[MUSIC PLAYING]
REENA NADKARNI: Hello, everyone.
Thank you for coming.
This is the session on
enterprise security and G Suite
tools.
I'm going Reena Nadkarni,
Product Manager on the G Suite
Team.
We also have with us today,
Ivon Passos, my colleague,
who's going to show
us some great demos.
So let's start by thinking
about why this matters.
Why does enterprise
cloud security matter?
Gartner recently said that
the cloud first strategies
are the foundation
of staying relevant
in this fast-paced world.
So as you can see,
cloud is a fundamental,
once-in-a-generation shift.
And you, as leaders
of innovation,
cannot afford to
get left behind.
But we understand that
these shift to the cloud
come with some
significant risks, risks
to your enterprise,
to your data,
as you move this
data to the cloud--
also, to your end users.
So you may be
convinced, but not all
of your end users
may be convinced.
And finally, a
personal risk to you.
This is your professional
reputation, your job, at stake
if you make the decision
to go to the cloud.
And I bet none of
you wants to be
on CNN for the wrong reasons.
I want you to know
that at Google, we
take this responsibility
very seriously.
Let's first start with
our product principles.
At Google, we aim to build
in security at all levels.
You saw in the
keynote this morning,
right from our custom hardware
chips, our data centers,
our network infrastructure,
our software,
as well as end users and
endpoints like mobile.
Second, we aim to make our
security easy and natural
to use, not just
for the end users,
but also for the administrators.
We want the security
to just work, and not
get in the way of
you doing your work.
And lastly, we want to aim
to help our customers meet
their compliance needs.
In security, scale matters.
Google has seven properties
with over a billion users each.
You're familiar with these,
Gmail, Search, Play, Android,
YouTube, and others--
seven properties with
over a billion users each.
And with G Suite,
the security team
that takes care
of these products
is now working for you.
But we don't just stop there.
We have groups of
security researchers
and former hackers,
who are continuously
monitoring our system.
We also can proactively
invite the community
to help us hack our systems.
We run bug bounty
programs, where
we have external hackers come
and try to hack our systems.
But I'm sorry to say,
most of the time,
they get this T-shirt that
says, "I tried to hack Google,
but all I got was
this lousy T-shirt."
You're welcome to
try, by the way.
So that is the solid
foundation of Google security
that we build our products upon.
On top of that, we
at G Suite are always
listening, learning, and
designing to the concerns
of our top customers.
In my conversations with our
CIOs, CISOs, IT administrators,
somehow three themes seem
to keep bubbling back up.
And we are going to
talk about each of them
today, phishing, data breaches,
and mobile management.
Obviously, our customers are
very worried about these.
And with this session,
I want to leave you
with a sense of familiarity
and comfort of all the tools
that we have in
each of these areas.
Let's talk about phishing.
Users still fall for a
well-defined phishing page 50%
of the time.
Phishing is still
the number one way
someone's going to get malware
into your organizations.
As you know, passwords
can be easily stolen.
And they're weak.
Did you know that two of the
most commonly used passwords
last year were, 123456
and the word, "password"?
So clearly, we have
a problem here.
And OTP codes can
also be phished.
So what do we do?
We recommend that you
use security keys.
Security keys are easy.
They are great.
They help you prevent
against phishing.
What we have also done
is that we have now
added some admin controls to be
able to manage these security
keys at scale.
We now allow you to enforce
the usage of security keys
within your domain.
We allow you to let your users
self-enroll these security
keys if you wanted to.
If a user lost their security
key, or it got stolen,
you can help that
user recover it.
And finally, you can now report
on the usage of security key
within your domain.
I'm going to call Ivon
on stage to show us
a demo of how this looks.
Ivon?
IVON PASSOS: Thanks, Reena.
Can you guys hear me?
Yes.
OK, so can we switch
to the computer?
There we go.
OK, so I'm going to show you
two different views of how
this works.
One is the admin, which
is what you see now.
And you will also see how a
user perceives this feature.
So the first thing is to set
up security keys for a domain--
and you see on
the left hand side
here that I can select this
per OU, or Organization Unit,
within the domain.
You basically have
transferred three questions.
Number one, do you want to
enforce this immediately,
or in a future date?
And we recommend that you
do it in a future date,
so that you have time to
communicate with your users,
and let them know they should
be receiving security keys.
