AI 협업 툴 ‘Gems 공유’ 기능은 부서 간의 장벽을 허물고 새로운 차원의 협업을 가능하게 합니다. 하지만 이러한 혁신은 기업의 민감한 데이터를 다루는 만큼, 철저한 보안 리스크 관리가 반드시 필요합니다.
Google Workspace의 강력한 보안을 기반으로 탄생한 Gems는 신뢰할 수 있는 AI 동반자입니다. 하지만 ‘개인 비서 AI’를 넘어 ‘팀 협업 AI’로 나아가는 지금, 우리는 새로운 보안 문제에 직면하게 되었습니다.
이 글에서는 Google Workspace 관리자 및 보안 담당자분들을 위해, AI 협업 환경에서 발생할 수 있는 주요 보안 리스크를 짚어보고, Netkiller ISMS를 통해 안전한 협업 환경을 구축하는 방법을 안내해 드립니다.
< Gems 공유 해제만으로는 첨부 지식 파일의 공개·접근 권한이 자동으로 회수되지 않습니다. >
1. Ai 협업 ‘Gems 공유’ 핵심 보안 리스크 총 정리
Gems 공유는 Google Drive 파일과 연결되어 팀 협업을 강화하는 만큼, 데이터의 외부 공유 및 접근 권한에 대한 세심한 검토가 필요합니다.
주요 보안 리스크:
의도치 않은 데이터 공개: Gems를 외부 사용자와 공유하면, 첨부된 파일의 링크가 ‘링크를 아는 모든 사용자에게 공유’로 변경되어 민감한 정보가 외부에 노출될 수 있습니다.
데이터 유출 및 통제 불가: 편집 권한을 가진 외부 사용자는 첨부 파일을 미리 보고, 캡처나 복사/붙여넣기를 통해 데이터를 유출할 수 있습니다.
사라지지 않는 접근 권한: 외부 사용자와의 협업이 종료된 후에도첨부 파일의 링크는 공개 상태로 유지될 수 있으며, 외부 사용자의 Gems에는 프롬프트 기록이 그대로 남아있을 수 있습니다.
감사의 사각지대 발생: 외부 사용자의 활동 기록은 해당 사용자의 도메인 Vault에만 기록되어, 통합적인 감사와 모니터링이 어렵습니다.
이러한 리스크는 AI 협업 환경을 안전하게 유지하기 위해 새로운 차원의 보안 통제 시스템이 필요함을 보여줍니다.
2. AI 협업 보안의 핵심 목표: 외부 공유 최소화 및 데이터 통제력 확보
기업의 민감한 데이터가 AI의 지식 기반으로 활용되는 만큼, 관리자와 보안 담당자는 다음 두 가지 목표를 최우선으로 삼아야 합니다.
Gems 사용 범위의 ‘내부’ 제한: Gems의 강력한 협업 기능은 유지하되, 기업 데이터가 외부로 유출되지 않도록 사용 범위를 내부로 제한해야 합니다.
‘지식 파일’에 대한 철저한 관리: Gems에 첨부된 파일은 일반 Drive 파일보다 더 높은 수준의 보안 관리가 필요합니다. 무분별한 링크 공개를 방지하고, 공유 해제 후에도 데이터가 외부에 남아있는 리스크를 관리해야 합니다.
3. Netkiller ISMS: AI 협업을 위한 가장 안전한 선택
Netkiller ISMS는 Google Workspace의 보안 기능을 한 단계 확장하여, Gems 공유 환경의 보안 목표를 완벽하게 달성합니다.
A. 외부 공유 승인 기능: 위험한 공유 경로 원천 차단
Gems 공유로 인한 ‘의도치 않은 링크 공개’ 리스크를 사전에 제거하고, 외부 공유의 만료일 자동 설정은 물론, 세부적인 접근 권한까지 강제합니다.
Gems 공유 리스크
Netkiller ISMS를 통한 해결책
보안 강화 효과
의도치 않은 링크 공개
외부 공유 승인 의무화: Gems 공유로 인한 파일의 자동 링크 공개를 사전에 검토하고 차단합니다.
링크 공개 위험 원천 차단
공유 만료일 통제력 상실
공유 만료일 자동 설정: 외부 공유 시 만료일을 지정하고, 만료 시 자동으로 공유를 해제합니다.
