Understanding Data Movement to Avert Proliferation Risks

In today’s fast-evolving cybersecurity landscape, organizations must not only deploy sophisticated security tools but also empower users to self-protect. Operationalizing this data security requires a proactive approach that integrates automation, streamlined processes, and user education. A recent discussion with Sapir Gottdiner, Cyber Security Architect at Global-e, highlighted key strategies to enhance data security by addressing alert management, sensitive data exposure, and user-driven security measures.

As a provider of end-to-end e-commerce solutions that combine localization capabilities, business intelligence, and logistics for streamlined international expansion, Global-e makes cross-border sales as simple as domestic ones. The chosen partner of leading brands and retailers across the USA, Europe and Asia, Global-e sets the standard of global e-commerce. This requires a strong commitment to security and compliance, and Global-e must comply with a number of strict regulations.

‍

Automating Security Tasks for Efficiency

“One of the primary challenges faced by any security team is keeping pace with the volume of security alerts and the effort required to address them”, said Sapir. Automating human resource-constrained tasks is crucial for efficiency. For example, sensitive data should only exist in certain controlled environments, as improper data handling can lead to vulnerabilities. By leveraging DSPM which acts as a validation tool, organizations can automate the detection of sensitive information stored in incorrect locations and initiate remediation processes without human intervention.

‍

Strengthening Sensitive Data Protection

A concern identified in the discussion was data accessible to unauthorized personnel in Microsoft OneDrive, that may contain sensitive information. To mitigate this, organizations should automate the creation of support tickets (in Jira, for instance) for security incidents, ensuring critical and high-risk alerts are addressed immediately. Assigning these incidents to the relevant departments and data owners ensures accountability and prompt resolution. Additionally, identifying the type and location of sensitive data enables organizations to implement precise fixes, reducing exposure risks.

Risk Management and Process Improvement

Permissioning is equally important and organizations must establish clear procedures and policies for managing authentication credentials. Different actions for different levels of risk to ensure no business interruption is applicable in most cases. This can vary from easy, quick access revocation for low-risk cases while requiring manual verification for critical credentials. Furthermore, proper data storage is an important protection factor, given sovereignty regulations, data proliferation, etc. Implementing well-defined data mapping strategies and systematically applying proper hygiene and ensuring correct locations will minimize security gaps. For the future, Sapir envisions smart data mapping within O365 and deeper integrations with automated remediation workflow tools to further enhance security posture.

Continuous Review and Training

Sapir also suggests that to ensure compliance and effective security management, organizations should conduct monthly security reviews. These reviews help define when to close or suppress alerts, preventing unnecessary effort on minor issues. Additionally, policies should align with infrastructure security and regulatory compliance requirements such as GDPR, PCI and SOC2. Expanding security training programs is another essential step, equipping users with the knowledge on proper storage and handling of controlled data and how to avoid common security missteps. Empowering users to self-police/self-remediate allows lean security teams to scale data protection operations more efficiently.

Enhancing Communication and Future Improvements

Streamlined communication between security platforms, such as Jira and Microsoft Teams, can significantly improve incident resolution. Automating alert closures based on predefined criteria will reduce the workload on security teams. Addressing existing bugs, such as shadow IT detection issues, will further refine security processes. By fostering a culture of proactive security and leveraging automation, organizations can empower users to self-protect, ensuring a robust defense against evolving cyber threats.

‍

Operationalizing data security is an ongoing effort that blends automation, user education, and process refinement. By taking a strategic user-enablement approach, organizations can create a security-aware culture while minimizing risks and optimizing their security response. Since implementing Sentra’s DSPM solution, Global-e has seen significant improvement in the strength of its data security posture. The company is now able to protect its cloud data more effectively, saving its security, IT, DevOps and engineering teams time, and ensuring it remains compliant with regulatory requirements. Empowering users and data owners to take responsibility for their data security, and providing the right tools to do so easily, is a game changer to the organization.

We know that Google Workspace (formerly known as G Suite) and its assortment of services, including Gmail, Drive, Calendar, Meet, Docs, Sheets, Slides, Chat, and Vids, is a powerhouse for collaboration.