They need to self-enroll,
et cetera, et cetera.
Once you make that
decision, you also
need to choose whether
you want to allow
all types of two-factor
authentication, which
could be OTP or security
keys, or just security keys.
As Reena mentioned,
OTP is also phishable.
But in some cases,
you may not be
able to deploy security
keys only to everyone.
But if you select
only security key,
you need to make
another choice, which
is if your user loses or
gets their security stolen,
how much time of a
grace period will you
allow them to use
another method until they
receive the new security key?
And that's set up right here.
That's it.
That's all you need
to do to set it up.
Now I'm going to
switch to the user view
to show you how easy the
use of security key is.
So right now, I'm logging
in as a regular user.
And because I set up security
key enforcement on the domain,
I'm going to be prompted.
So would you like to
register your security key?
I have my security key here
that I received from my admin.
And then I can just
click Register.
I'm going to be verified
on my identity again.
Have your security key?
Yes, next.
Now I'm going to plug
in the security key.
And I will touch it.
And that's it.
That's all I need to do.
Once I touch the security
key, I have it registered.
Every time I have
to log in again,
it were a request
for me to touch
the security key, which does
a two-factor authentication.
And you can, of course, have
these saved on computers
that you trust for 30 days.
That's a choice the user has.
In addition to that, I
showed you, initially,
the enforcement.
I showed you the
self-enroll as the user.
Now I'm going back to the admin
view to deal with a situation
where the user has
lost the security key.
So that's the recover
that Reena mentioned.
In this case, let's say that
Italo lost his security key.
They called in,
let the admin know.
The first thing you would
do is go into the user.
And then go into the
security key settings,
and revoke the security key.
That basically makes whatever
was lost completely unusable.
So here is for that
user the security key
that was just registered here.
And then you can revoke it.
Done.
That security key cannot
be used anymore until
it's re-registered
to somewhere else.
The other step is you can
immediately provide that user
with OTP codes.
So that while they are
without a security key,
they can continue to do
their work until they receive
only one, register that
again, and then they
are able to use the
security keys again.
These keys or these
codes will only
work during that grace period
that you had set up before.
So that's how we can
enforce it's still
two-factor authentication,
even in the case of losing
the security key.
And in addition to that,
there is the reporting side.
So the Admin Console
has built in reports
that allow you to track
how many people have
enrolled on security keys,
which users are still pending.
And that way, you can plan
to extend your security key
enrollment period,
whether you're on track,
and make decision
how to deploy it.
So again, security keys
are very easy for the admin
to set up, very easy for
the users to actually use
on a daily basis.
And they do enforce a very
important part of security,
which is preventing phishing.
And now I'm going
to call Reena back
to talk about that
next step on the issues
that IT worries about.
Thank you.
REENA NADKARNI: Thank you, Ivon.
Next, we're going to
talk about data breaches.
This is a very important area.
Because data breaches are
growing at an alarming rate.
I think you're
familiar with this.
But just in the last year,
we've had our hackers
infiltrate some very trusted
names, Sony, Target, Home
Depot, JP Morgan, eBay, Yahoo,
and even the health insurance
provider Anthem.
We've had over 1,000 data
breaches occur just in 2016.
Over 35 million
critical personnel
records have now been
compromised to hackers.
I'm happy to tell
you that we have
several new features
in this area to help
protect your data better.
As you know, over a year
ago, we launched Gmail DLP.
What this feature
allowed you to do
was to stop end users
in your organization
from leaking data
accidentally or intentionally.
It allowed you to
either stop people
from leaking the information,
or be able to send it,
but give them a warning that
they shouldn't be sending it,
and notify the admin.
We're now extending that DLP
platform to Drive, as well.
We recently announced this
functionality just last month,
that DLP is now available
for Drive as well.
What we're doing in DLP for
Drive is that, first of all,
we have many predefined
content detectors for you.
So this is sensitive data
formats from across the world.
This includes license numbers,
social security numbers,
and such from the United States.
You could have CPF
numbers from Brazil--
so Ivon's confidential
information is not compromised.
We have PAN account
numbers from India.
And worldwide, we have over
50 predefined content types.
We also have predefined
content thresholds.
A lot of the tools on
the market, what they do
is that they provide you
with so many false positives,
that as an admin,
you kind of get
tired of getting these alerts.