공유 해제 후 잔존 리스크 제거
데이터 접근 및 유출 통제 불가
강제적인 접근 권한 제한: 외부 공유 시 ‘재공유, 다운로드, 복사, 인쇄’ 등의 권한을 기본적으로 제한합니다.
2차 유출 경로 차단 및 통제력 강화
첨부 파일의 공개 상태 유지
자동 차단 및 만료일 알림: 공유 만료 시 외부 공유를 자동으로 차단하고, 만료 전 사전 알림을 보냅니다.
사후 관리 자동화
B. 풀스캔 및 감사 규칙: 지식 파일의 사각지대 제거 및 선제적 조치
정기적인 풀스캔과 사용자 지정 감사 규칙을 통해 보안 정책에 위반되는 파일을 탐지하고, 자동으로 공유자를 제거하거나 파일을 격리하여 데이터 유출을 사전에 방지합니다.
C. 무제한 로그 저장 및 감사 기능: AI 활동 기록의 투명성 확보
Google Workspace의 기본 감사 로그 보관 기간(6개월)을 넘어, Netkiller ISMS는 Drive 로그 데이터를 영구적으로 보관하여 Gems 공유와 관련된 모든 활동 내역을 추적하고 감사할 수 있도록 지원합니다.
4. 결론: 혁신과 보안, 두 마리 토끼를 모두 잡는 방법
Gems 공유 기능은 의심할 여지없이 강력한 AI 협업 도구입니다. 하지만 그 이면에는 데이터 유출이라는 잠재적 위험이 존재합니다.
Netkiller ISMS는 이러한 AI 협업 환경의 복잡한 리스크를 해결하는 GWS 보안 확장 솔루션입니다. Gems 공유의 혁신적인 이점을 마음껏 누리면서도, 복잡한 보안 리스크까지 완벽하게 관리할 수 있는 ‘가장 안전한 AI 활용 기반’을 제공합니다.
Netkiller ISMS와 함께 보안 걱정 없이 AI 시대를 선도하는 기업으로 도약하십시오.
Netkiller ISMS 4.2.3 Release Note
Date: April 2, 2025
Netkiller ISMS 4.2.3 Release Note Summary
Netkiller ISMS 4.2.3 includes the following key enhancements:
Integration of AI-based OCR optimized for secure environments
Improved stability for external sharing approvals
Enhanced policy detection and user experience
Various bug fixes and language corrections
This release introduces a new AI OCR feature powered by Google Vision API, developed to significantly improve sensitive information detection accuracy in secure environments. Rather than simply integrating the API, the OCR system has been deeply embedded into our security architecture to support document and image analysis. This capability was recognized by winning the 2025 Google AI Launchpad Solution Competition.
Sensitive data detection from images, scans, and PDFs is now more accurate and seamlessly linked to policy-based alerts, resulting in a much more precise and practical security experience across real-world environments.
Additional improvements include enhancements to external sharing approval verification, real-time policy detection alerts, responsive UI support, and email formatting corrections, all based on real user feedback.
Netkiller ISMS 4.2.3 is especially suitable for organizations that:
Process large volumes of documents and images containing personal or financial data
Require approval-based access control during external collaboration
Use security management tools across mobile, tablet, and various screen sizes
Need accurate and actionable alerts for policy violations and security events
1. Feature Improvements
Introduction of AI-Powered Netkiller OCR A newly enhanced OCR system combines Netkiller’s proprietary AI model, trained specifically for security environments, with the Google Vision API. This integration significantly improves the detection accuracy of sensitive information within images and documents. This innovation was recognized as the Grand Prize Winner of the 2025 Google AI Launchpad Solution Competition.
Enhanced Email Validation for External Sharing Requests Invalid or non-existent email addresses are now blocked during external sharing requests. An issue where a single invalid recipient caused the entire sharing process to fail has also been resolved.
Automatic Update of Approver Roles When synchronizing accounts in the admin console, the list of approvers now updates in real-time without requiring a manual page refresh.
Improved Real-Time Policy Alert Links The “View in Netkiller ISMS” button in alert emails now directly opens the detailed view of the relevant file for faster and more efficient review.
