Google has just announced an exciting application of AI in Google Workspace: AI-powered data tagging, which uses Gemini to apply custom labels to files stored in Google Drive. With this newly announced add-on, Google Workspace admins can leverage AI to categorize sensitive data based on Google Drive labels.
This announcement is a big deal: Data tagging is the first step in adopting data-centric security as a means to protect any organization’s most sensitive information more effectively, and Google has just made it a lot easier to start this journey. But more on data-centric security in just a moment. For Google Workspace-based organizations, vast amounts of unstructured data is housed in Google Drive. Yet, many organizations struggle to understand exactly what that data is, where it is located, and who should have access to it.
The ultimate goal of any cybersecurity program is to protect the data itself. There’s a reason that data sits squarely at the center of the DoD’s Zero Trust reference architecture — data is tied directly into each of the other security priorities, like network security, devices, users, and so on.
Data is the lifeblood of any organization, and data-centric security aims to protect the asset that’s ultimately the most important. If you start with the data — tagging it appropriately, organizing it effectively, and securing it properly — you can strengthen your security posture from the inside out.
Get Started with Google Workspace AI Classification
Google’s new feature makes it easier than ever for organizations to leverage the power of AI to apply data labels at scale. According to Google AI classification documentation, admins and designated users can train the Gemini AI model on a dataset of at least 100 files per label option.
This provides Gemini with enough context to inform the labeling of your other files in Google Drive outside of the training dataset. Once the model has been trained to a level of accuracy you’re confident in, you can opt to auto-apply this labeling structure across your Google Drive instance.
What to Do Next: Use Client-Side Encryption for Data Tagged “Sensitive”
Not all data is created equal, which is why data classification is important in the first place. Some files may contain public information or information that’s not particularly sensitive. But some files in your Google Workspace environment likely contain sensitive information: things like customers’ (or your own employees’) PII or PHI, intellectual property, financial information, or proprietary research.
If you’re going through this exercise, you’ll probably have one or more labels indicating that the tagged data is sensitive. Regardless of your naming conventions for classification, you’ll want to ensure this is clearly documented and that your training of the Gemini model has instilled a high level of confidence before rolling out auto-labeling.
Now, up to this point, you’ve only labeled these files: You haven’t done anything to actually limit user access or govern how that data can be used or shared. That’s where additional layers of security like Google Workspace Client-Side Encryption (CSE) come into play: You can layer additional protections onto sensitive data to shield it from third parties, including Google. Google will no longer have access to this information because, with Google Workspace CSE, the private encryption keys used to decrypt the information are controlled by you, not Google. To use Google Workspace CSE, you’ll need to choose an encryption key management partner, which is where the Virtru Private Keystore shines.
Virtru Is the Only CSE Key Manager that Uses Google Drive Labels to Determine Data Access
When it comes to Google Workspace CSE, you can choose from a handful of vendors for encryption key management. Their offerings are generally comparable, though your costs and deployment experience can look pretty different depending on which vendor you choose. (More on that in our case study with HR tech company Maki.)
But Virtru Private Keystore for Google Workspace CSE stands alone in one important feature: Virtru is the only key management partner that will take Google Drive labels and assign access permissions to those files, based on the label. With Virtru key management, admins can assign access controls to Google Drive labels.
This video shows how it works:
Get Granular Data Access Control in Google Workspace with Virtru
At Virtru, we’re thrilled to see partners like Google implementing AI to add tremendous value to our shared customers. With Virtru as a security partner for the Google ecosystem, our customers can achieve stronger security, granular data access control, and peace of mind while leveraging Google’s industry-leading productivity tools to keep business moving forward.
For customers interested in pursuing Google Workspace CSE, Virtru is offering one free year of access to the Virtru Private Keystore for Gmail S/MIME. We also have a suite of powerful Google Workspace security tools outside of Google Workspace CSE to complement your Google security posture.
To learn more about how Virtru can support your organization’s data-centric security within Google Workspace, contact us to start the conversation.
