What has changed?
One of the main threats that organizations must prepare for is the risk of data leakage in unwanted or unauthorized ways. This can take many forms, from small-scale unintentional sharing to large-scale security breaches. Therefore, to help protect your organization from these risks, Data Loss Prevention (DLP) functionality in Gmail is now officially available, starting today. This is an extension of the DLP functionality previously provided in Google Drive and Chat.
DLP is one of the most powerful ways for organizations to protect themselves from these risks. Gmail’s DLP capabilities allow organizations to identify, monitor, and control the sharing of sensitive data. This works by applying data protection rules that can be set up to instantly detect sensitive content in outgoing messages, including email bodies, attachments, headers, and subjects.
.png)
Additional Details
Comparing Gmail’s DLP Features with Content Compliance Rules
To prevent the leakage of sensitive data in Gmail, it is recommended to use DLP data protection rules.
- DLP rules provide a wide range of pre-defined detection capabilities and allow for flexible condition setting.
- You can customize warning messages to match your organization’s data management requirements, terminology, and processes.
- This helps users to be aware of the organization’s security and data protection policies and prevent them from sharing sensitive data.
- While the Content Compliance feature is still useful, it is better suited for purposes such as evaluating incoming emails and internal routing to specific departments.
For more information, see the initial Open Beta announcement.
DLP Features within the Google Workspace Ecosystem
As part of Google Workspace, DLP for Gmail works with Drive and Chat. This allows administrators to use integrated security tools to configure, implement, and investigate DLP rules.
- Using the Security Investigation Tool
- Ability to create custom dashboards using integrated audit logs and export data to BigQuery
These DLP features allow organizations to benefit from:
β
Reduced risk of data leakage
β
Compliance with regulatory requirements
β
Protection of corporate reputation and intellectual property
How to Get Started
π¨βπ» Admins
- Data Loss Prevention (DLP) rules can be configured at the domain, organizational unit (OU), and group levels.
- DLP rules for Gmail can be enabled in the Admin Console.
- Path: Security > Access and data control > Data protection
- For more information on how to enable DLP in Gmail, see the Help Center.
- You can modify existing DLP rules for Drive and Chat to apply them to Gmail as well.
- DLP events can be reviewed in the Security Investigation Tool or the Security Alert Center (Security > Alert Center).
- In the Security Alert Center, you can also set up alerts for specific rules.
β
DLP data protection rules for Gmail can be scanned synchronously or asynchronously
β
Detailed information can be found in the Help Center
π Recommended when setting up new rules
- It is recommended to start in βAudit onlyβ mode first.
- This allows you to thoroughly test that the rules are working correctly and monitor them to avoid disrupting email flow.
- Once the behavior of the rules is as expected and accuracy is confirmed, you can then set actions such as Block or Warning.
π© End Users
- Depending on the administrator settings, a warning message may appear if an email violates a DLP rule.
Release Schedule and Target
π Release Schedule
- Rapid Release and Scheduled Release domains: Gradual rollout starting February 18, 2025 (1-3 days for feature visibility)
β Availability
- Google Workspace Enterprise Standard and Enterprise Plus
- Google Workspace for Education plans (including Education Fundamentals, Standard, Plus, Teaching & Learning add-on)
- Frontline Standard
- Cloud Identity Premium customers
Additional Resources
π Google Workspace Admin Help
Note: This content is a posting translated from the Google English blog on February 18 using AI.
Comments are closed.