‍

But the big question is: Do you know where your Google Workspace data is—and if it’s secure and who has access to it?

‍

While Google Workspace has become an indispensable pillar in cloud operations and collaboration, its widespread adoption introduces significant security risks that businesses simply can't afford to ignore. To optimize Google Workspace data protection, enterprises must know how Google Workspace protects and classifies data. Knowing the scope, gaps, limitations, and silos of Google Workspace data protection mechanisms can help businesses strategize more effectively to mitigate data risks and ensure more holistic data security coverage across multi-cloud estates.

The Risks of Google Workspace Security

As with any dynamic cloud platform, Google Workspace is susceptible to data security risks, the most dangerous of which can do more than just undercut its benefits. Primarily, businesses should be concerned about the exposure of sensitive data nested within large volumes of unstructured data. For instance, if an employee shares a Google Drive folder or document containing sensitive data but with suboptimal access controls, it could snowball into a large-scale data security disaster. 

‍

Without comprehensive visibility into sensitive data exposures across Google Workspace applications, businesses risk serious security threats. Besides sensitive data exposure, these include exploitable vulnerabilities, external attacks, human error, and shadow data. Complex shared responsibility models and unmet compliance policies also loom large, threatening the security of your data. 

‍

To tackle these risks, businesses must prioritize and optimize data security across Google Workspace products while acknowledging that Google is rarely the sole platform an enterprise uses.

How Does Google Store Your Data?

To understand how to protect sensitive data in Google Workspace, it's essential to first examine how Google stores and manages this data. Why? Because the intricacies of data storage architectures and practices have significant implications for your security posture. 

‍

Here are three-steps to help you understand and optimize your data storage in Google Workspace:

‍

1. Know Where and How Google Stores Your Data

• Google stores your files in customized servers in secure data centers.
• Your data is automatically distributed across multiple regions, guaranteeing redundancy and availability.

2. Control Data Retention

• Google retains your Workspace data until you or an admin deletes it.
• Use Google Vault to manage retention policies and set custom retention rules for emails and files.
• Regularly review and clean up unnecessary stored data to reduce security risks.

3. Secure Your Stored Data

• Enable encryption for sensitive files in Google Drive.
• Restrict who can view, edit, and share stored documents by implementing access controls.
• Monitor data access logs to detect unauthorized access.

How Does Google Workspace Classify Your Data?

Google’s built-in classification tools are an acceptable starting point. However, they fall short of securing and classifying all unstructured data across complex cloud environments. This is because today's cloud attack surface expands across multiple providers, making security more complex than ever before. Consequently, Google's myopic classification often snowballs into bigger security problems, as data moves. Because of this evolving attack surface across multi-cloud environments, risk-ridden shadow data and unstructured data fester in Google Workspace apps. 

The Issue of Unstructured Data

It’s important to remember that most enterprise data is unstructured. Unstructured data refers to data that isn’t stored in standardized or easily manageable formats. In Google Workspace, this could be data in a Gmail draft, multimedia files in Google Drive, or other informal exchanges of sensitive information between Workspace apps. 

‍

For years, unstructured data has been a nightmare for businesses to map, manage, and secure. Unstructured document stores and employee GDrives are hot zones for data risks. Native Google Drive data classification capabilities can be a useful source of metadata to support a more comprehensive external data classification solution. A cloud-native DSP solution can map, classify, and organize sensitive data, including PHI, PCI, and business secrets, across both Google Workspace and cloud platforms that Google's built-in capabilities do not cover, like AWS and S3.

How Does Google Workspace Protect Your Data?

Like its built-in classification mechanisms, Google's baseline security features, such as encryption and access controls, are good for simple use cases but aren't capable enough to fully protect complex environments. 

‍

For both the classification and security of unstructured data, Google’s native tools may not suffice. A robust data loss prevention (DLP) solution should ideally do the trick for unstructured data. However, Google Workspace DLP alone and other protection measures (formerly referred to as G Suite data protection) are unlikely to provide holistic data security, especially in dynamic cloud environments.

Google Native Tool Challenges

Google’s basic protection measures don't tackle the full spectrum of critical Google Workspace data risks because they can't permeate unstructured documents, where sensitive data may reside in various protected states.

