Data Loss Prevention for Gmail helps keep your business data secure


Google unveiled a new administrative tool for Google for Work designed to prevent business data from falling into the wrong hands. Google's new Data Loss Prevention (DLP) for Gmail monitors emails to ensure that confidential or sensitive information is only shared with people approved to receive such data.

For example, if your business prohibits the sharing of customer credit card information with vendors, your IT administrator could set up a DLP policy that monitors all outgoing emails. If a credit card number is found within the email body or attachments, like documents, spreadsheets and presentations, then DLP could take predefined actions.

The email can be placed into quarantine for administrative review, returned to the sender for modification or rejected.

Custom rules

In addition to predefined content detector categories, like credit card information and social security numbers, administrators can set up custom rules with DLP to ensure that the right policies apply to the appropriate persons or departments.

In the credit card number example, the rule could apply to every message and every employee company-wide, or it could be limited to specific departments. Administrators can choose to have DLP monitor outgoing messages, or apply the rule both to incoming internal and outgoing emails.

In a whitepaper about DLP, Google states that custom keyword detectors can also be used, and the system has intelligent logic designed to "reduce false positives and negatives."

Expanding the scope of DLP

DLP is currently available to Google Apps Unlimited users, but Google promises that DLP will expand to other Google services in the future.

"We're working on bringing DLP to Google Drive early next year, along with other rule based security systems," said Suzanne Frey, Director, Security, Trust, and Privacy, Google Apps, in a statement.

Data Loss Prevention for Gmail is the latest Google security measure following an alert system that notifies users if an email is sent over an unencrypted connection.