Gmail Data Loss Prevention Updates Include Scanning Images
In late 2015, Google introduced Gmail Data Loss Prevention (DLP). This extra set of security controls makes it easier to be HIPAA-compliant, locks down sensitive information, and reduces your company’s exposure to risk. Google recently rolled out some updates to Gmail DLP that make it even more effective.
Gmail Data Loss Prevention: Recap
Gmail Data Loss Prevention (DLP) is a set of policies available to Google Apps for Work Unlimited clients designed to prevent sensitive data from either leaving your organization or falling into the wrong hands within your organization. As an example, we’ve all received mass emails which were meant to be sent to either one or a select group of recipients. Now, imagine if one of those emails contained salary information. If your company has Gmail DLP enabled, that email wouldn’t have even made it out of the gate, or would only have been sent to approved individuals. As a more serious example, what if an employee sent an email which contained sensitive medical information to the wrong recipient? This would be an unintentional violation, but still a violation, of HIPAA - a potentially actionable infraction. Again, properly implemented Gmail DLP policies would stop that email. You can read all about the basics of Gmail DLP in the post we wrote when it came out.
Gmail DLP Update #1: OCR for Common Image Types
One of the amazing things about Gmail DLP is that it doesn’t just scan emails, but attachments to the email, for predefined terms administrators select. When it was launched, PDFs were the only attachments that could be scanned. Now, Google has upped the ante on the Optical Character Recognition (OCR) in Gmail DLP to be more likely to detect content in PDFs that are saved as image-only, that is, where the text isn’t selectable or normally machine-readable. It has also expanded the types of files that it scans to include common image types. Administrators can use to enable OCR at the Organizational Unit (OU) level for both content compliance and objectionable content rules.
Gmail DLP Update #2: New Content Detection Parameters
Gmail DLP policies allow administrators to decide what to do with an email based on the content contained within it. You can choose to stop delivery with a note to the sender, stop delivery without a note to the sender but a note to management, and so on.
In response to the need to attach different levels of risk to each scenario, Google has introduced the count parameter, which allows admins to enact a different set of policies based on how many times an item occurs within an email. This means that if there is one Social Security Number, a different policy could be applied than if there were a thousand Social Security Numbers in an email. One may be a mistake on the part of the sender, while the other may be a purposeful act.
The other new parameter being introduced continues in this vein. The confidence parameter lets administrators adjust detection criteria based on how serious they consider those criteria to be. For a full list of the predefined content detectors, see Google’s help page.
Google has promised to continue improving Gmail DLP to meet the needs of its clients, and it is already proving to be a powerful weapon against data theft, compliance violations, and even the simple everyday issue of making an employee look bad by sending out the wrong email. If you haven’t upgraded to Unlimited yet, it certainly makes it worth it to do so. If you want the power of Gmail DLP, you have to be a Google Apps for Work Unlimited customer. If you are interested in either signing up with Google Apps for Work or increasing your subscription level to Unlimited, contact UpCurve Cloud today to get started.