2. User Interface (UI) Improvements
Responsive UI for Mobile and Tablet A fully responsive layout has been applied to optimize usability across mobile, tablet, and various screen sizes, providing a consistent user experience.
Keyword Regex UI Enhancement In policy and full-scan views, button sizes now automatically adjust based on keyword length, improving readability and layout alignment.
Improved Search UX On the Drive Activity Log screen, pressing Enter with an empty search field now resets the filters, streamlining user navigation.
3. Bug Fixes
Regex Backslash () Error Fixed in Test type box An issue where regex patterns containing backslashes (\) were not correctly recognized in the regex test box following keyword input has been fixed. This improvement ensures accurate and stable pattern validation during testing.
Stability for Multi-Tab Sharing Approvals Simultaneous approvals or rejections from multiple browser tabs now properly reflect only the first confirmed action, preventing inconsistent states.
CSV Download Email Formatting Fix Emails sent after downloading Drive audit logs now display correct formatting and attachment structure.
Miscellaneous Typo Corrections Minor typos in the UI and documentation have been corrected to ensure language clarity and consistency.
Final Notes
Netkiller ISMS 4.2.3 represents a major update that combines advanced AI-driven security analysis with practical improvements for real-world operations. This version enhances both security and usability through more precise AI OCR detection, a more reliable external sharing approval workflow, and a fully responsive user interface.
Netkiller ISMS will continue evolving as a highly effective, technically advanced security platform.
Thank you
Netkiller has been named the Final Winner of Google’s 2025 AI Launchpad Contest. Our success was driven by the integration of cutting-edge AI technologies into our products.
Netkiller ISMS will continue to evolve by adopting the latest AI advancements to safeguard the security of our customers’ Google Drive environments.
최근 LA 지역을 강타한 대규모 화재로 인해 수많은 기업, 특히 한인 기업들이 막대한 피해를 입었습니다. 화재로 사업장과 설비가 소실되고, 무엇보다 데이터 손실로 인해 비즈니스 운영에 심각한 차질이 빚어지고 있습니다. 이는 기업의 존폐를 위협할 수 있는 중대한 문제입니다.
이에 Google Cloud Premier Partner이자 미주 최대 한인 경제 단체 중 하나인 KITA(남가주 지부) 회원사인 넷킬러는 LA 대화재 피해를 입은 한인 기업의 신속한 재해 복구와 비즈니스 정상화를 위해 “LA 대화재 피해 한인 기업을 위한 재해 복구 지원 센터”를 긴급 론칭합니다.
넷킬러는 작년부터 Google LA 오피스에서 한인 기업 대상 Google Cloud 행사를 다수 주최하는 등 한인 커뮤니티와 긴밀히 협력해 왔습니다. 이러한 경험을 바탕으로 이번 재해 복구 지원에 중추적인 역할을 수행할 것입니다. 또한, Google 본사 및 현지 팀들과도 긴밀히 협력하여 지원 활동을 펼쳐나갈 예정입니다.
본 지원 센터는 Google의 기술과 솔루션을 기반으로 다음과 같은 긴급 지원 프로그램을 제공합니다.
1. 긴급 데이터 백업 및 복구 지원 (Google Cloud Storage 및 Transfer Appliance 활용)
화재로 인해 데이터 손실 위기에 처한 기업들을 위해, 추가 자연 재해에도 데이터 안전성과 보안을 보장하는 Google Cloud로의 신속한 데이터 이전을 지원합니다.
이를 위해 대용량 데이터의 초고속 Google Cloud Storage 및 Google Drive 이전을 위해 Google과 협력합니다. 특히, 피해 기업들이 수 주를 기다릴 여유가 없다는 점을 감안하여, Google Transfer Appliance를 최우선 배정하고 항공 및 육로를 통해 긴급 배송할 계획입니다.
2. 기업용 유선 전화번호의 클라우드 이전 (Google Voice 활용)
화재로 유선 전화망이 소실된 기업의 고객 연락 두절 등 2차 피해를 방지하기 위해, 기존 유선 전화번호를 24시간내 Google Voice로 신속하게 이전(Porting)하여 비즈니스 연속성을 확보하도록 지원합니다.
