Trong kỷ nguyên số, dữ liệu là nguồn sống, là tiêu chí giúp thay đổi…
Prevent data loss with G Suite – Data Loss Prevention
Protect knowledge assets and enterprise data should always be a top priority, especially in the digital era, businesses will sooner or later "set foot" on the Cloud. According to statistics until 2018, The most common causes of business data loss and leak include: Stolen user accounts, malware, unmanaged access to resources businesses, "insiders" from within, etc. It is easy to see that the end user - or the employee himself is a potential "hole", damaging the digital resources of the business, even though it is invisible. intentionally or intentionally. To prevent this problem, Google has researched and developed the feature Data Loss Prevention (DLP) in the toolkit G Suite – to help businesses take the initiative in protecting their resources and brain.
> Reference:
1/ Data Loss Prevention – What is DLP?
With Google's brainpower investment, Google Workspace G Suite which has been highly appreciated in corporate data security. Besides factors such as encryption, audit reports, mobile device management, two-step authentication, access control, etc. DLP adds another layer of security to prevent business data from being stolen. Business is "lost" to the outside world, not subject to abuse or unauthorized access from unauthorized people.
To do this, DLP allows administrators to set up security rules, for example: Do not send ABC information to email addresses that do not have the same domain name as the business. Next, DLP will match these rules with the content of emails or documents prepared to be sent out. After that, the system will handle violations according to the predefined requirements of the admin.
Thanks to this way of working, even if the user accidentally sends information outside (for example, when pressing "Reply all" instead of just sending it to one person as intended), the action cannot be successful.
Currently, the data loss prevention feature - Data Loss Prevention has been integrated by Google into two major information exchange applications of G Suite users, including Gmail and Drive.
Note: Data Loss Prevention is only available in G Suite versionn Enterprise. If your business buys G Suite Business before March 31, 2017 then you can continue to use this feature until March 31, 2020 (provided that the service continues to renew).
2/ Prevent data loss in Gmail
Email is a major tool used for communication in the workplace, with the average number of emails sent and received a day reaching 281 billion emails (According to Radicati Group's Email Metric Report). Meanwhile, businesses are owners of many types of sensitive information, including intellectual property and third-party data (such as customers' personal information). To keep this data safe through DLP, admins can easily set up data loss prevention policies.
Eg:, businesses can set a rule: Sales department is not allowed to share customer's credit card information with other suppliers. At that time, the admin only needs to select the keyword "Credit card number" in a series of pre-built rules. At this time, Gmail DLP will automatically check all emails sent from the sales department and take action.
Admin can completely build pre-built handling measures for each case, for example: put emails in the censorship (quarantine) to check again, add content adjustments, block outgoing emails and notify again. with the sender.
A special feature of Gmail DLP is that it not only checks the text in the email (subject and email content), but also the content in the attached files (documents, presentations, spreadsheets). Gmail DLP will determine the format of each file through a binary scan for accurate information instead of relying on their extension information. Then, this text content will be extracted from the attached file using an algorithm built specifically for each file format and processed.
In addition to the built-in rules, the admin can completely customize the new rules according to the business's own privacy policy.
3/ Prevent data loss in Drive (both Google Drive and Team Drive)
Similar to Gmail Data Loss Prevention, admin can completely prevent end users from sharing sensitive and confidential information stored in Google Drive and Team Drive out of the business. DLP in Drive works by scanning (scanning) files that contain what you are looking for.
For example, if a user shares a file containing a bank account number, or a personal tax code, you can email a notification to the Super admin (the administrator with the highest authority) so that they are aware of the information. believe. You can also warn users when they intentionally share data, or block anyone outside of the business (not using the same domain email) from accessing these files.
Scanned Drive files include: Sheets, Docs, Slides.
To make it easier to imagine you can access the following link to see a demo of how data loss prevention works
4/ How to set up rules for Data Loss Prevention
- Define scope of application: Admins can choose whether these data loss prevention rules will be applied to what types of stories and to whom in the business. Specifically, the admin can choose to apply to all messages of all employees, or based on each room/sub-organization (OU), or only apply to outgoing messages, etc.
- Define conditions to apply: Specify what these rules should look for in the content. Admins can use built-in content detectors or create new ones themselves.
- Define handling measures: For cases that match the search request, the admin can build available handling measures:
- Edit content: Admin can add content adjustment if determined this message can still be sent. For example: If employees send internal information to each other (but are not allowed to send it outside), the system will automatically add the [Internal Only] section to this email subject.
-
- Put emails in moderation: If messages are entered into the moderation area, the admin (or authorized person) can review the email content before they are sent or retained.
-
- Reject message: Automatically reject a message if it is determined that this content is not allowed to be sent, without exception. And to warn the sender, the admin can send a notice or quote the company guidelines to them, avoiding the case of mistakes in the future.
In general, the data loss prevention feature of G SuiteResearched and developed by Google (from 2015 to present) and operated in a very effective way. Not only stopping at the usual features of DLP, Google's solution also goes further with the strategy of setting up a security barrier through rules (rule-based), combined with optical recognition. (Optical Character Recognition) to process the content in the image. Therefore, choosing G Suite is not just a tool to exchange information, admins or business managers can fully apply the built-in features to proactively protect their data. .
Source: gcloudvn.com