And you may miss something.
So instead, what we
are allowing you to do
is that you can adjust these to
your level of perceived risk.
So we talked a little bit about
the content detectors, as well
as the thresholds.
But what's important
here is that we also
provide flexibility
as part of the system.
So you can not only have these
predefined content detectors,
but let's say your health
care company where you're
doing research and the keywords
that you want to protect
haven't been invented yet.
So we allow you to
be able to upload
a set of keywords that are
relevant to your business
and your data.
We also allow you to look at
optical character recognition
on these attachments
that are going up.
So just to be very clear
on what's happening here,
and the power of our
platform, not only
are we scanning the emails
to protect your data,
we're scanning the
attachments that are going out
with these emails.
We can even scan, not only
these emails and attachments,
but zip attachments.
And on these zip attachments,
if there are images,
we can do pattern matching,
and do optical character
recognition for each of these
content types, like credit card
numbers, and social
security numbers.
So it's a really
powerful way to stop data
from leaking outside
your organization.
So with that, I'm going
to call Ivon to do a demo
and show you how
this actually works.
Ivon.
IVON PASSOS: Thanks, Reena.
OK, So I'm going to, again,
play two roles, admin and user.
And in this case,
the user is Reena,
who is working on a project to
basically review all the credit
card expenses in the company.
So this document
was created here
to start the project
and the collection.
And it has a lot of
credit card numbers.
Those numbers, of course,
are sensitive information
that is also information
about employees here.
And you will notice that
the first thing that's
visible here, on the Share
button, there is a shield.
That's already drive
the OP, saying,
if you're going to share
this information, be careful.
And it even says, this has
credit card number information.
So be careful when you
share this with anyone.
And of course, Reena
needs to share this
with the rest of the team.
So she's going to
go here and try
to share this with her
colleague, Freddie Mac.
Notice what happens here.
Reena probably has
communicated with Freddy
on both personal
and company email.
And both of them showed up.
Reena is in a hurry.
So she clicks on
the Gmail address.
It just shows Freddie Mac now.
So she will try to send this.
And what happens is DLP detects
that that is going outside
of the domain, tells Reena
that this cannot go outside
of the domain.
So I'm blocking this.
And once you click
OK, it actually
allows you to go back
to the same screen,
and make the changes
that you would need.
So how does this magic work?
As you can see,
for Reena's flow,
this hasn't
impacted, in any way,
the way she would need to work.
She can still reach out to
her colleagues, get work done.
But on the admin side,
this is done very
simply by setting up rules.
So these are the rules that
are currently in the system.
So I'm now in the admin view.
And the rules that are
currently in the system
cover different types of data,
including the credit card
numbers data, which is
the rule that actually
caught that specific file.
I'm going to go through the
process of setting up a rule
just for you to see
how that would work.
So let's say you need
to set up a new rule.
There are multiple templates
here that you can use to start.
I'm going to start
from a blank template.
But you don't need to
if you know already what
you're looking for, and this
fits one of the preexisting
templates.
And to create a
rule, you basically
need to look at three things.
Number one, what
type of data should
trigger this specific rule?
In this case, it's Google Drive.
You would look at conditions.
And Reena mentioned
some of this before.
Users will define the scope of
those conditions of the rule,
whether it's the entire company,
whether it's specific OUs,
or even specific groups.
Once you set that up, you
can define the content.
And in the content, you may
select predefined templates--
those are the templates that
Reena was talking about.
Even my home country,
Brazil, is covered here.
I'm going to select social
security just for the demo.
You can also select
custom word lists
that you can build yourself,
or regular expressions.
And based on that selection,
you can also select,
as Reena mentioned,
confidence level,
so you don't get more
false positives than you're
willing to deal with.
Once you've done that, the next
step is defining the actions.
So once the trigger
happens, what actions
do I want to be taken?
You can do one or
both of these options.
One is notify the super admins
that this trigger happened,
and/or either block
external access simply,
or simply warn external
access or external sharing.
In this case, you may
have cases where you say,
be careful when you're
sharing financial statements,
because they may
not be public yet.
But do not share any social
security numbers or credit
cards, for instance.
And that's it.
It's that simple.
So in order that you
implement DLP in your domain,
you would basically need
to set up these rules.