‍

For example, an employee's personal Google Drive can potentially house exposed and exploitable sensitive data that can slip through Google's built-in security mechanisms. It’s also important to remember that Google Workspace data loss prevention capabilities do nothing to protect critical enterprise data hosted in other cloud platforms. 

‍

Ultimately, while Google provides some security controls, they alone don’t offer the level of protection that today’s complex cloud environments demand. To close these gaps, businesses must look to complement Google’s built-in capabilities and invest in robust data security solutions.

‍

Only a highly integrable data security tool with advanced AI and ML capabilities can protect unstructured data across Google Workspace’s diverse suite of apps, and further, across the entire enterprise data estate. This has become mandatory since multi-cloud architectures are the norm today.

A Robust Data Security Platform: The Key to Holistic Google Workspace Data Protection 

The speed, complexity, and rapid evolution of multi-cloud and hybrid cloud environments demand more advanced data security capabilities than Google Workspace’s native storage, classification, and protection features provide. 

It is becoming increasingly difficult to mitigate the risks associated with sensitive data.

‍

To successfully remediate these risks, businesses urgently need robust data security posture management (DSPM) and data detection and response (DDR) solutions - preferably all in one platform. There's simply no other way to guarantee comprehensive data protection across Google Workspace. Furthermore, as mentioned earlier, most businesses don't exclusively use Google platforms. They often mix and match services from cloud providers like Google, Azure, and AWS.

‍

In other words, besides limited data classification and protection, Google's built-in capabilities won't be able to extend into other branches of an enterprise's multi-cloud architecture. And having siloed data security tools for each of these cloud platforms increases costs and further complicates administration that can lead to critical coverage gaps. That's why the optimal solution is a holistic platform that can fill the gaps in Google's existing capabilities to provide unified data classification, security, and coverage across all other cloud platforms.

Sentra: The Ultimate Cloud-Agnostic Data Protection and Classification Solution 

To truly secure sensitive data across Google Workspace and beyond, enterprises need a cloud-native data security platform. That’s where Sentra comes in. It hands you enterprise-scale data protection by seamlessly integrating powerful capabilities like data discovery and classification, data security posture management (DSPM), data access governance (DAG), and data detection and response (DDR) into an all-in-one, easy-to-use platform.

‍

By combining rule-based and large language model (LLM)-based classification, Sentra ensures accurate and scalable data security across Workspace apps like Google Drive—as well as data contained in apps from other cloud providers. This is crucial for any enterprise that hosts its data across disparate cloud platforms, not just Workspace. To classify unstructured data across these platforms, Sentra leverages supervised AI training models like BERT. It also uses zero-shot classification techniques to zero in on and accurately classify unstructured data. 

‍

Sentra is particularly useful for anyone asking business-, industry-, or geography-specific data security questions such as “Does Google Workspace have HIPAA compliance frameworks?” and “Is my organization's use of Google Workspace GDPR-compliant?” The short answer to these questions: Integrate Sentra with your Google Workspace apps and you will see. 

Boost Your Google Workspace Data Protection with Sentra

By integrating Sentra with Google Workspace, companies can leverage AI-driven insights to distinguish employee data from customer data, ensuring a clearer understanding of their information landscape. Sentra also identifies customer-specific data types, such as personally identifiable information (PII), protected health information (PHI), product IDs, private codes, and localization requirements. Additionally, it detects toxic data combinations that may pose security risks.

‍

Beyond insights, Sentra provides robust data protection through comprehensive inventorying and classification of unstructured data. It helps organizations right-size permissions, expose shadow data, and implement real-time detection of sensitive data exposure, security breaches, and suspicious activity, ensuring a proactive approach to data security.

‍

No matter where your unstructured data resides, whether in Google Drive or any other cloud service, Sentra ensures it is accurately identified, classified, and protected with over 95% precision.

‍

If you’re ready to take control of your data security, book a demo to discover how Sentra’s AI-driven protection secures your most valuable information across Google Workspace and beyond.