넷킬러는 이미 LA 현지에 위치한 Google 각 팀에 긴급 협조를 요청하였으며, 피해 한인 기업들이 하루빨리 재기하고 비즈니스를 정상화할 수 있도록 최선을 다해 지원할 것입니다.
The recent devastating wildfires in Los Angeles have inflicted severe damage on numerous businesses, particularly Korean American-owned enterprises. Many have suffered the loss of their workplaces, equipment, and, critically, data, leading to significant disruptions in business operations. This data loss poses a serious threat to the survival of these businesses.
In response, Netkiller, a Google Cloud Premier Partner and a member of KITA (Korean International Trade Association, Southern California Chapter), one of the largest Korean economic organizations in the Americas, is urgently launching the “Disaster Recovery Support Center for Korean Businesses Affected by the LA Wildfires.” This center aims to provide rapid disaster recovery and business continuity support to Korean businesses impacted by the fires.
Netkiller has been actively collaborating with the Korean business community, including hosting multiple Google Cloud events for Korean businesses at the Google LA office since last year. Leveraging this experience, Netkiller will play a pivotal role in these disaster recovery support efforts. We are also working closely with Google headquarters and local teams to provide comprehensive support.
The Support Center will offer the following emergency support programs, powered by Google’s technology and solutions:
1. Emergency Data Backup and Recovery Support (Utilizing Google Cloud Storage and Transfer Appliance)
To assist businesses facing data loss due to the fires, we will facilitate rapid data migration to Google Cloud, ensuring data security and protection against further natural disasters. We will collaborate with Google to expedite the transfer of large volumes of data to Google Cloud Storage and Google Drive with high speed. Recognizing the urgency, we will prioritize the allocation of Google Transfer Appliances and arrange for their expedited delivery via air and ground transportation, as affected businesses cannot afford to wait weeks for delivery.
2. Business Telephone Number Cloud Migration (Utilizing Google Voice)
To prevent secondary damage such as loss of customer contact due to landline outages caused by the fire, we will help businesses quickly port their existing landline numbers to Google Voice within 24 hours, ensuring business continuity.
Netkiller has already requested urgent assistance from relevant Google teams located in LA and will do its utmost to support the swift recovery and business normalization of affected Korean businesses.
Netkiller ISMS 4.1 Release: Enhanced Security Features for Comprehensive Data Protections
We are pleased to announce the release of Netkiller ISMS version 4.1! This upgrade has added and enhanced various features to strengthen information security management and improve user convenience.
A key feature of Netkiller ISMS 4.1 is the option to scan the metadata of all files within the domain, shared drives, and files shared from external sources, including their sharing status, permissions, and link sharing status. This feature represents a significant improvement in speed, over 100 times faster than previous file content audits. It enables users to verify permissions for all files and ensure that access to sensitive information is granted only to authorized users.
Additionally, the design has been improved to provide progress details of full scans, and a feature to download large-scale full scan results has been added to enhance security monitoring.
To understand data sharing status and protect data containing sensitive information, predefined DLP information types (such as IP addresses, MAC addresses, Korean/American passport numbers, etc.), real-time display of external sharing and public status of drive files, and Netkiller ISMS DLP’s GWS log triggers have been introduced.
The Netkiller ISMS 4.1 version includes various enhancements, such as improved drive log and data retrieval speeds, better OCR recognition and processing, and an improved responsive UI for tablets and mobile devices.
New Features
High-speed Drive Full Scan option:
An option has been added to perform a full scan focusing on metadata such as sharing information, excluding the contents of the files. This allows for more than 100 times faster scanning while monitoring important security aspects.
Shared Drive Permissions scan:
ISMS 4.1 has been upgraded with the capability to scan permissions for all shared drives within the domain. This feature allows for the verification of permissions for each shared drive, ensuring that access to sensitive information is granted only to authorized users.
Improvements
Full Scan
Full Scan Download function: Improvements have been made to allow for the downloading of large-scale full scan results, making it easier to analyze data and take necessary actions.
Full Scan Progress Visibility: The progress of the full scan is displayed in percentage in a progress bar, providing a clear representation of the scan’s completion status.
Drive Activity logs search, retrieval speed and event details divisions
Improved speed of Drive Activity search and retrieval.
