G Suite now offers enhanced security for high-risk users

Mandatory FIDO keys and auto-blocking of third-party apps comprise the tougher standards

Google HQ

Google has extended its advanced security programme to enterprise customers using its G Suite, Google Cloud Platform (GCP) and Cloud Identity products, giving IT administrators the ability to set stronger internal controls.

Organisations can enrol senior executives and those employees at high-risk of cyber attacks into Google's Advanced Protection Program (APP), which will bring their level of security up to the standards of Google's own employees.

Within the next few days, IT administrators can select the members of their organisation who they assess as needing stronger protections, and Google will automatically apply a set of stricter cyber security policies to their activities.

There are several changes to how those enrolled in the programme can access Google's products, including enforced FIDO keys, blocking access to non-trusted third-party apps automatically, and enhanced scanning of incoming emails.

These changes will come alongside making Titan security keys, Google's own FIDO key, available for purchase in Japan, Canada, France and the UK, as well as using machine learning to improve security alerts for IT administrators.

The use of such FIDO keys will be mandatory for those enrolled in the advanced security programme, meaning access to critical Google apps may be disrupted for users without them. Third-party apps will also be automatically blocked for APP users unless explicitly whitelisted.

The use of machine learning, meanwhile, will be directed towards analysing activity within the G Suite to detect unusual behaviour. In practical terms, IT administrators signed up to the service will receive a stream of anomalous activity alerts on a security dashboard.

This raft of added security protections will bolster the security across organisations signed up to Google's enterprise products by both demanding more of high-risk employees and adding more robust provisions.

However, the majority of these practices can be seen as essential for good cyber security hygiene, regardless, and raise the question as to why they haven't been introduced to customers up to now. It's especially pertinent given Google employees have adhered to the APP regime since it was launched two years ago.

Google, at the time of launch, restricted the APP to those at elevated risk of attack and who are also "willing to trade off a bit of convenience for more protection".

There is now, however, no stopping IT administrators from now enrolling their entire organisation to the programme should they deem it the best defence against cyber threats.

Featured Resources

How to choose an AI vendor

Five key things to look for in an AI vendor

Download now

The UK 2020 Databerg report

Cloud adoption trends in the UK and recommendations for cloud migration

Download now

2021 state of email security report: Ransomware on the rise

Securing the enterprise in the COVID world

Download now

The impact of AWS in the UK

How AWS is powering Britain's fastest-growing companies

Download now

Recommended

Most CISOs worry cloud software flaws aren’t being caught
cloud security

Most CISOs worry cloud software flaws aren’t being caught

7 Jun 2021

Most Popular

Q&A: Enabling transformation
Sponsored

Q&A: Enabling transformation

10 Jun 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

16 Jun 2021
Millions of Volkswagen customers affected by data breach
data breaches

Millions of Volkswagen customers affected by data breach

14 Jun 2021