Artificial intelligence (AI) is transforming industries, empowering companies to achieve greater efficiency, and maintain a competitive edge. But here’s the catch: although AI unlocks unprecedented opportunities, its rapid adoption also introduces complex challenges—especially for data security and privacy. 

How do you accelerate transformation without compromising the integrity of your data? How do you harness AI’s power without it becoming a threat?

‍

For security leaders, AI presents this very paradox. It is a powerful tool for mitigating risk through better detection of sensitive data, more accurate classification, and real-time response. However, it also introduces complex new risks, including expanded attack surfaces, sophisticated threat vectors, and compliance challenges.

‍

As AI becomes ubiquitous and enterprise data systems become increasingly distributed, organizations must navigate the complexities of the big-data AI era to scale AI adoption safely. 

‍

In this article, we explore the emerging challenges of using AI in data security and offer practical strategies to help organizations secure sensitive data.

The Emerging Challenges for Data Security with AI

AI-driven systems are driven by vast amounts of data, but this reliance introduces significant security risks—both from internal AI usage and external client-side AI applications. As organizations integrate AI deeper into their operations, security leaders must recognize and mitigate the growing vulnerabilities that come with it.

Below, we outline the four biggest AI security challenges that will shape how you protect data and how you can address them.

1. Expanded Attack Surfaces

AI’s dependence on massive datasets—often unstructured and spread across cloud environments—creates an expansive attack surface. This data sprawl increases exposure to adversarial threats, such as model inversion attacks, where bad actors can reverse-engineer AI models to extract sensitive attributes or even re-identify anonymized data.

‍

To put this in perspective, an AI system trained on healthcare data could inadvertently leak protected health information (PHI) if improperly secured. As adversaries refine their techniques, protecting AI models from data leakage must be a top priority.

‍

For a detailed analysis of this challenge, refer to NIST’s report, “Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations.”

2. Sophisticated and Evolving Threat Landscape

The same AI advancements that enable organizations to improve detection and response are also empowering threat actors. Attackers are leveraging AI to automate and enhance malicious campaigns, from highly targeted phishing attacks to AI-generated malware and deepfake fraud.

‍

According to StrongDM's “The State of AI in Cybersecurity Report,” 65% of security professionals believe their organizations are unprepared for AI-driven threats. This highlights a critical gap: while AI-powered defenses continue to improve, attackers are innovating just as fast—if not faster. Organizations must adopt AI-driven security tools and proactive defense strategies to keep pace with this rapidly evolving threat landscape.

3. Data Privacy and Compliance Risks

AI’s reliance on large datasets introduces compliance risks for organizations bound by regulations such as GDPR, CCPA, or HIPAA. Improper handling of sensitive data within AI models can lead to regulatory violations, fines, and reputational damage. One of the biggest challenges is AI’s opacity—in many cases, organizations lack full visibility into how AI systems process, store, and generate insights from data. This makes it difficult to prove compliance, implement effective governance, or ensure that AI applications don’t inadvertently expose personally identifiable information (PII). As regulatory scrutiny on AI increases, businesses must prioritize AI-specific security policies and governance frameworks to mitigate legal and compliance risks.

4. Risk of Unintentional Data Exposure

Even without malicious intent, generative AI models can unintentionally leak sensitive or proprietary data. For instance, employees using AI tools may unknowingly input confidential information into public models, which could then become part of the model’s training data and later be disclosed through the model’s outputs. Generative AI models—especially large language models (LLMs)—are particularly susceptible to data extrapolation attacks, where adversaries manipulate prompts to extract hidden information.

‍

Techniques like “divergence attacks” on ChatGPT can expose training data, including sensitive enterprise knowledge or personally identifiable information. The risks are real, and the pace of AI adoption makes data security awareness across the organization more critical than ever.

‍

For further insights, explore our analysis of “Emerging Data Security Challenges in the LLM Era.”

‍

Top 5 Strategies for Securing Your Data with AI

To integrate AI responsibly into your security posture, companies today need a proactive approach is essential. Below we outline five key strategies to maximize AI’s benefits while mitigating the risks posed by evolving threats. When implemented holistically, these strategies will empower you to leverage AI’s full potential while keeping your data secure.

