Google Workspace will have more protection for company accounts. The company, in order to protect its professional users from attacks by hackers who intend to take control of their accounts, as well as according to Techradar, of which «can have serious consequences for the owner of the account or the organization to which it belongs«.
To avoid this, Google is going to deploy a new evaluation step in the accounts, which will ask for an additional verification if it considers that an action carries a certain risk. Thus, if a user, or an attacker, tries to make a change that could have lasting effects, a window will appear asking whoever wants to make it to verify if they are, in fact, the owner of the account. This new step will ask for proof that whoever wants to make the change is who they say they are, and could include a two-step authentication system.
However, Google notes that SAML (Security Assertion Markup Language) accounts are not affected by this security enhancement change. The company also highlights that only accounts that use Google as the identity provider are compatible with the upgrade.
The rollout of this additional security measure has already begun, and it will be available to both administrators and users of Google Workspace. Also for customers of former G Suite Basic and G Suite Business accountswhich are now under the Workspace umbrella.
Furthermore, Google will monitor and record any suspicious activity as an audit, which can be accessed by account administrators. For end users there are no other changes, apart from the fact that they will most likely receive more identity verification pop-ups.
This security improvement joins others that Google has recently implemented to protect its users from cyber attacks. Among them is an increase in notifications to administrators, who now receive them whenever there are “critical and sensitive” changes to the configurations they have made. These include basic admin changes, profile additions, and password changes.