Data Loss Prevention (DLP), also known as data leak prevention, is one of the most opted for data security measures by IT professionals. It is a solution that monitors, detects, and prevents sensitive data from being shared outside an organization. Most company data is confidential, so it is especially important to prevent unauthorized sharing of confidential information that can put the organization at risk. As most companies store data on the cloud, let’s talk about Drive DLP, Google’s own cloud DLP. Here we walk you through the entire configuration process step by step and provide examples of DLP use cases to protect your organization’s Google Drive data.
Enable Data scanning and report in the Google Admin Console
Step 1. Access the Google Admin Console (using an admin account).
Step 2. Click Security > Data Protection
Step 3. At the bottom of the page, enable the Data scanning and report setting to have your DLP detectors reported in the Data Protection Insights Dashboards (see screenshot below). We recommend you keep this setting ON for audit and compliance purposes.
DLP detectors, rules, and actions flow
Create custom detectors (Skip this part if you’ll be using a rule template or default detectors)
Click Manage Detectors > Add detector
Select Regular expression or a Wordlist (depending on your needs)
Name and configure the custom detector
Go to Manage rules > Add rule
Select New rule or New rule from template
Name and define the Scope of your scans (OUs and groups)
Determine the Triggers of events and set Conditions to define sensitive content as refinement steps.
Determine the Appropriate Actions (Alert, Action, Severity)
Review - Lastly, you get to review the rule and choose whether to activate it or not. After that, your rule has been created.
Examples of DLP rules for Google Drive
Although Google has made it easy to implement DLP rules through default detectors and templates, organizations are able to create their own custom rules and detectors. We will cover an example of each DLP configuration below.
Protect Credit Card Numbers with default detectors
Step 1: Enter Google Admin ConsoleStep 2: Access Security > Data Protection > Manage RuleStep 3: Click Add Rule > New Rule
Step 4: Add the name and description for the ruleStep 5: Select the scope of the rule (see screenshot)
Step 6: Check the File Modified box and add/select:Field- All content Value - Matches default detector Default detector - Global - Credit card number Likelihood Threshold - Possible Minimum unique matches - 1 Minimum match count - 1
Step 7: Select the Action and the Alerts you want to enforce
Step 8: Review and Create Rule
2. Use template to prevent financial information sharing
Step 1: Enter Google Admin Console Step 2: Access Security > Data Protection > Manage Rule Step 3: Click Add Rule > New rule from template
Step 4: Select the template “Prevent financial information sharing” Step 5: Select the scope of the rule Step 6: Review the conditions and create the DLP rule
Step 1: Enter Google Admin Console Step 2: Access Security > Data Protection > Manage Detectors Step 3: Click Add Detector and select Wordlist Step 4: Fill out name, description and keywords (see screenshot) Step 5: Click Manage Rules > New rule Step 6: Repeat the same process as stated in example 1 and 2.
Use the Investigation Tool to view and review the performance of your DLP events and rules (Enterprise only)
Use the Alert center to get a summary of the DLP alerts you have configured.