​Google Apps gets DLP for Gmail to prevent email leaks

Google has debuted data loss prevention (DLP) for Gmail in Google Apps, closing a key gap between its compliance toolset and Microsoft's Office 365.

Sensitive leaks can be expensive and Google knows security features can be a big differentiator, particularly for customers in healthcare, retail, banking and government -- the same customers Microsoft has catered to by rolling out DLP, among other security features, in Office 2016 and Office 365.

To address this, Google has announced Data Loss Prevention for Gmail. The feature is included in Apps Unlimited, its $10 a month per subscriber package, offering rules-based tools for admins to catch non-compliant email before it reaches an intended or accidental recipient.

Google has aimed to make the feature simple for admins to set up by creating a handful of “predefined content detectors” with a focus on numbers and identifiers used in banking, healthcare, and government.

Some are specific to nations, such the “NHS number” in the UK, and “social security number” in the US, while globally predefined detectors include credit card number, and IBAN and SWIFT banking numbers.

The DLP system will automatically scan an outgoing email’s subject, message body and attachments and definitions can be bolstered by additional keywords and regular expressions. Admins can set rules for when it catches a non-compliant email for it to be quarantined for review, flagged for a user to modify, or blocked with a notification to the sender.

The system uses pattern, context and checksum methods to detect anything that matches a detector and each predefined detector has its own combination of detection methods. For example, in the case of a US Drug Enforcement Administration number, it uses a pattern match and checksum, whereas for the an American Bankers Association Routing Number it will run a checksum on 9 digits.

It currently offers predefined content detectors for the US, UK, France and Canada, but not Australia.

Google still has a little way to go to catch up with Microsoft, which rolled out DLP for OneDrive for Business and SharePoint Online in September. Beyond usability features, the two companies have been battling it out over mobile device management, encryption and authentication features, and DLP was one of the headline security features of its on-premise suite Office 2016.

Of course, Google is working on an answer to that gap and says it will roll out DLP for Google Drive early next year, along with other rule-based systems.

“Gmail DLP is the first step in a long term investment to bring rule-based security across Google Apps,” said Suzanne Frey, director of security, trust, and privacy for Google Apps.

Security ALERT!

Need help making the right choice for you business? Need to update your system but don't know where to start? CSO can help, check out our security hub today.

Read more: ​8 in 10 ‘government approved’ health apps are insecure

Gigamon Transform Security Zone


Tags retailDLPGmailbankingdata loss prevention (DLP)CSO AustraliaMicrosoft's Office 365​Google Apps

Show Comments