How to enhance your security posture in your enterprise cloud drive: Case for Google Workspace

Get updates as soon as we post them

Latest news, tips and tricks, straight to your inbox

How to enhance your security posture in your enterprise cloud emails: Case for Google Workspace

Episode 4: Data Loss Prevention (DLP) for Drive

In this episode of enterprise cloud security on Google Workspace we will take a look on how to implement  DLP for Drive which allows you to create complex rules that combine triggers and conditions. You can also specify an action that sends a message to the user that their content has been blocked.

DLP for Drive helps manage access to services based on:

  • Identity and context
  • IP Range
  • Device Policy
  • Disk encryption status
  • Screen lock status
  • OS Policy – min OS Version, as string
  • Different OS – Windows, MacOS, Chrome OS
  • Company-owned device
  • Serial number
  • Geographic origin

DLP for Drive rules and custom content detectors

Step 1: Plan your rules

  • Decide on rule conditions – rule conditions determine what kind of sensitive content the rule will detect.  using AND, OR or NOT operators you can specify multiple rules
  • Recommended rules – DLP rules recommended to you based on the results of the Data protection insights report.
  • Rule’s scope groups – you can choose admin- or user-created groups in your Groups list in the Admin console. Examples: 
    • Dynamic groups— manage memberships automatically when users join, move within, or leave your organization.
    • Security groups— helps you regulate, audit, and monitor the group for permission and access control.
    • Migrated groups –use Google Cloud Directory Sync (GCDS) to sync groups you create in Microsoft AD or other tools with Google Workspace.

Step 2: Create a custom detector (optional)

  • sign in to your super administrator account or a delegated admin account and go to:

  • Click Manage Detectors then click Add detector. Add the name and description.
  • You can select:
    • Regular expression— a method for matching text with patterns.
    • Word list— This is a comma-separated list of words to detect.

  • Click Create. Later, use the custom detector when you add conditions to a rule.

Step 3: Create rules

  • In the Admin console, go to data protection section shown in step 2 above.
  • Click Manage Rules. Then click Add rule -> New rule or click Add rule -> New rule from template.  Select a template from the Templates page

  • In the Name section, add the name and description of the rule.
  • In the Scope section, choose All in <domain.name> or choose to apply this rule only to users in selected organizational units or groups then click Continue.

  • In the Apps section, choose the trigger for Google Drive, File created, modified, uploaded or shared and Click Continue

  • In the Conditions section, click Add Condition.
  • Choose the Content type to scan:
    • All content: All of the document, including the document title, body, and any suggested edits.
    • Body: Body of the document
    • Drive label: Any labels applied to the document.
    • Suggested edits: Content added to the document while in Suggestions mode

  • Choose What to scan for, then fill out the needed attributes for that type of scan.
  • Click Continue.
  • In the Actions section,  you can optionally select the action to occur if sensitive data is detected in the scan:
    • Want to test a rule before adding an action to it

  • In the Alerting section, choose a severity level (Low, Medium, High).
  • Click Continue and review the rule details.
  • In Rule status, choose an initial status for the rule and click create.
    • Active—Your rule runs immediately.
    • Inactive—Your rule exists, but does not run immediately

Step 4: Communicate to users about the new rule – set user expectations as to behavior and consequences of the new rule.

Stay tuned, in our next episodes, we shall cover topics in the following areas:

  1. Deleting Accidental Sent emails in your domain
  2. Security Center: Investigation tool
  3. Google EMM: Remote Wipe Devices: Windows, Android and iPhone