And your users will have no
disruption in the regular flow,
and still be able to have
the data protected by DLP.
And that's it.
Back to you, Reena.
REENA NADKARNI: Next,
we continue our journey
to put you in better
control of your information.
The Gmail logs in BigQuery,
what we're doing here
is allowing you to export all of
your Gmail logs into BigQuery.
As good as we have
our reporting, we
have customers telling us, hey,
can I do my own custom queries?
So this will allow
you to do that.
This allows you to
retain your data
for longer periods
of time, as well as,
you can use a data
visualization tool
like Data Studio from Google.
Or you could use third-party
tools, like Tableau or Splunk,
that you're already using
within your environment.
Staying with Gmail, S/MIME
my encryption for Gmail--
as you know, S/MIME is
an industry standard way
of encrypting email.
What's special here is that
we are allowing our customers
to bring their own certificates
to be able to do encryption
using their own certificates.
We're also providing
an admin API
to be able to do this at
scale for large companies.
We've talked a lot
about the new features
that are coming up with Gmail.
However, I want to
point out that there
have been many features
of Gmail security
that have been existing
in place for a long time
that people don't
realize we already have.
One example that
is not listed here,
but the TLS warning
that we recently
added, the Transport Layer
Security Warning, that
just gave an indication
if a domain did not
encrypt their email.
And that fundamentally changed
how many domains out there
were doing TLS.
The next one here is to prevent
outgoing spam with DMARC.
This allowed people to
control someone else
from going out there and
sending unauthenticated emails
on your behalf.
And then finally, we also have
really solid spam and abuse
policies in place where Gmail
is doing the work for you.
Along with all of
these features,
we also have security workshops
that we run for our customers.
So about three months
after the product G Suite
gets deployed in
your environment,
either someone from Google
or someone from a partner
can come and run a
security workshop for you.
And they can come and verify
all of your security settings
to make sure that you are
appropriately protected.
Deep scanning of
Gmail attachments,
this is one of my favorite
upcoming features.
Its already available in trusted
tester for our customers.
The time between a first
malicious email entering
into your organization,
to the first user opening
this attachment, and
then spreading malware
into your entire
organization, is very little.
So what you want to do as an
IT administrator is ideally
get ahead of that process.
So with the pre-delivery
scanning of email attachments,
what we're able to do is we're
able to open these attachments
in a secure sandbox
environment, run
them to make sure that there
are no malicious scripts
or bad acting going on in
each of these attachments.
So this is something
to watch out for.
And it's already available
in trusted tester.
Switching gears a little
bit to a different product
in our portfolio is Google+.
As you know, Google+ is a
relatively new addition.
I think in Q3 of last year we
added Google+ to our commercial
suite.
A lot of large customers
are using this product
to make cultural change happen
within their organization.
I'll give you some examples.
Rolling out large initiatives
from their executives--
for some reason there are
always those three-pronged
initiatives, right?
So to be able to roll
out these initiatives
in your organization
across multiple geos,
our customers are using Google+.
They're also using Google+
to do bottoms-up ideation.
We have a large
retail customer where
they have store employees
who have really good ideas
to be able to improve
the overall company.
And until now,
they were just not
able to get that voice heard.
So they are using these dynamic
Communities across the company
to bring out these ideas.
So I'm happy to share that
we have several new admin
features that are now
coming up for this product.
I'll give you some examples.
The first one is the
domain-level adoption
engagement metrics.
What we often hear from admins
is that, hey, this product
is great.
It's being used quite
a bit in our company.
But I have no way
to show the impact.
So now we can show
them how many people
engaged with certain posts,
who plussed one certain posts,
and such.
Second, we have
the audit log API.
What this does, we
have one customer--
I'll give you an example.
We have one customer,
which is a large bank.
And they have a small group
of users, they're brokers.
These brokers are required
to be highly monitored.
And so what they're
doing here is that they
have brought in a partner.
That partner is building
a compliance solution
on top of our audit log APIs.
Finally, the
number-one requested
feature in this product is
the walled garden feature.
This allows the
admin to stop people
from externally sharing
content within their domain
from outside their domain,
and stopping IP leakage.
So that full-domain sharing
and such restrictions
is what we internally
called as walled garden.
And that's coming soon, as well.
