Given that keeping data secure isn’t the most exciting process an employee ever performs, it has to be made simple, quick and reliable if it is to be followed. Google Cloud helps admins manage information security with tools like mobile device management, encryption, sharing controls and two-factor authentication. This of course cannot protect against simple user error, wherein a user may hit Reply All on a message with sensitive information like company strategy, HR issues or other sensitive data in it.
Data Loss Prevention (DLP) for Gmail can add extra security for Google Apps Unlimited customers, however.
How DLP Works
To keep specific types of information safe, admins can now easily set up a DLP policy by selecting the criteria, like “customer credit card information”, from a library of predefined content detectors. Gmail DLP will automatically check outgoing emails from specified internal departments to ensure that no outlined sensitive data leaves. It will take action based on previously outlined instructions from the admin—either quarantine the email for review, inform the sender to modify the information, or block the email from being sent with a notification sent to the sender.
These security measure extend to attachment types as well, so documents, presentations and spreadsheets can also be scanned for security.
DLP Custom Rules
Admins can create custom rules with keywords and regular expressions to protect against phrases not already in Gmail’s predefined library of commonly protected data types. So for example if your company is working on a big project codenamed Tron that must be kept under wraps, admins can create custom checks for tron, confidential, etc. to protect against leaks.
Optical Character Recognition
Sensitive information doesn’t just live in text form. As sensitive data can reside in scanned copies and images, OCR enhancements allow Gmail to now analyze common image types and extract text for policy evaluation. Admins can choose to enable OCR in the Admin console at the organizational-unit (OU) level for both the content compliance or objectionable content rules.
Increased Content Detection Control Thresholds
For those admins seeking refined control over DLP policies to minimize false positives, the ability to take action commensurate with the level of perceived risk, Google is introducing two new detection parameters:
- Count parameter – The count parameter allows customers to set up different DLP policies based on whether a message contains individual or bulk PII. For example, an email containing a single credit card number might be considered a low risk event, while one that contains 100 credit cards is clearly a high risk scenario.
- Confidence parameter – The confidence parameter lets customers tighten or loosen detection criteria for the most commonly used detectors as per their needs.
Google is also currently working to bring DLP to Google Drive very soon. Gmail is part of the G Suite suite, and Data Loss Prevention is available only to G Suite Unlimited customers only.
Learn more about G Suite or contact a Google Apps expert here.
Familiar, simple, secure—it's time to give G Suite a closer look.
Organizations are moving to the cloud, and for good reason. Google Apps cloud solutions make it easier to collaborate, access files on the fly, and manage security. Download this free eBook, G Suite: Key Statistics and Use Cases for the Enterprise, to learn how Google Apps are revolutionizing modern work processes.