Home»Google Workspace Security»Google DLP: What Is It?

Google DLP: What Is It?

Google is constantly improving its products and services in an attempt to provide the best security practices and user experience on the market. As a result, Google has recently extended its Google DLP (Data Loss Prevention) services for Gmail and Google Drive for enterprise organizations.

Google Data Loss Prevention is a set of automated functions that monitor Gmail and Google Drive items for triggers (specific content defined by domain administrator), detect them, and prevent them from being maliciously or accidentally leaked or lost.

Google Data Loss Prevention for Gmail

Google DLP scans Gmail messages for the triggers, and, if detected, takes the action predefined by the administrator.

What messages are scanned?

Depending on the company policy and required prevention level, the Google workspace administrator can set up the DLP policy for one or several types of messages:

  • Emails received from outside the set of domains associated with the organization;
  • Emails sent outside the set of domains associated with the organization;
  • Emails received from within the set of domains associated with the organization;
  • Emails sent within the set of domains associated with the organization.

Google gmail dlp rule effect

What content is detected?

G Suite administrators set up the trigger the system will be looking for. This can be some exact content, context or message metadata.

There are three main types of triggers that can be set:

    • Any specific expression – any words or phrases can be set up;
  • Metadata attributes – such as the source IP, the item size, whether or not the message is authenticated, whether or not the connection is TLS encrypted;

 

  • Predefined content match – the wide range of different countries and international detector patterns is available, such as CCN number, passport number, Social Security Number, IBAN, etc.

 

For these detectors, the system analyzes not only the content of the data (i.e., 9 digits of Social Security Number) but also the context (i.e., words “ssn”, “social”, “social security”, “taxpayer”). If admins wish to use a content detector that is not currently available, they must file a support case and ask for it to be added.

google gmail dlp predefined content detectors

What happens when the content is detected?

When the system finds a message containing sensitive data in Gmail DLP, it takes one of the following actions depending on the administrator’s setup:

    • Modifies a message – e.g., bypass spam filters, remove attachments, add more recipients or require secure transport;
  • Rejects sending/receipt of a message;

 

  • Quarantines message – quarantined messages will be sent to the admin quarantine panel where the admin can preview it and allow or deny it.

 

Gmail dlp quarantine

Google DLP for Drive

In addition to Gmail’s options of scanning items for specific data, Google DLP for Drive also includes the Sharing Files policy. It detects files shared with people outside the Google Workspace domain and takes the proper action according to the security policies predefined by the Google Workspace administrator.

What Drive items are scanned?

DLP policy can be set up for all Drive items or for the folders of a specific Organization Unit.

As part of the Sharing Files policy, DLP can detect files shared:

  • Outside the domain;
  • Outside the domain and the list of permitted domains.

What content is detected?

As with Gmail, DLP is searching for the content that was determined by the administrator to be sensitive. The same groups of content, as with Gmail, are available for Drive:

  • Specific expressions;
  • Predefined content match.

What happens when the content is detected?

When the system finds an item containing sensitive data or shared against the defined Sharing Policy, it takes one of the following actions depending on the administrator’s setup, ensuring network security:

  • sends an email to super administrators,
  • sends an email to the user who created, edited, or uploaded a file with sensitive content,
  • blocks sharing of any file with sensitive content.

Additionally, super admins have the option of transferring file ownership to another user.

How Does Google DLP for Gmail and Drive Work

Google DLP for Gmail and Drive works in 3 phases:

    1. Admin sets a rule. Setting a rule means:
      • defining the range of messages and items that must be monitored,
      • defining the content or metadata attributes the DLP system will be looking for and the DLP sensitivity level,
      • defining the action that must be triggered over the detected message or item in case a trigger occurs;
    2. DLP investigates all messages/files of a prescribed range and searches for the ones that correspond to the rule;
  • Action predefined by the administrator is taken over the message/file.

 

Google DLP for Gmail does not notify the Google Workspace administrator about rejected or modified messages, so the administrator has no full visibility over sensitive data security.

