G Suite now offers enhanced security for high-risk users

Mandatory FIDO keys and auto-blocking of third-party apps comprise the tougher standards

Google HQ

Google has extended its advanced security programme to enterprise customers using its G Suite, Google Cloud Platform (GCP) and Cloud Identity products, giving IT administrators the ability to set stronger internal controls.

Organisations can enrol senior executives and those employees at high-risk of cyber attacks into Google's Advanced Protection Program (APP), which will bring their level of security up to the standards of Google's own employees.

Advertisement - Article continues below

Within the next few days, IT administrators can select the members of their organisation who they assess as needing stronger protections, and Google will automatically apply a set of stricter cyber security policies to their activities.

There are several changes to how those enrolled in the programme can access Google's products, including enforced FIDO keys, blocking access to non-trusted third-party apps automatically, and enhanced scanning of incoming emails.

These changes will come alongside making Titan security keys, Google's own FIDO key, available for purchase in Japan, Canada, France and the UK, as well as using machine learning to improve security alerts for IT administrators.

The use of such FIDO keys will be mandatory for those enrolled in the advanced security programme, meaning access to critical Google apps may be disrupted for users without them. Third-party apps will also be automatically blocked for APP users unless explicitly whitelisted.

Advertisement
Advertisement - Article continues below

The use of machine learning, meanwhile, will be directed towards analysing activity within the G Suite to detect unusual behaviour. In practical terms, IT administrators signed up to the service will receive a stream of anomalous activity alerts on a security dashboard.

Advertisement - Article continues below

This raft of added security protections will bolster the security across organisations signed up to Google's enterprise products by both demanding more of high-risk employees and adding more robust provisions.

However, the majority of these practices can be seen as essential for good cyber security hygiene, regardless, and raise the question as to why they haven't been introduced to customers up to now. It's especially pertinent given Google employees have adhered to the APP regime since it was launched two years ago.

Google, at the time of launch, restricted the APP to those at elevated risk of attack and who are also "willing to trade off a bit of convenience for more protection".

There is now, however, no stopping IT administrators from now enrolling their entire organisation to the programme should they deem it the best defence against cyber threats.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/business/policy-legislation/356256/uk-invested-about-ps500m-in-wrong-gps-satellites
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020