Endpoint

4/25/2018
04:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Google Adds Security Features to Gmail Face-lift

A redesigned Gmail brings new security measures to improve data protection and applications for artificial intelligence.

Google today announced a wave of G Suite updates, most of which focus on Gmail. The email service is getting a new Web look, advanced security features, artificial intelligence applications, further integrations with apps across G Suite, and management changes in Tasks.

"This week's [changes] are about giving users more agency in the cloud," explains Suzanne Frey, Google's director of security, trust, privacy, and compliance.

One of the new features is Gmail confidential mode, which lets users protect sensitive content by creating expiration dates or revoking previously sent emails.

"These are additional controls available on an email-by-email basis," she continues, noting that emails can be revoked even after they're viewed. "Think of it like a Drive file. If you share a Drive file with someone and remove access for them, it works in the same way."

Users can also require recipients to provide additional authentication to view messages, which makes it possible to protect data even if a recipient's email account has been hijacked and the message hasn't been deleted. Even if an account has been hijacked, an attacker would have to have access to the victim's phone and mobile password to view the SMS and open the email.

Google is also introducing built-in information rights management controls so users can remove the option for recipients to download, copy, forward, or print emails, decreasing the risk of messages being shared to third parties.

Security alerts also have been redesigned to be larger and bolder, with simpler messaging so users understand when an email has been flagged or a security threat is imminent.

Users will be able to access these new email security capabilities by clicking the padlock icon on the bottom of their email screens. The security advancements announced today will eventually be available to G Suite users and consumers. Right now, access is limited to enterprise users in the early adopter program; Frey says general availability will start in the coming weeks.

The Gmail update includes new artificial intelligence applications, including Nudging, Smart Reply, and high-priority notifications. Nudging reminds users to follow up and respond to messages, and Smart Reply, a feature released in May 2017 to suggest quick email responses, is arriving on the Web in addition to mobile. Smartphone users can also enable high-priority notifications on Gmail so they are only alerted to important messages.

Today's security updates build on those from last month, when Google rolled out phishing protections designed to prevent business email compromise (BEC), a growing enterprise threat, by warning users of potential attacks or automatically moving messages to the spam folder.

Those capabilities have driven an increase in Google's security data, which it in turn can use to improve defenses, Frey says. "The more signals we get, the more signals spam and phishing protection gets." Now, she reports, 99% of BEC scenarios are automatically moved to spam.

Back in January, Google launched the Security Center for G Suite Enterprise with the intention of giving admins a central dashboard to view data and gauge their security posture. The center provides detailed metrics for employees' devices; for example, the types of phishing emails received and who is receiving the most. Admins can also view guidance for managing devices.

Related Content:

Interop ITX 2018

Join Dark Reading LIVE for a two-day Cybersecurity Crash Course at Interop ITX. Learn from the industry’s most knowledgeable IT security experts. Check out the agenda here. Register with Promo Code DR200 and save $200.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
shopicsoe
50%
50%
shopicsoe,
User Rank: Apprentice
11/2/2018 | 7:31:43 AM
Re: No nudging, please!
I have an HP printer and Windows 8. I ended up with a print job that wouldn't delete. I tried your fix for win 8 but access was denied. I finally found this little download from HP Photosmart printers which did the trick. If you don't trust the link just go to the HP printer support for your version. 
jackdenial
50%
50%
jackdenial,
User Rank: Apprentice
10/15/2018 | 4:06:14 AM
Google Adds Security Features to Gmail Face-lift
I like this feature of Google Adds Security in Gmail account. With the help of this feature, we can protect our data and these features are also great like amazing Web look, advanced security features, and management changes in Tasks. I didn't Recover Gmail Password then I checked my mail for reset Gmail password link and recover my password. 
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:41:58 PM
G-suite
Security Center for G Suite Enterprise with the intention of giving admins a central dashboard to view data and gauge their security posture. G-suite admin dashboard helps a lot, they play catch up with Microsoft.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:34:36 PM
AI?
The Gmail update includes new artificial intelligence applications, including Nudging, Smart Reply, and high-priority notifications These are less AI realated more algorithms designed to achive that.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:33:02 PM
Re: No nudging, please!
Yes, this may be a problem if users do not have enough control over these settings.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
4/28/2018 | 8:31:44 PM
expiration
One of the new features is Gmail confidential mode, which lets users protect sensitive content by creating expiration dates or revoking previously sent emails. This is really big when it comes to g-suite vs. outlook in the enterprises.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
4/26/2018 | 5:29:34 AM
No nudging, please!
> Nudging reminds users to follow up and respond to messages

Great. As if I'm not hounded enough by PR people... ;)
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-6461
PUBLISHED: 2019-03-21
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result i...
CVE-2015-6462
PUBLISHED: 2019-03-21
Reflected Cross-Site Scripting (nonpersistent) allows an attacker to craft a specific URL, which contains Java script that will be executed on the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, ...
CVE-2018-13798
PUBLISHED: 2019-03-21
A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V14), SICAM A8000 CP-802X (All versions < V14), SICAM A8000 CP-8050 (All versions < V2.00). Specially crafted network packets sent to port 80/TCP or 443/TCP could allow an unauthenticated remote attacker to cause a D...
CVE-2019-5490
PUBLISHED: 2019-03-21
Certain versions between 2.x to 5.x (refer to advisory) of the NetApp Service Processor firmware were shipped with a default account enabled that could allow unauthorized arbitrary command execution. Any platform listed in the advisory Impact section may be affected and should be upgraded to a fixed...
CVE-2019-8997
PUBLISHED: 2019-03-21
An XML External Entity Injection (XXE) vulnerability in the Management System (console) of BlackBerry AtHoc versions earlier than 7.6 HF-567 could allow an attacker to potentially read arbitrary local files from the application server or make requests on the network by entering maliciously crafted X...