Source: www.bleepingcomputer.com – Author: Bill Toulas
Google is rolling out a new Workspace feature that requires multiple admins to approve high-risk setting changes to prevent unauthorized or accidental modifications that could reduce security.
Google Workspace (formerly G Suite) is a comprehensive suite of cloud-based productivity and collaboration tools, integrating services such as Gmail, Google Drive, Google Docs, Sheets, Slides, Google Meet, and Google Calendar, offering a unified solution for businesses, educational institutions, and individuals.
In August, Google announced that they were introducing a new feature called multi-party approvals, which requires that an admin checks and approves sensitive actions initiated by another admin.
Google says it has designed the approval requests system to be as frictionless as possible and not overburdening to an admin’s daily task list while still preventing isolated decision-making.
“Multi-party approvals adds an extra layer of security for sensitive actions taken in the Admin console by ensuring no sensitive action happens in a silo and, most importantly, helps prevent unauthorized or accidental changes from being made,” reads Google’s announcement.
“This added layer of approval helps ensure actions are being taken appropriately and not too broadly or too often.”
“Additionally, this is more convenient for admins because the action is executed automatically after approval and the requester doesn’t need to take additional action.”
Actions requiring multi-party approvals include changing the following high-risk settings:
- 2-step verification
- Account recovery
- Advanced protection
- Google session control
- Login challenges
- Passwordless (beta)
This new feature prevents hackers who have hijacked a super admin account from performing actions that would compromise the entire Workspace without first having another Workspace admin sign off on the change.
This feature also aims to prevent harmful actions by legitimate admins that could lower the level of security for the Workspace and its users.
Approval requests are sent to super admins via email and can be viewed and approved right from the Admin console within 72 hours, or they expire.
Once an action is approved, it is executed automatically, and the requesting admin who initiated the action doesn’t have to take any additional action.
The roll-out of multi-party approvals started yesterday, and the feature will gradually become available to all users in the next two weeks.
Eligibility applies to Workspace users with two or more super admin accounts, but the feature will be set to OFF by default. Users wishing to take advantage of multi-party approvals can activate it through the Security > Multi-party approval settings.
Original Post URL: https://www.bleepingcomputer.com/news/security/google-workspace-rolls-out-multi-admin-approval-feature-for-risky-changes/
Category & Tags: Security,Google – Security,Google
Views: 0