So we talked a lot about
these solid protections
that we're putting in place
for our first-party products,
like email, for
Drive, and others.
But what about
third-party applications?
We have a new feature in place,
third-party apps white listing.
And this is also already
available in trusted tester.
What this does is that it
allows you to figure out
which applications are getting
access to which OAuth scopes.
And then the admin
can only offer
a set of trusted
applications the ability
to get to company data.
A good example of this would
be the Concur Travel app.
You trust it.
It can have access to all of
your drive data, for example.
But there are many apps
that are bad actors.
And they overreach, in
terms of the OAuth scopes
that they ask for.
Recently, there was
a customer where
there was a very
innocent, innocuous
looking clock application.
And many of their users
installed this clock
application.
And it got access to a
lot of the company data.
If someone, some app like
this, a malicious app,
got access to all of
your users' files,
just imagine the kind
of damage it could do.
So I'm going to
call Ivon on stage
to show us a demo of
third-party apps white listing.
IVON PASSOS: Thank you, Reena.
All right, so here
we see, again,
Reena, who is trying
to be all she can be,
looking for apps to
increase her productivity.
And there are two specific
apps that she found.
One is DocHub, which allows
you to edit, sign PDFs
online integrated with G Suite.
The other one is
Smartsheet, which
allows you to turn your
sheets in your system
into a project
management environment.
So Reena said, OK, great.
I'm going to try
to use these tools.
And as she tried to log
in, Smartsheet worked.
And now she try to
log in to DocHub.
She got this message,
policy enforced.
And she has no
idea what that is.
So she gets in touch
with the admin.
And the admin actually
knows what's going on.
What the admin did first
is, because of those threats
that Reena mentioned in the
[INAUDIBLE] not the employee,
they had blocked any access
from any third-party app
to the G Suite API.
And basically,
what we are looking
at here is you have granular
controls where you can say,
for these specific apps,
I want to block everyone.
For these other ones, I
want to leave it open.
In this case, we had
blocked Drive and Contacts,
left Gmail and Calendar open.
And that basically says
that any third party
app who try to access the
G Suite API will fail.
You can also allow
your own domain apps
to be automatically trusted.
However, you'll notice
that one app worked.
The other one didn't.
Why?
As Reena mentioned with the
third-party app white listing,
you are actually able
to individually list
the apps that you trust.
In this case,
Smartsheets is listed.
And everybody else gets blocked.
In this case, that's
why DocHub was blocked.
Now DocHub is actually a
G Suite marketplace app.
So as an admin, I
can make the decision
to say, well, I know
we can trust this app.
This is not an app
coming from nowhere.
It's been certified by Google.
I can just go here.
DocHub is right there.
I can add it to the white list.
And it's that easy
for you to increase
the number of apps that are
supported that you trust,
so that you reach a
balance between protecting
your domain and your data
and enabling your employees'
productivity.
So that's basically
it, that's simple.
Thanks, Reena.
REENA NADKARNI: So
next, we're going
to talk about Vault. Vault is
our eDiscovery product that
comes as part of--
wait a minute.
Ivon is the actual product
manager for Vault. Ivon,
you want to come up here and
tell us about your product?
He's been using me as a bad
actor in all of his demos.
So I'm going to put
him on the spot.
Come on up here, Ivon, and
talk about your product.
IVON PASSOS: Thank
you very much, Reena.
I'll see what I can do.
All right-- and by the
way, Reena is my manager.
So I better do a good job here.
So Google Vault is the
eDiscovery and compliance
solution for G Suite.
How does Vault do that?
So Vault basically provides
you two specific areas
of functionality to allow
you to have legal compliance
and prevent data loss.
Number one, through
its retention policies,
Vault allows you to
control the specific data
that you should keep in your
environment, and the data
that you don't want to keep.
And that allows
you to be compliant
with your requirements, as well
as minimize your data liability
risk.
If you leave data that's too
old, when you get to the time
where you need to
produce data, that data
may not be required to be there.
But it may actually
create trouble for you.
And yes, too much data, in
some cases, is a problem.
Once you've done that
in your environment,
and you've set those
automatic policies
to keep your environment
always compliant,
Vault also provides you
with eDiscovery tools
that allow you support
both legal and compliance
requirements, whether
they are certainly
investigations, or specific
legal cases and lawsuits.
