Google has upped security for business customers using its G Suite package, including Windows 10 administration, data loss prevention rules, and access rules based on where you are and what device you are using.
Remote security is top of mind for many businesses in these days of lockdown, and Google is in some respects better placed than rival Microsoft in that it has adopted a remote model from day one.
On the other hand, Microsoft has adapted and improved its enterprise security and device management tools for the cloud, pushing customers towards its premium Microsoft 365 product, which includes device management for Windows, iOS and Android via its InTune service.
In November 2019, Microsoft said that "System Center Configuration Manager (ConfigMgr) and Microsoft Intune are managing 200 million devices."
Google has its own endpoint management tools, though in the past it has been mainly focused on cloud identity controls and its own Android or Chrome devices. The company has now kicked out the full release of its enhanced security for Windows 10, which includes single sign-on, so that users sign into Windows 10 using Google credentials (via Google Credential Provider for Windows 10), and Windows 10 devices can be managed in Google's admin console with features including remote wipe, device configuration, and checking compliance with policies.
"More than 110 million devices … are managed by our endpoint management solution," says Google – still short of Microsoft's number, but substantial.
Another feature, called "fundamental desktop security", provides the basic benefits of device management as soon as a user logs into G Suite via a web browser on a desktop computer. It is not really device management, however, and is limited to showing "the device type, operating system, first sync time, and last sync time in the Admin console. They [the admin] can also sign the user out from that device."
If merely signing into a browser gave admins device management rights, it would be a breach of browser security. Note also that although Google bragged about this feature in an announcement yesterday, the actual update description says: "Due to COVID-19 related activity, full rollout of fundamental device management has been delayed until later in 2020."
Google is also improving its data loss protection. This technology aims to prevent confidential documents from leaking out of the secure corporate environment. A new feature is an automatic document classification effort based on automatic scanning for keywords in documents in Google's Drive online storage. Sensitive content can trigger alerts and warnings.
Google's Android for Work already isolates corporate data, but the company is now adding iOS copy/paste protection – which prevents data being copied to personal accounts via the clipboard. Such controls are valuable for deterring accidental data loss, but determined users can normally find ways round them, for example, by photographing the screen.
The company also now offers an updated Log Viewer for viewing logs, including those of G Suite logs as well as Google Cloud Platform.
Google is probably not the first company that comes to mind for businesses looking to manage Windows 10 devices. Then again, you could say the same for Microsoft with regard to Android. Microsoft's Windows 10 management tools are far more extensive, as you would expect, but Google's new services, along with the option to sign into Windows with a Google account, mean that Google-centric businesses can make Microsoft's operating system more G-shaped than before. ®