Data Loss Prevention (DLP) for Gmail

Data loss prevention (DLP) for Gmail provides a range of functions to protect enterprise emails from data loss and data ...

Data loss prevention (DLP) for Gmail provides a range of functions to protect enterprise emails from data loss and data leakage. DLP settings allow admins to define types of content as a trigger (something which requires examination), and to specify actions for when these events occur.

In this post, we’ll look at how data loss prevention for Gmail can monitor email communications, detect threats, and prevent accidental or malicious data loss and leakage.

How it works: data loss prevention (DLP) for Gmail

Google’s data loss prevention (DLP) for Gmail provides network admins more control over how data is received and sent across enterprise networks. Google DLP allows you to define specific content (triggers) for additional action, detect any threats to sensitive information, and prevent accidental or malicious sharing and destruction of data by unauthorized parties.

Email Abstract Image

Google Workspace: Business (formerly G Suite) admins define the triggers (specific words, numerical patterns, metadata, etc.), and Google DLP automates the scanning, detection, and actions. When a trigger is detected, Google DLP then takes the action predefined by the network admin. It might be placing an inbound email into quarantine, or denying a user’s attempt at communication outside of the network.

How Google DLP works and which rules it follows is dependent on the administrator. Let’s look now at how it works, what messages it scans, and what happens when DLP for Gmail detects potential threats.

What messages does Google DLP scan?

What messages DLP for Gmail scans depends on the company policy and its desired level of prevention. The Google Workspace administrator sets this, choosing a DLP policy that covers one or several types of communication:

Inbound emails from outside the list of domains tied to the enterprise;

Outbound emails to outside the enterprise’s network;

Internal emails received from within the enterprise’s domain;

Internal emails sent within the enterprise’s network.


What content is detected?

With DLP for Gmail, the Workspace admin sets what content is detected by the trigger system. In all, there are three types of content which can serve as triggers: exact, context, or message metadata. These include the following.

Specific expression triggers: any words, specific phrases, or combinations of words;

Pre-set content match triggers: item size, source IP, message authentication, and if the communication has TLS encryption;

Metadata attribute triggers: countries and international detector patterns, including CCN numbers, passport numbers, Social Security numbers, and more.

For each trigger, the system runs an analysis on the content of the data (for example, scanning for 9 digits of a Social Security number). Then it analyzes the context (looking for specific words such as SSN, social, social security, etc). To add content detectors which are not currently supported, admins have to contact support and request the detector’s inclusion.


What happens when Google DLP flags content?

When DLP for Gmail detects sensitive information, it executes one of the following actions.

Modify message: this might be bypassing filters, deleting attachments, including additional recipients, or requiring secure transport;

Reject sending or receipt;

Quarantine: send the message to admins who review, allow, and deny communications with sensitive data.

How does Google DLP work with Google Drive?

Google DLP works with Drive in a very similar fashion to DLP for Gmail, only it also includes the policy for sharing files. Network admins define the security policy and automatic responses, and DLP then actively monitors files shared outside of the Google Workspace domain. 

As with DLP for Gmail, in Drive it looks to identify specific expressions and content matches. When detection occurs, it triggers automatic responses such as sending an email to admins; contacting the user who created, edited, or uploaded the file with sensitive data; or preventing the sharing of any files with sensitive content.

Setting up Google DLP for Gmail and Drive

There are 3 phases to executing Google DLP for Gmail and Drive. They include:

1. Admin defines a rule. Rules include: setting the range of messages and files to monitor, defining content or metadata to scan for as well as setting DLP sensitivity, and defining automatic actions for when triggers occur.

2. Google DLP analyzes all messages and items in its range, searching for any incidents which correspond to its ruleset.

3. DLP then takes action, following any automatic responses the admins set for messages and files.

Take data loss prevention a step further with Preava Prevent for Gmail

Preava Prevent Chrome Extension In Action

Preava Prevent is an extension for the Gmail Web Interface, aiming to help companies prevent sending emails to unintended or unauthorized recipients in the first place. Employee-born mistakes are one of the most common sources for data loss and leakage, and Preava’s DLP solution helps network admins ensure sensitive data never falls into the wrong hands.

To discover more, you can rely on Preava’s team of seasoned cybersecurity, privacy, and operational security experts. Simply contact us today to learn more about DLP for Gmail and book a demo of Preava Prevent for your business communications.

Similar posts