Logo Spinbackup.com

Google DLP: What Is It?

Google DLP: What Is It?

Google DLP What Is It

Google is constantly improving its products and services in an attempt to provide the best security practices and user experience on the market. As a result, the company recently extended its DLP (Data Loss Prevention) services for Gmail and Google Drive for enterprise organizations.

Google Data Loss Prevention is a set of automated functions that monitor Gmail and Google Drive items for triggers (specific content defined by domain administrator), detect it, and prevent it from being maliciously or accidentally leaked or lost.

Google DLP for Gmail

Google DLP scans Gmail messages for the triggers, and, if detected, takes the action predefined by the administrator.

What messages are scanned?

Depending on the company policy and required prevention level, the administrator can set up the DLP policy for one or several types of messages:

  • Emails received from outside the set of domain associated with the organization;
  • Emails sent outside the set of domain associated with the organization;
  • Emails received from within the set of domain associated with the organization;
  • Emails sent within the set of domain associated with the organization.

Google gmail dlp rule effect

What content is detected?

Administrators set up the trigger the system will be looking for. This can be some exact content, context or message metadata.

There are three main types of triggers that can be set:

  • Any specific expression – any words or phrases can be set up;
  • Metadata attributes – such as the source ip, the item size, whether or not the message is authenticated, whether or not the connection is TLS encrypted;
  • Predefined content match – the wide range of different countries and international detector patterns is available, such as CCN number, passport number, Social Security Number, IBAN, etc.
  • For these detectors, the system analyzes not only the content of the data (i.e., 9 digits of Social Security Number) but also the context (i.e., words “ssn”, “social”, “social security”, “taxpayer”). If admins wish to use a content detector that is not currently available, they must file a support case and ask for it to be added.

google gmail dlp predefined content detectors

What happens when the content is detected?

When the system finds a message containing sensitive data, it takes one of the following actions depending on the administrator’s setup:

  • Modifies a message – e.g., bypass spam filters, remove attachments, add more recipients or require secure transport;
  • Rejects sending/receipt of a message;
  • Quarantines message – quarantined messages will be sent to admin quarantine panel where admin can preview it and allow or deny.

Gmail dlp quarantine

Google DLP for Drive

In addition to Gmail’s options of scanning items for specific data, Google DLP for Drive also includes the Sharing Files policy. It detects files shared with people outside the domain and takes the proper action predefined by the administrator.

What Drive items are scanned?

DLP policy can be set up for all Drive items or for the folders of a specific Organization Unit.

As part of the Sharing Files policy, DLP can detect files shared:

  • Outside the domain;
  • Outside the domain and the list of permitted domains.

What content is detected?

As with Gmail, DLP is searching for the content that was determined by the administrator to be sensitive. The same groups of content, as with Gmail, are available for Drive:

  • Specific expressions;
  • Predefined content match.

What happens when the content is detected?

When the system finds an item containing sensitive data or shared against the defined Sharing Policy, it takes one of the following actions depending on the administrator’s setup:

  • sends an email to super administrators,
  • sends an email to the user who created, edited, or uploaded a file with sensitive content,
  • blocks sharing of any file with sensitive content.

Additionally, super admins have the option of transferring file ownership to another user.

How Does Google DLP for Gmail and Drive Work

Google DLP for Gmail and Drive works in 3 phases:

  1. Admin sets a rule. Setting a rule means:
    • defining the range of messages and items that must be monitored,
    • defining the content or metadata attributes the DLP system will be looking for and the DLP sensitivity level,
    • defining the action that must be triggered over the detected message or item in case a trigger occurs;
  2. DLP investigates all messages/files of a prescribed range and searches for the ones that correspond to the rule;
  3. Action predefined by administrator is taken over the message/file.

Google DLP for Gmail does not notify the G Suite administrator about rejected or modified messages, so the administrator has no full visibility over sensitive data security.

This gap is filled by Spinbackup Data Protection that provides G Suite Administrators detailed data security reports and a lot of powerful tools that significantly increase the effectiveness of organizational security system.

If you want to get the most effective strategy for data security in your organization, try the G Suite + Spinbackup synergy effect.

1,633 total views, 3 views today

Related Post