Get our free ebook about Data Loss Prevention and learn more

Enable Data scanning and report in the Google Admin Console

rsz_chapter_4.png

Step 1. Access the Google Admin Console (using an admin account).

Step 2. Click  Security > Data Protection

Step 3. At the bottom of the page, enable the Data scanning and report setting to have your DLP detectors reported in the Data Protection Insights Dashboards (see screenshot below). We recommend you keep this setting ON for audit and compliance purposes.

DLP detectors, rules, and actions flow

DLP actions flow
DLP actions flow

Create custom detectors
(Skip this part if you’ll be using a rule template or default detectors)

  1. Click Manage Detectors > Add detector
  2. Select Regular expression or a Wordlist (depending on your needs)
  3. Name and configure the custom detector

Create rules

  1. Go to Manage rules > Add rule
  2. Select New rule or New rule from template
  3. Name and define the Scope of your scans (OUs and groups)
  4. Determine the Triggers of events and set Conditions to define sensitive content as refinement steps.
  5. Determine the Appropriate Actions (Alert, Action, Severity)
  6. Review - Lastly, you get to review the rule and choose whether to activate it or not. After that, your rule has been created.

Examples of DLP rules for Google Drive

Although Google has made it easy to implement DLP rules through default detectors and templates, organizations are able to create their own custom rules and detectors. We will cover an example of each DLP configuration below.

  1. Protect Credit Card Numbers with default detectors
Chapter5NewRule.png

Step 1:  Enter Google Admin ConsoleStep 2: Access Security > Data Protection > Manage RuleStep 3: Click Add Rule > New Rule

Chapter5scope.png

Step 4: Add the name and description for the ruleStep 5: Select the scope of the rule (see screenshot)  

Chapter5CreditCardNumber.png

Step 6: Check the File Modified box and add/select:Field- All content
Value - Matches default detector
Default detector - Global - Credit card number
Likelihood Threshold - Possible
Minimum unique matches - 1
Minimum match count - 1

Chapter5Blocksharing.png

Step 7: Select the Action and the Alerts you want to enforce

Chapter5CreateRule.png

Step 8: Review and Create Rule

2. Use template to prevent financial information sharing

Chapter5RuleTemplate.png

Step 1:  Enter Google Admin Console
Step 2: Access Security > Data Protection > Manage Rule
Step 3: Click Add Rule > New rule from template

Chapter5TemplateFinancialInfo.png

Step 4: Select the template “Prevent financial information sharing”
Step 5: Select the scope of the rule
Step 6: Review the conditions and create the DLP rule


3. Protect files containing sensitive keywords (custom detectors)

Chapter5WordList.png

Step 1:  Enter Google Admin Console
Step 2: Access Security > Data Protection > Manage Detectors
Step 3: Click Add Detector and select Wordlist
Step 4: Fill out name, description and keywords (see screenshot)
Step 5: Click Manage Rules > New rule
Step 6: Repeat the same process as stated in example 1 and 2.

Tip:

  • Use the Investigation Tool to view and review the performance of your DLP events and rules (Enterprise only)
  • Use the Alert center to get a summary of the DLP alerts you have configured.
Get our free ebook about Data Loss Prevention and learn more