the year, let’s take a look at what we did in 2015 to enhance the security, privacy and control you have over your information.

• To verify the good work we do on privacy, we were one of the first cloud providers to invite an independent auditor to show that our privacy practices for Google Apps for Work and Google Apps for Education comply with the latest ISO/IEC 27018:2014 privacy standards. These confirm for example, that we don’t use customer data for advertising.
• To make security easier for all, we've expanded our security toolset:
• We introduced Security Keys to make two-step verification more convenient and provide better protection against phishing. For admins, we released Google Apps identity services, which allows secure single sign on access with SAML and OIDC support and we delivered device (MDM) and app (MAM) Mobile Management across Google Apps.
• We launched Postmaster tools to help Gmail users better handle large volumes of mail and report spam.
• For Google Cloud developers, the Cloud Security Scanner allows you to easily scan your application for common vulnerabilities (such as cross-site scripting (XSS) and mixed content).
• For those who want the power and flexibility of public cloud computing and want to bring their own encryption keys, we announced Customer-Supplied Encryption Keys for Google Cloud Platform.
• To give more transparency on how email security, even beyond Gmail, is changing over the years we published the Safer Email report.
• We introduced new sharing features, alerts and audit events to Google Drive for Google Apps Unlimited customers. For example, administrators can now create custom alerts and disable the downloading, printing or copying of files with Information Rights Management (IRM). New sharing settings give employees better control within their organization unit and now admins can let them reset their own passwords.
• Google Groups audit settings allow better tracking of Groups memberships. For all, the launch of google.com/privacy gives better control over personal data and Android for Work makes it easier to keep personal and work data separate on employee devices.

Companies are moving to the Cloud for all kinds of reasons, but Security and Trust remain critical and predominant differentiators between providers. That’s why millions of businesses trust Google to do the daily heavy lifting in security ─ preventing, testing, monitoring, upgrading and patching, while working towards the future. Because Google was born in the cloud, we’ve built security from the ground up across our entire technology stack, from the data centers to the servers to the services and features we provide across all of your devices. No other Cloud provider can claim this degree of security investment at every single layer.

While 2015 was a great year, there’s a lot more in store for 2016. To learn more about how our technology is evolving, please join us at the Enigma conference in San Francisco on January 25th to discuss electronic crime, security and privacy ideas that matter.

Posted by Eran Feigenbaum, Director of Security, Google for Work

It’s easier than ever to share ideas across the world. But as technology keeps advancing to connect us, so do the techniques of those with bad intentions. The number of records breached in 2014 was staggering; weak usernames and passwords remain the leading cause. The introduction of 2-Step Verification added a layer of security for your Google Account, but we knew more could be done.

That’s why Google, working with the FIDO Alliance standards organization, developed the Security Key — an actual physical key used to access your Google Account. It sends an encrypted signature rather than a code, and ensures that your login cannot be phished. And using this key saves you time — when you need to verify your Google Account on a Chrome browser, the key’s light will flash. Just tap it and the signature sends automatically. In fact, when we rolled the Security Key out to Googlers last year, they loved that it was so much faster than when they had to enter a code.


New Google Apps controls to manage Security Keys Businesses like Yelp and Woolworths started piloting the Security Key at work and have been looking for ways to scale adoption. Cameron Roberts, Google Apps SME at Woolworths Limited told us, “We have a large workforce and it’s imperative that all of our accounts are secure. The Security Keys are a great step forward, as they are very practical and more secure.” Ryan de Temple, IT Engineer for Security at Yelp said, “As we roll Security Keys out to our users, we realized the importance of a management toolset to audit and revoke keys, as well as reports on key enrollment activity.”

In the coming weeks, Google Drive for Work admins will be able to easily deploy, monitor and manage the Security Key at scale with new controls in the Admin console with no additional software to install. IT admins will see where and when employees last used their keys with usage tracking and reports. If Security Keys are lost, admins can easily revoke access to those keys and provide backup codes so employees can still sign-in and get work done

Admins can order Security Keys from online retailers or directly from a manufacturer. Multiple models are available and prices start at $6 per key. You can have a smaller model permanently in the USB slot, so it’s available at your fingertips or carry a larger removable model on your keychain or in your wallet. We hope you also take advantage of what the Security Key can do to help protect your organization. Learn more.