How to enhance your security posture in your enterprise cloud emails: Case for Google Workspace

Episode 3: Data Loss Prevention for Gmail

Data loss prevention (DLP) is a set of tools and processes used to ensure that sensitive data is not lost, misused, or accessed by unauthorized users. In this episode we are going to take a deep dive into how to secure Gmail on Google Workspace.

Using data loss prevention (DLP), you can create and apply rules to control the content that users can share in files outside the organization. DLP provides predefined detectors to detect sensitive data, such as credit card, Identity card number,  or passport numbers and trigger automatic responses like quarantining, rejecting, or modifying a message. You can also combine predefined detectors with keywords or regular expressions to create more sophisticated content compliance policies.

DLP rules  trigger scans of files for sensitive content, and prevent users from sharing that content. Rules determine the nature of DLP incidents, and incidents trigger actions, such as the blocking of specified content.

Setting DLP with predefined content detectors

  • In Google Admin console, go to:
  • Select Content Compliance:
    • If the status is Not configured yet, point to the setting and click Configure.
    • If the status is Locally applied or Inherited, click Edit or click Add another rule to edit it or add a new setting.
  • At the top, enter a short description, such as Credit card number detector.
  • In the Email messages to affect section, select the required types of messages to affect. 
  • In the Expressions section, click Add.
  • From the list, select Predefined content match
  • From the list, select the relevant predefined detector and click Save.
  • Click Add setting or Save to close the dialog box. Then At the bottom, click Save.
You can repeat the above steps to set several DLP rules for Gmail in your organization. The rules will highly depend on organizational policies and regulatory compliance requirements. Stay tuned, in our next episodes, we shall cover topics in the following areas:
  1. Data Loss Prevention (DLP) for Drive
  2. Deleting Accidental Sent emails in your domain
  3. Security Center: Investigation tool
  4. Google EMM: Remote Wipe Devices: Windows, Android and iPhone