Google now makes it possible for admins to better see phishing emails and data exports from business web domains.
Google announced this week that it's rolling out a handful of new alert features for domain administrators to gain more insight into malware, phishing, and data exfiltration across their environment.
Included in the updates are phishing alerts that inform admins when a suspicious email has arrived and a data exfiltration alert that informs admins when a data export activity has been initiated.
Admins also have the ability to delete alerts, and dig deeper – via links from G Suite – into audit logs surrounding alerts to gain insight around past user activities. Google lets admins access multiple audit logs, including logs that keep track of conversations in Hangouts, devices used across their organization, along with successful and failed logins to SAML applications, to name a few.
These logs can be used in conjunction with the company's investigation tool, launched last year, to identify security issues within their domain.
The features, which are turned on by default, are already available for admins who oversee rapid release domains and scheduled release domains.
While helpful and certainly welcome additions for G Suite admins, the features still lack the advantages of enterprise class data loss prevention.
For one, the features are limited to Google's own products, like Google Docs and Gmail, something which could curb their effectiveness for admins. Google's data export alert only provides context around a particular set of users: super administrators who export data, via the Data Export tool, which allows users to export data from Google entities.
G Suite does allows admins to deploy data loss prevention rules to prevent users from sharing content but the feature is only available for top tier G Suite Enterprise and G Suite for Education users. The company also can't guarantee all sensitive data will get caught and flagged.