content detectors, including detection of global and regional identifiers, medical information, and
credentials. Customers can also define their own custom detectors to meet their needs. For
attachments and image-based documents, DLP uses Google’s leading optical character recognition to
increase detection coverage and quality. Learn more here about Gmail DLP. DLP can also be used to
prevent users from sharing sensitive content in Google Drive or shared drive with people outside of your
organization.
Enterprises storing data in the Cloud seek visibility into data access and account activity. Google
Workspace audit logs help security teams maintain audit trails in Google Workspace and view detailed
information about Admin activity, data access, and system events. Google Workspace users can use
the Admin Console to access these logs and can customize and export logs as required.
Customers may wish to allow their users access to third-party apps or may even wish to develop their
own custom apps. Google Workspace has a robust developer ecosystem, with thousands of apps
available via Google Workspace Marketplace and directly to customers, and a rich API framework
enabling users to develop custom apps. However, not all third-party apps will conform to every
customer’s security policy. With app access control, enterprises can see which third-party apps users
have approved to access their Google Workspace data and can reduce this risk by limiting access to
trusted apps. We also help enterprises manage risk with app verification, which ensures that apps
accessing Gmail data meet security and privacy standards.
2.5 Data residency
Google’s globally distributed data centers reduce latency for multinational organizations and protect
their data with geo-redundancy. Some organizations, however, have requirements around where their
data is stored, and we’re committed to meeting their needs.
Data regions for Google Workspace provide control over the geographical location for storage of email
messages, documents, and other Google Workspace content. Customers can choose between the
United States, Europe, or global storage. Additionally, data regions offer the flexibility to choose one
data region for some of your users, or different data regions for specific departments or teams.
Additional information is available on the data regions support page.
2.6 Incident detection & response
With multiple security and privacy controls in place, organizations need a centralized location where
they can prevent, detect, and respond to threats.The Google Workspace security center provides
advanced security information and analytics, and added visibility and control into security issues
affecting your domain. It brings together security analytics, actionable insights and best practice
recommendations from Google to empower you to protect your organization, data and users.
As an administrator, you can use the security dashboard to see an overview of different security center
reports. The security health page provides visibility into your Admin console settings to help you better
understand and manage security risks. Furthermore, you can use the security investigation tool to
identify, triage, and take action on security and privacy issues in your domain. Administrators can
automate actions in the investigation tool by creating activity rules to detect and remediate such issues