The labeling of drive activities has been improved. Previously, events were simply marked as “Shared,” but now they are more specifically categorized as “Shared externally” or “Shared publicly,” providing clearer insights into data sharing practices.
OCR
Improved Image Processing: The processing of images with white backgrounds and clear fonts/texts has been improved, leading to higher OCR accuracy.
Detection of Text alongside Objects: For images that contain text along with other objects, this feature detects the text and improves accuracy.
Handwritten Text Recognition: Simple fonts and clear handwritten texts can now be recognized through OCR.
Automatic Image Alignment: If an image is not properly aligned, it automatically rotates to the correct orientation to execute OCR.
Netkiller ISMS DLP
GWS Drive Audit Log Triggers: Netkiller ISMS DLP now detects not only drive activities through Netkiller ISMS but also GWS drive audit log areas, offering audit trigger operations for all file activities in Netkiller ISMS/GWS, thus providing an additional layer of security monitoring.
Predefined DLP Policy Types: New predefined Data Loss Prevention (DLP) information types such as IP addresses, MAC addresses, Korean passport numbers, U.S. passport numbers, and U.S. SSNs have been added. This expansion helps in better identifying and protecting sensitive information.
UI / UX
The UI has been improved for tablets and mobile devices to be more responsive.
Fixes
Drive Activity Log:
The detection of drive activities for externally owned files has been enhanced.
Netkiller ISMS DLP
Issues with DLP visibility, DLP trigger operations, and reactivation of revision archiving have been resolved.
Miscellaneous Fixes
Various improvements have been made to enhance the overall functionality and performance of Netkiller ISMS.
Example Impacts of Updating to Netkiller ISMS 4.1
Example of the Effectiveness of the Shared Drive Permission Scan Feature:
A marketing team member accidentally granted write permissions to a shared drive folder containing important customer information to all company employees.
With the shared drive permission scan feature of Netkiller ISMS 4.1, administrators can quickly identify and correct this permission setting error, preventing the risk of sensitive customer information leakage in advance.
Example of the Effectiveness of the Ultra-Fast File Metadata Scan Feature:
An employee who is planning to resign attempts to mass-copy thousands of files, including the company’s trade secrets, to a personal USB drive.
With the ultra-fast file metadata scan feature, the system quickly identifies the potential for this data breach and detects the user’s mass copying attempt, preventing the leakage of important information and protecting the company’s competitive edge.
Example of the Effectiveness of Enhanced Drive Activity Log Events:
If an employee accidentally shares an important file externally, previously it was simply marked as “Shared,” making it difficult to accurately determine whether it was shared inside or outside the domain.
With the improved feature, it’s now labeled more specifically, such as “Shared externally,” allowing administrators to quickly identify the issue and take necessary actions. This enhancement effectively manages inappropriate data sharing and reduces security risks.
Example of the Effectiveness of the Strengthened OCR Feature:
An employee in the accounting department scans a receipt image containing a customer’s name, address, and credit card information.
With the enhanced OCR capability, the system accurately recognizes text within the image and automatically extracts sensitive information, allowing it to be processed in accordance with DLP policies. This strengthens the protection of personal information and ensures compliance with regulations.
Example of the Effectiveness of Expanded DLP Information Types:
An employee in the development team accidentally uploads a GitHub repository file containing the company’s source code to Google Drive and sets it to public.
With the expanded DLP information types, the system can identify data such as source code and block public sharing or send a warning message. This protects the company’s intellectual property and helps it maintain its competitive edge.
Example of the Effectiveness of Expanded Trigger Operation Policies:
A hacker attempts to delete important files stored on Google Drive after hijacking a user account.
Netkiller ISMS supports trigger policies including GWS Drive Audit logs. It detects suspicious activities within the GWS Drive and immediately alerts the administrators. This prevents data loss and minimizes damage through prompt response.
In Closing:
The upgrade to Netkiller ISMS 4.1 significantly strengthens the data security of Google Drive. It effectively enhances corporate information security by proactively preventing and blocking the risk of data breaches in various situations!
If you have any questions or concerns, please send an email to kst@netkiller.com.
Sincerely,
The Netkiller ISMS Team
Hello everyone. This is Netkiller.