You can search and
produce data, and get
that in a format
that can be used
for sharing within
external counsel
or with your internal teams,
as well as moving that
into a specific eDiscovery
tool that follows up
with the process.
So here are some details
on how this works.
With retention
policies, you basically
can answer a few questions.
First question is, what
app do you want to cover?
And one thing that we would
like to mention, which
was announced this
morning, is that now we
have full support for Gmail--
which we had-- and we've added
new full support for Drive,
including Team Drives,
as well as Google Groups.
So basically, you
can make a selection
of the app you need cover.
The next step is to
define the scope.
Notice, there is a
similarity with other things
we do, like DLP, where you
go with specific criteria
that you're going to use.
So here you can do
organizational unit,
entire domain.
You can also do specific
entities like Team Drives.
The next step is duration.
Do I want this policy to be
applicable indefinitely, just
keep all the data, or set it
to a specific number of days?
And last but not
least, what should
I do once that policy expire?
Should I get rid
of any data that
matches it, regardless of
whether the user has deleted it
or not?
That's a very aggressive policy.
Or should I only get rid of
data that the user has already
deleted?
Again, a lot of flexibility,
whether it's choosing a simple
UI.
And you can have
multiple policies
that, together, will
match your compliance
needs for your company.
Once that's set, you would
get Google-powered search
to get the data that you
need for a specific project.
And once you get to the
level of data that you want--
you've culled the data,
narrowed it down to your search
requirements--
you can export that easily,
so that you can share that
with whoever needs it.
And that's it.
This is Google Vault, quick
and easy legal discovery
and compliance.
How did I do?
REENA NADKARNI: [LAUGHING]
What do you guys think?
[APPLAUSE]
IVON PASSOS: Thank you.
REENA NADKARNI: You know,
that was great, Ivon.
But to me, it seems like he's
been practicing in his sleep.
Thank you, Ivon.
He's the actual product
manager responsible
for the announcements
that Prabhakar
made this morning
on Vault. Let's
talk about Mobile Management.
Mobile Management,
why is this important?
There's two fundamental things
going on in Mobile Management.
We have employees who expect
to be productive on the go
wherever they are.
And they don't want
security to get in the way.
And then you have the
admins, whose goal
is to keep the
company's data secure.
And they really, their
whole exposure to risk
went up multiple times,
because each employee
now has multiple devices.
The other problem we have
is that these admins are now
managing a fundamentally
different workforce.
People don't stay in the
same job for 20 years.
We have millennials moving
jobs every few years.
And then when they
do that, you got
to revoke the access they
have on their devices,
or take that
company-owned device
and redeploy it
to somebody else.
We have people trying to
jailbreak their iPhones.
We have people trying to
side load applications
that they're not authorized
to on their company devices.
We need to be able
to give admins
the tools to be able to
control this if they need to.
What many customers
don't realize
is that, as part
of the G Suite, we
have a comprehensive mobile
device management solution.
I'm going to walk you through
a quick set of features
that come with this solution.
So first, right from
our one console,
you're able to manage
both the company owned,
as well as bring
your own devices.
You're able to curate and
deploy third-party applications.
You can look at some
reporting that I'm
going to show you
here pretty quickly,
as well as take some actions
using our mobile device
management solution.
So here is an example of a
very simple one click set up.
You click on Manage Now.
And it tells you
it's going to allow
you to do screen
lock account wipe,
as well as inventory management.
You click on Manage Now.
And there.
Now mobile device management
is set up as complete.
And you are able to set this up
for your entire mobile fleet.
Next, bulk enrollment
of company devices--
here's what happens.
Let's say you're an IT
admin managing a fleet
of about 20,000 employees.
And now your CEO just
complicated your life
by acquiring another company
with 3,000 new users.
Now you bought these
new devices to be
able to get these
users to be productive.
What do you do?
We provide a way for you to just
take all of these device IDs,
put them in a CSV
file, and upload them.
And our system can ingest them.
And with that simple
thing, you can
get all of these devices
managed pretty quickly.
That's MDM at scale.
You also may have some
homegrown custom applications,
or you may want to deploy
some pre-approved third-party
applications.
We allow you to do that
using our work store.
You're also able to monitor
and audit these devices.
You can report on the type of
users, the type of devices, iOS
and Android versions, and such.
