Google Cloud: G Suite is getting three new security and access-control features

Google Cloud announces general availability of G Suite desktop management, context-aware access control, and automated security alerts.
Written by Liam Tung, Contributing Writer

Google Cloud has unveiled a raft of new G Suite security and identity management features to help enterprise IT admins manage access and control work desktop devices.     

The three key updates include desktop management for Mac, Windows, Chrome OS and Linux machines that access G Suite, context-aware access control for G Suite Enterprise, and tools to create automated rules for security alerts. 

The company announced the new Google Cloud and G Suite features after yesterday reporting mixed third quarter earnings, but strong growth from Google Cloud Platform and growth in G Suite due to higher pricing and more seats. Google raised prices of G Suite Business Edition this April from $10 per user/month to $12 per user/month, but didn't change G Suite Enterprise pricing of $25 per user/month.         

SEE: Cloud v. data center decision (ZDNet special report) | Download the report as a PDF (TechRepublic)

The desktop management update automatically enables basic device management on desktop devices that access G Suite, which means employees don't need to install agents or profiles on Mac, Windows, Chrome and Linux devices, according to Google. 

Google claims that its endpoint management solution is used to protect 85 million 30-day active devices that are licensed through G Suite, Cloud Identity and Chrome Enterprise. 

Admins will also have access to a single dashboard to see which devices have access to corporate data, as well as remotely sign users out of a device if it's been lost or stolen. The new controls also allow multiple user accounts to be managed on the same device for situations where workers share devices. 

Google says these features are now generally available for all G Suite and Google Cloud Identity customers. Google Cloud spun out Cloud Identity from G Suite last year as a managed identity service based on its BeyondCorp 'zero trust' security framework, which assumes that no device or network should be trusted (Cloud Identity is still available as part of G Suite). It's part of Google's response to the rise of smartphones, BYOD and other ways workers began accessing corporate information outside the company network.   

Google's context-aware access control is another feature based on BeyondCorp and is now also generally available to G Suite Enterprise customers. 

SEE: How to replace each Google service with a more privacy-friendly alternative

Context-aware access control was launched this April in beta at the Google Next conference. It allows admins to create access-control policies for apps based on the user and device context, and is meant to help admins manage the zero trust model.

Admins can control access to G Suite apps based on the user's identity as well as the device's location, security status (such as whether it's got the latest security patches), and IP address. Or for example, they can limit access to Google Drive to "high trust" groups when it's being accessed from an IP address outside the corporate domain. It can also be used to restrict access to Gmail from devices that are encrypted and can be locked.   

The third piece allows admins to create automated security rules in the G Suite security center. The rules set in process tasks to remediate a problem or send notifications to the alert center, allowing admins and security analysts to collaborate on security investigations and track the response to issues.  

The security center updates will roll out out over the next two weeks for G Suite Enterprise customers.

Editorial standards