Netkiller is committed to prioritizing the secure protection and management of our customers’ valuable information. On December 19, 2023, a phishing attack targeting SendGrid users led to the theft of Netkiller’s SendGrid account, resulting in the distribution of spam emails using the Netkiller domain. We immediately responded to this security breach, ensuring that no data or customer information was leaked. It was identified that 39 recipients(Not Netkiller Customers) opened the spam message. Netkiller sincerely apologizes to those who received these unauthorized emails and is dedicated to implementing measures to prevent any such incidents in the future.
Incident Summary:
On December 19, 2023, around 10 AM KST, a Netkiller employee received a phishing email disguised as a SendGrid service notification. The phishing email contained a fake login page, through which the employee’s account credentials, password, and two-factor authentication details were compromised. Although the employee quickly recognized the email as phishing and reset their account password within minutes, the SendGrid API was stolen, leading to a mass distribution of spam emails. Immediate action was taken to address this bulk mailing, and the issue has now been resolved, with no further unauthorized mailings occurring.
Description of Damages:
A temporary SendGrid account used by Netkiller was compromised through a phishing email, leading to the theft of SendGrid API information.
Spam emails were sent out to various email addresses using this API.
The spam emails were sent to a total of 16,277 random email addresses, and among them, 39 individuals clicked on the phishing link.
Measures and Improvements:
Netkiller has taken measures to ensure that such incidents do not occur again in the future, including enhanced security training on phishing and spam emails, and implementing additional account authentication and management systems. We sincerely apologize for the concern this has caused to our customers and those who received the fraudulent emails.
Inquiries and Support:
If you have any questions about our compliance policy, please contact us at support@netkiller.com.
We appreciate your patience, understanding, and ongoing support while we address this incident.
Sincerely,
The Netkiller Team
Hello everyone. This is the Netkiller Support Team.
At Netkiller Inc., we have always strived to protect and manage customers’ information. However, due to a human error, we regret to inform you that on Sunday, December 10, 2023, an email containing instructions for Google Workspace administrators’ two-step authentication intended for a specific client was mistakenly sent to some other clients. Netkiller sincerely apologizes to all our clients and promises to take the following measures and make efforts to prevent such incidents in the future.
Incident Summary:
On December 10, 2023, around 2:10 PM KST, a Netkiller customer support representative accidentally CC’ed an email to other customers while providing instructions for a GWS administrator’s 2-step authentication. As a result, one customer’s email contents were partially exposed to Netkiller clients.
Exposed Information:
Basic contact information specified in the email footer of the client
Instructions for setting up GWS administrator’s two-step authentication (excluding specific client-related details; the instructions contained general technical guidance)
Measures and Improvements:
Netkiller has taken measures to implement a mandatory internal approval process for mass-sent emails to prevent such incidents from happening again in the future.
We sincerely apologize once again for causing concern to our valued customers.
Inquiries and Support:
If you have any questions regarding Netkiller’s security compliance policy, please don’t hesitate to contact us at support@netkiller.com.
On August 2nd, Netkiller sponsored and participated in TD Synnex’s 10th annual Google Summit on the Road hosted in Austin, TX, live music capital of the world.
Netkiller pitched and showed off various features of “netkiller ISMS,” our Google Workspace MSSP solution, to over 30 partners of the Texas-based general distributor company TD Synnex.
At our booth, we showed a demonstration of netkiller ISMS’s main functions including the Google Drive full scan, the automated detection system using keywords and regular expressions, and our robust unlimited tracking of revision and version history. We received a large positive response with attendees displaying significant interest in our solution. Notably, many of our booth’s visitors took a particular interest in how netkiller ISMS can fill the gap between Google Workspace and enterprise-level security compliance requirements.
TD Synnex reseller attendees could also receive a copy of netkiller ISMS’s white paper and manual and sign up for a free version of netkiller ISMS which lasts until the end of this year.
Check out https://netkiller.com/dlp/ for more information about netkiller ISMS’s different functions.
Drawing from the insights gained at this event and the valuable relationships formed with our partners, we are committed to further enhancing our efforts in providing safer and more tailored security solutions (MSSPs) to support our customers all over the world in delivering cloud security services.