What we've also found is
that, in many large customers,
there's not just one admin.
There's teams of admins.
Some of these admins
have delegated
admin authority managing
just Gmail or just mobile.
So we want to be able
to enable that scenario.
And you can have a
comprehensive audit
log of what admin actions were
taken by each of these admins.
Next, we also have
a risk when there
is inactive devices with the
credentials of your company's
data sitting on these
inactive devices.
So what we're
enabling you to do is
to be able to track
these inactive devices.
And you can revoke
credentials if you
don't want them to be there.
So once you have done this
monitoring and auditing,
you can also take some
very quick actions.
You can, for example, revoke
the Google OAuth Token.
Or you can also remove the
Google Account all together.
At Google, especially
in our team,
because we are focused on
large customers and admins,
we like to remind people
that admins are people too.
So as an admin, you may
possibly be somewhere,
like at your child's birthday
party, and you get an alert.
So we enable you to
take these actions even
on the go using our Google
Mobile Admin application.
We also allow you to
create custom workflows
for these devices
using our admin APIs.
So for example, we have
our mobile cloud APIs.
We have mobile audit
APIs that you can use.
And it's also a way
for our partners
to build and extend
our platforms
using these mobile APIs.
As customers are discovering
these features and capabilities
of the Google mobile device
management, what they're
realizing is that
they are paying
extra for a niche product
that they don't need to.
Because all they were using is
those 37 active sync policies
anyway.
So we've seen a
very large uptick
in the adoption of our mobile
device management solution
over the last few quarters.
So ultimately, in the cloud,
security is about trust.
And as you saw this
morning in the keynote,
you had Phil Garland from
PWC come and talk to you
about how they use
G Suite at scale.
These trust, security,
and compliance features
have had many large
customers experience
the power of Google innovation
and machine learning
by going Google.
Here's a quote from
Mike, who is the CIO
of Whirlpool Corporation.
So let's think about this.
We encrypt your data at rest.
We encrypt your data in transit.
You can use security keys
to secure your accounts.
In addition to that, our data
centers, our applications,
and our processes are audited
and independently verified
by third parties.
And so we have these
certifications,
like FedRAMP, ISO
27001, and others.
One question that
I keep getting--
and I almost want to
make a sign that says,
I can't believe I have to
still keep saying this.
So I'm going to say it.
But what about ads?
People ask me, Google is
an advertising company,
are you going to show me ads?
So let's be clear.
In our consumer
products, we have ads.
And that enables us to offer
these products to our consumers
for free.
The enterprise business, the
ads and our enterprise systems,
they don't touch each other.
We commit to no ads using
our contractual DPA, the Data
Protection Addendum.
So let's recap.
We went through a
lot of things today.
So let's recap about what
the things we talked about.
Phishing, we showed
you security keys.
And by the way, we're
going to give away
security keys to each of you
at the end of the session.
So please, as you are exiting--
I see some cheers, awesome.
As you're exiting, please make
sure that you pick one up.
And then second, we talked about
Mobile Management, easy set up,
being able to do
bulk enrollment,
as well as password lock, remote
wipe, monitoring and auditing,
and quickly taking some actions.
And we also talked
quite a bit about what
we're doing to protect
you against data breaches.
This included data loss
prevention for Gmail and Drive.
We talked about how you can
do advanced logs analysis
in Gmail.
We also talked about S/MIME
encryption, walled garden,
and other audit
APIs for Google+.
We're protecting you from
third-party apps data breaches
with our third-party apps
white listing feature,
and giving you control
back, as an admin.
We have Vault for
Drive and Groups.
And finally, we talked about
all of our certifications.
I hope that gives you
a sense of comfort
and a comprehensive picture
of all the solid protections
that G Suite brings to you
to secure your enterprise
data in the cloud.
With that, I'd like to end
with a note of gratitude.
If you are our customer,
thank you for being here.
And thank you for being with us.
If you are a prospect
or a partner,
we look forward to working
with you more in the future.
Thanks a lot.
[APPLAUSE]
And that is our disclaimer
that my legal team made me put.
So in case we're going to
pick up a security key,
please make sure
that you read this.
It talks about, if you're
traveling out of the country,
they may ask you to pay a tax.
It's this small, so we'll see.
[MUSIC PLAYING]
