Project Description

📖 2 mins read

Google is adding new security controls that admins can use to protect sensitive company data on iOS devices. Admins can now choose to:

  • Restrict copy and paste on data belonging to Google Workspace accounts to other accounts. This can prevent corporate data from being exfiltrated to personal accounts.
  • Restrict the ability for users to drag and drop files from specific apps within their Google Workspace account.

At launch, admin controls will apply to five Google Workspace iOS apps: GmailDriveDocsSheets, and Slides. This feature is available to Google Workspace Enterprise, Google Workspace Enterprise for Education, and Cloud Identity Premium customers. Users will still be able to copy and paste and drag and drop from personal accounts to Google Workspace accounts. Protections are available to devices managed with Google Workspace’s basic or advanced mobile device management, as well as devices with basic mobile management alongside a separate enterprise mobility management (EMM) solution.

Who’s impacted

Admins

Why it’s important

Without these features, there are limitations in the controls admins have to prevent users moving corporate data between corporate and personal accounts on the same iOS device. While admins can prevent sharing files between managed and unmanaged apps, users can still share data between accounts when apps support multiple accounts or via cut/copy/paste actions. For example, iOS users can copy the text of a corporate email into a personal account. This introduces the potential for data leaks and reduces the overall security of your corporate data on iOS.

The admin controls introduced in this launch will help increase protections and make it more difficult for corporate data to be accidentally or intentionally shared to a personal account. Similar protections are already available on Android devices through Work Profiles.

See the Cloud Blog to learn how this and other launches can help Google Workspace customers stay secure.

Getting started

  • Admins: This feature will be OFF by default and can be enabled at the organizational unit (OU) level. Visit the Help Center to learn more about data protection on iOS devices.
  • End users: There is no end-user setting for this feature. If a user tries to perform a restricted copy and paste action, the text “This info can only be shared within your organization’s Google Workspace apps” will paste instead of the text they copied.

 

New data exfiltration protections for Google Workspace data on iOS devices 1
Admin controls for data exfiltration protection on iOS 

Rollout pace

  • This feature is already available for all domains.

Availability

  • Available to Google Workspace Enterprise, Google Workspace Enterprise for Education customers and Cloud Identity Premium customers
  • Not available to Google Workspace Basic, Google Workspace Business, Google Workspace for Education, Google Workspace for Nonprofits customers, and Cloud Identity Free customers
Thanks for sharing and spreading the word!