August 5, 2019
During its Cloud Next 2019 developer conference, Google revealed its Advanced Protection Program would be widely released and Titan Security Keys will be more readily available in retail. The former, which is intended to prevent cyberattacks against high profile targets such as politicians and business leaders, will debut in beta for G Suite, Google Cloud Platform (GCP), and Cloud Identity customers. The Advanced Protection Program “enforces the use” of the Titan Security Key or compatible third-party hardware, blocking access to third-party accounts not approved by admin.
VentureBeat reports that, “Enterprise administrators will gain the option to enroll users most at risk of targeted attacks, such as IT administrators, business executives, and employees in security-sensitive segments like finance and government.”
Advanced Protection Program also “enables enhanced scanning of incoming email for phishing attempts, viruses, and malicious attachments.”
With regard to Titan Security Keys, the physical FIDO2 (Fast Identity Online) keys to authenticate logins over Bluetooth or USB are finally in stores in Canada, France, Japan and the U.K., a year after they went on sale in the U.S. FIDO2 is “a standard certified by the nonprofit FIDO Alliance that supports public key cryptography and multifactor authentication.” Yubico, Google and NXP are among the companies that jointly developed the standard.
Google also revealed “improved anomaly detection in G Suite enterprise deployments and enhanced support for legacy apps in GCP.” In April, Google announced around 30 upgrades related to security that will be available to GCP “in the coming months.” Now, G Suite Enterprise and G Suite Enterprise for Education administrators can opt into a beta for “automatic anomalous activity notifications in the G Suite alert center.” The notifications are generated via AI models that “analyze signals within apps like Google Drive to detect security risks, including data exfiltration and policy violations related to unusual external file sharing and download behavior.”
Due to the use of TensorFlow, its open-source AI framework, Google reported it is able to block “around 100 million additional spam messages every day for Gmail users … while ensuring the share of legitimate mail that inadvertently ends up in spam folders stays below 005 percent.”
Google also announced that it will, this week, introduce support for so-called password vaulted apps, “legacy apps that require a username and password to authenticate” to Cloud Identity customers. The support will add to “G Suite and Cloud Identity’s ecosystem of single sign-on (SSO) apps that tap identity standards like Security Assertion Markup Language (SAML) and OpenID Connect (OIDC).”