This gap is filled by SpinOne Data Protection that provides Google Workspace Administrators detailed data security reports and a lot of powerful tools that significantly increase the effectiveness of the organizational security systems.

If you want to get the most effective strategy for data security in your organization, try the Google Workspace and Spinbackup synergy effects.

Start 15-Day Free Trial
Published on: Nov 20, 2021
Davit Davit Asatryan Director of Product
About Author

Davit Asatryan is the Director of Product at Spin.AI

He is responsible for executing product strategy by overseeing the entire product lifecycle, with a focus on developing cutting-edge solutions to address the evolving landscape of cybersecurity threats.

He has been with the company for over 5 years and specializes in SaaS Security, helping organizations battle Shadow IT, ransomware, and data leak issues.

Prior to joining Spin.AI, Davit gained experience by working in fintech startups and also received his Bachelor’s degree from UC Berkeley. In his spare time, Davit enjoys traveling, playing soccer and tennis with his friends, and watching sports of any kind.

Featured Work:

Webinar:

Frequently Asked Questions

Does Google have DLP?

Yes, Google offers Data Loss Prevention (DLP) solutions as part of its Google Workspace and Google Cloud Platform (GCP) services. Google’s DLP tools allow administrators to set policies that can identify, monitor, and protect sensitive data, such as personally identifiable information (PII) and confidential company information.

Google Workspace DLP features include content inspection and policy enforcement for Gmail, Google Drive, and other apps within the Google Workspace environment. Administrators can configure DLP rules to scan and monitor emails, documents, and other content for specific data types, and take actions such as blocking, quarantining, or warning users when a potential policy violation is detected.

How do I turn off DLP on Google?

To turn off Data Loss Prevention (DLP) in Google Workspace sign in to your Google Workspace admin console then click Apps and select Google Workspace. In the left-hand menu, click on Drive and Docs. Scroll down and click on Data Loss Prevention where you’ll see the DLP rules you’ve created. To turn off DLP, you can either delete the rules or pause them by clicking on the three vertical dots and selecting Delete or Pause, depending on your preference. Confirm your action.

How does DLP Gmail work?

Data Loss Prevention (DLP) for Gmail is a feature in Google Workspace that helps protect sensitive information and prevent data breaches in Gmail by conducting a thorough content inspection that specifies which types of sensitive information or data should be protected; scanning incoming and outgoing emails for content that matches the defined policies; notifying users about potential DLP policy violations; and reporting and monitoring data security incidents.

For instance, an Admin sets a rule by defining: (1) the range of messages to track; (2) the content attributes the DLP system will be looking for; and (3) the action that must be taken in case a trigger occurs. Second, DLP monitors all messages of a prescribed range and searches for those corresponding to the rule. Third, action predefined is taken over the message/file.

Where can I find Google DLP policies?

In Google Workspace, including Gmail, DLP policies are typically configured and managed by the Google Workspace administrator or IT department of your organization. These policies are not publicly accessible or viewable by individual users. If you’re an end-user and need to know about the DLP policies in place or have specific questions, you should reach out to your organization’s IT support or the designated administrator responsible for Google Workspace.

If you are the administrator or have the necessary permissions and need to manage DLP policies, you can typically find and configure them in the Google Admin Console.

Related articles

Google Workspace Security

4 Cybersecurity Lessons Learned from the Facebook ...

When we stop and think about our data as it exists online, it can contain personal information that we would not want to have exposed. Social media and data privacy has become a very heated subject, especially with the recent…Read more
Insights & News

45 Main Cyber Security Terms Everyone Must Know

Cybersecurity is an everyday growing industry, which inevitably infiltrates the day-to-day life of each of us. There are numerous tools, technologies, methods, and attacks in the cybersecurity field. Due to the abundance of these things, the cybersecurity field is one of…Read more
Cloud Data, Insights & News

5 Biggest Cloud Computing Risks & How to Liqui...

There is no question that businesses today are either currently migrating or looking to migrate to the public cloud. But while public cloud SaaS offerings provide tremendous benefits and functionality, there are also risks of cloud computing. Those cloud computing risks must be handled, otherwise,…Read more