1. Data Minimization, Masking, and Encryption

The most effective way to reduce risk exposure is by minimizing sensitive data usage whenever possible. Avoid storing or processing sensitive data unless absolutely necessary. Instead, use techniques like synthetic data generation and anonymization to replace sensitive values during AI training and analysis.

‍

When sensitive data must be retained, data masking techniques—such as name substitution or data shuffling—help protect confidentiality while preserving data utility. However, if data must remain intact, end-to-end encryption is critical. Encrypt data both in transit and at rest, especially in cloud or third-party environments, to prevent unauthorized access.

2. Data Governance and Compliance with AI-SPM

Governance and compliance frameworks must evolve to account for AI-driven data processing. AI Security Posture Management (AI-SPM) tools help automate compliance monitoring and enforce governance policies across hybrid and cloud environments. 

‍

AI-SPM tools enable:

‍

• Automated data lineage mapping to track how sensitive data flows through AI systems.
• Proactive compliance monitoring to flag data access violations and regulatory risks before they become liabilities.

By integrating AI-SPM into your security program, you ensure that AI-powered workflows remain compliant, transparent, and properly governed throughout their lifecycle.

3. Secure Use of AI Cloud Tools

AI cloud tools accelerate AI adoption, but they also introduce unique security risks. Whether you’re developing custom models or leveraging pre-trained APIs, choosing trusted providers like Amazon Bedrock or Google’s Vertex AI ensures built-in security protections. 

‍

However, third-party security is not a substitute for internal controls. To safeguard sensitive workloads, your organization should:

‍

• Implement strict encryption policies for all AI cloud interactions.
• Enforce data isolation to prevent unauthorized access.
• Regularly review vendor agreements and security guarantees to ensure compliance with internal policies.

Cloud AI tools can enhance your security posture, but always review the guarantees of your AI providers (e.g., OpenAI's security and privacy page) and regularly review vendor agreements to ensure alignment with your company’s security policies.

4. Risk Assessments and Red Team Testing

While offline assessments provide an initial security check, AI models behave differently in live environments—introducing unpredictable risks. Continuous risk assessments are critical for detecting vulnerabilities, including adversarial threats and data leakage risks.

‍

Additionally, red team exercises simulate real-world AI attacks before threat actors can exploit weaknesses. A proactive testing cycle ensures AI models remain resilient against emerging threats.

‍

To maintain AI security over time, adopt a continuous feedback loop—incorporating lessons learned from each assessment to strengthen your AI systems

5. Organization-Wide AI Usage Guidelines

AI security isn’t just a technical challenge—it’s an organizational imperative. To democratize AI security, companies must embed AI risk awareness across all teams.

‍

• Establish clear AI usage policies based on zero trust and least privilege principles.
• Define strict guidelines for data sharing with AI platforms to prevent shadow AI risks.
• Integrate AI security into broader cybersecurity training to educate employees on emerging AI threats.

By fostering a security-first culture, organizations can mitigate AI risks at scale and ensure that security teams, developers, and business leaders align on responsible AI practices.

Key Takeaways: Moving Towards Proactive AI Security 

AI is transforming how we manage and protect data, but it also introduces new risks that demand ongoing vigilance. By taking a proactive, security-first approach, you can stay ahead of AI-driven threats and build a resilient, future-ready AI security framework.

‍

AI integration is no longer optional for modern enterprises—it is both inevitable and transformative. While AI offers immense potential, particularly in security applications, it also introduces significant risks, especially around data security. Organizations that fail to address these challenges proactively risk increased exposure to evolving threats, compliance failures, and operational disruptions.

‍

By implementing strategies such as data minimization, strong governance, and secure AI adoption, organizations can mitigate these risks while leveraging AI’s full potential. A proactive security approach ensures that AI enhances—not compromises—your overall cybersecurity posture. As AI-driven threats evolve, investing in comprehensive, AI-aware security measures is not just a best practice but a competitive necessity. Sentra’s Data Security Platform provides the necessary visibility and control, integrating advanced AI security capabilities to protect sensitive data across distributed environments.

‍

To learn how Sentra can strengthen your organization’s AI security posture with continuous discovery, automated classification, threat monitoring, and real-time remediation, request a demo today.