skip to Main Content
Welcome to Gimasys!
Hotline: +84 974 417 099 (HCM) | +84 987 682 505 (HN) gcp@gimasys.com

Workspace Data Protection rules are now available for Gmail in Beta

What’s changing 

Launching first to beta, Google is introducing data loss prevention rules for Gmail. Data protection rules help admins and security experts build a stronger framework around sensitive data to prevent personal or proprietary information from ending up in the wrong hands. This functionality is already available in Google Chat and Google Drive, and in Gmail you’ll be able to create, implement, and investigate rules in the same manner.

Admins can create data protection rules to flag sensitive information from using your organization. These rules are applied to outgoing messages sent internally or externally and admins can choose whether all content (including attached files and images), the body of the email, email headers, or subject lines should be scanned. You can configure your rules to look for sensitive text strings, custom detectors, or select predefined detectors. If a message violates a rule, admins can choose to: Block message — the sender will receive a notification about message delivery failure and more information about the policy they violated.

  • Block message - the sender will receive a notification about message delivery failure and more information about the policy they violated.
  • Quarantine message — the message is delivered, but it is captured in rule log events for further analysis. This is particularly advantageous because it allows admins to assess the impact of rules before introducing them to your end users.
  • Audit only - the message is delivered, but it is captured in rule log events for further analysis. This is particularly advantageous because it allows admins to assess the impact of rules before introducing them to your end users.

Data loss prevention (DLP) for Gmail is available for select Google Workspace customers (see the “Availability” section below) — no additional sign-up is required to use the feature.

Create data protection policies for Gmail alongside Drive and Chat
Create data protection policies for Gmail alongside Drive and Chat

Build flexible conditions with selection of predefined and custom detectors of sensitive information
Build flexible conditions with selection of predefined and custom detectors of sensitive information

Thiết lập quy tắc với hành động Chỉ kiểm tra được áp dụng cho các thư được gửi bên ngoài tổ chức. Mức độ nghiêm trọng của việc ghi nhật ký sự kiện được thiết lập ở mức 'Trung bình' và cảnh báo qua Trung tâm thông báo được bật
Set up a rule with Audit Only action applied to messages sent outside of organization. The severity level for event logging is set up to ‘Medium’ and alerting via Alert Center is turned on

Detailed information about the event in the Alert Center
Detailed information about the event in the Alert Center

Overview of DLP incidents in the Security Dashboard with further option to investigate audit logs in detail
Overview of DLP incidents in the Security Dashboard with further option to investigate audit logs in detail

Who’s impacted

Admins and end users

Why it’s important

In addition to detecting sensitive content, DLP in Gmail offers additional benefits such as:

  • Simplified deployment and data protection policies management with rules for Gmail, Drive and Google Chat unified into the same area and workflow.
  • Advanced detection policies with flexible conditions, wide selection of predefined detectors for global and regional information types, custom detectors (Regular Expressions and word lists), targeting on specific parts of a message (header, subject, body).
  • Granular configuration of policies scope, defining sender audiences (at domain, OU, and group levels) and recipient audiences (internal, external, both).
  • Actions with various levels of restriction such as block delivery of message (Block), quarantine message for review (Quarantine), and log event for future audit (Audit only).
  • Tools for incident management and investigation such as the Alert Center, Security Dashboard and Security Investigation Tool.

Additional details 

How does DLP in Gmail compare to Content Compliance rules?

Content compliance in Gmail does offer similar functionality in that you can create rules to prevent messages that contain specific content from being sent. However, unlike DLP in Gmail, admins have no way to preview the impact of these rules before deploying them broadly.

Further, content compliance offers a variety of features that are better suited for filtering content. For example, you can:

  • Set up a metadata match on a range of IP addresses, and quarantine messages from IP addresses outside of the range.
  • Route messages with content that matches specific text strings or patterns to a specific department, suited the best to process information.

Getting started

  • Admins:
    • Data loss prevention rules can be configured at the domain, OU, or group level. DLP rules can be enabled in Gmail in the Admin console under Security > Access and data control > Data protection. Visit the Help Center to learn more about controlling sensitive data shared in Gmail.
      • Note that you can modify existing DLP rules for Drive and Chat to also apply to Gmail.
    • DLP events can be review Googled in the Security Investigation Tool or Security > Alert Center, if alerts are configured in rules.
    • Google recommends selecting “Audit only” when you’re setting up a rule. When selected, messages that match the conditions of a rule will be delivered with the detection being logged. This allows you to rest new rules and monitor their performance, or to passively monitor the environment without interrupting email flow for your users.
  • Note on asynchronous and synchronous scanning: With DLP for Gmail, data protection rules are scanned asynchronously, which means that the message is blocked or quarantined after it leaves the sender’s mailbox and before being dispatched to the recipient. Google is working on the ability to scan data protection rules synchronously when a user hits “Send” in order to notify users about sensitive content before the message leaves their mailbox.
  • Please share your feedback on this feature with Google — this will help them continue to improve the experience as Google moves through beta and toward general availability. You can share your feedback by selecting the “Send feedback” button located in the bottom left corner of your screen of any data protection related page in the Admin console.
  • End users: When configured by your admins, you’ll be notified if your message contains information that violates a DLP rule.

Rollout pace

  • Rapid Release and Scheduled Release domains: Extended rollout (potentially longer than 15 days for feature visibility) starting on April 26, 2024.

Availability

Available to Google Workspace:

  • Enterprise Standard, Enterprise Plus
  • Education Fundamentals, Standard, Plus, và Teaching & Learning Upgrade
  • Frontline Standard
  • Cloud Identity Premium 

As a senior partner of Google in Vietnam, Gimasys has more than 10+ years of experience, consulting on implementing digital transformation for 2000+ domestic corporations. Some typical customers Jetstar, Dien Quan Media, Heineken, Jollibee, Vietnam Airline, HSC, SSI...

Gimasys is currently a strategic partner of many major technology companies in the world such as Salesforce, Oracle Netsuite, Tableau, Mulesoft.

Contact Gimasys - Google Cloud Premier Partner for advice on strategic solutions suitable to the specific needs of your business:

  • Email: gcp@gimasys.com
  • Hotline: 0974 417 099
Back To Top
0974 417 099