WorryFree Computers   »   [go: up one dir, main page]

What’s changing 

We’re adding 40+ content detectors, which expand the type of content that data loss prevention (DLP) in Drive can scan and detect. 

New intelligent, machine learning based detectors for content inspection of documents, such as: 

  • SEC filings 
  • Legal briefs and court orders 
  • Tax documents 
  • Contracts 
  • Patents 
  • Resumes 
  • Finance Forms 
  • Source codes, system logs, and more. 

These machine based learning detectors are pre-trained to automatically detect sensitive content, requiring no additional work on the part of the admin. 

Additionally, we’ve added over forty new parameters for regional security, such as: 

  • Auth token 
  • API Keys 
  • Belgium ID 
  • Global VIN
  • Germany TIN 
  • India GST and more.

Visit the Help Center for a complete list of pre-defined detectors for DLP data loss prevention in Google Drive


Adding conditions to define data that you want to scan for


Who’s impacted 

Admins 

Why it’s important 

Admins can use data loss prevention to create and apply rules to control what content your users can share in Google Drive files outside your organization, helping to prevent unintended exposure of sensitive information. 

These additional detectors, along with intelligent based scanning, help to further secure your environment and sensitive data. Administrators can enforce policies to restrict external sharing, applying classification labels, preventing uploads or warning users based on these intelligent detectors. 

Getting started 

  • Admins: This feature can be configured at the domain, OU, or group level within the DLP system at Admin console > Security > Data Protection. Use our Help Center to learn more about creating DLP for Drive rules and custom content detectors and using predefined content detectors. 
  • End users: No action required. 

Rollout pace 

Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, Education Plus, the Teaching and Learning Upgrade, as well as Cloud Identity Premium customers. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, and Nonprofits, legacy G Suite Basic and Business customers, and Cloud Identity Free customers. 

Resources 

Labels: , , , ,

Update

[February 4, 2022]: We previously stated there would be a full rollout (1–3 days for feature visibility) for these features. This was incorrect — please see below for updated rollout information:

  • Rollout for the admin configured default labels feature is expected to be complete on February 8, 2022.

  • Rollout for the automated classification feature is expected to be complete on February 17, 2022.


We apologize for any confusion this may have caused.

What’s changing 

Automated classification with Google Workspace DLP and labels-driven sharing restrictions are now generally available. These features were part of a beta we announced last year for enhanced content classification, governance, and data loss prevention (DLP) with Google Drive labels. 

A new Admin console setting can now automatically apply up to 5 labels to all new files your users create, or to all newly created files owned by specific parts of your organization. 



Configuring automatically applied blank labels by OU in Admin console

A message will prompt end users to fill out required fields in label manager, until the field is completed.



Requiring users to select a label field option in Label Manager


End user experience for an automatically applied label combined with a required field


Automated classification can help organizations automatically add Drive labels to content based on administrator-defined DLP rules and predefined content detectors. DLP administrators can also configure rules that show users a warning any time they attempt to share a file labeled as “Internal,” as well as rules that block external sharing or prevent downloads and printing for all “confidential” files. 

Additionally, Admins have the ability to allow end users to change labels applied by DLP, to provide additional flexibility for their organization. 

Who’s impacted 

Admins and end users 

Why you’d use it 

You can automatically apply labels to new files. When used in conjunction with required fields in label manager, you can require users to classify their newly created Drive files, leading to strengthened data classification and protection. 

Labels in Drive can also be automatically added to files with automated classification based on admin-defined DLP rules and predefined content detectors. This automated classification can help scale data classification and protection efforts by reducing the administrative burden and potential errors associated with manual labels. 

Getting started 

Rollout pace 

Default labels 

Automated classification


Availability 

  • Available to Google Workspace Essentials, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Plus, and Nonprofits 
  • Not available to Business Starter, Education Fundamentals, and Frontline, as well as legacy G Suite Basic and Business customers 

Resources 

Labels: , , , ,

What’s changing 
We’re expanding betas for two related features which can help categorize content and enhance content protection at scale. Specifically, we’re adding: 
  • Drive labels. This renaming and update to the previously-announced Drive metadata feature enables admins to configure custom labels (formerly “metadata”) for a domain, and then enable users to apply these labels to files in Drive. 
  • Automated classification and Drive data loss prevention (DLP) integration. Automated classification can help organizations automatically add Drive labels to content based on administrator-defined rules and predefined content detectors
    • As part of this launch, we’re adding 60 new content detectors, including resumes, SEC filings, patents, and source code. 
    • Using automated classification makes it easier to scale your use of labels while reducing the risk of manual classification errors. 
    • Both manual and automated labels can be used with DLP to prevent external sharing, downloading, and printing of some files. 

These features are currently available in beta. Interested customers can now apply for the beta here

Drive labels will be available to Google Workspace Essentials, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Nonprofits customers. Automated classification and DLP will be available to Google Workspace Enterprise Standard, Enterprise Plus, and Education Plus customers. 



Who’s impacted 
Admins and end users 


Why you’d use it 
Special handling of sensitive data is an integral part of a strong information governance policy, and that begins with labeling files which may contain sensitive intellectual property, personally identifiable information, data subject to special compliance regulations, and more. Additionally, they can help admins prevent external sharing, downloading, and printing of classified files via an integration with data loss prevention (DLP). Moreover, admins can create labels to indicate department names, document types, document status, and anything else you can think of, to facilitate content discovery in advanced search. 

When used in conjunction with automated classification, labels in Drive can be added automatically based on administrator-defined DLP rules and predefined content detectors. This automated classification can help scale data classification and protection efforts by reducing the administrative burden and potential errors associated with manual labels. 


Admins can define custom labels for their organization 

Users can add labels to Drive files (if permitted by admin), or take advantage of automatic classification 

Admins can set data loss prevention (DLP) rules for files with a certain label 

Getting started 
Rollout pace 
  • The betas will start accepting new organizations on a rolling monthly cadence. Eligible customers can now apply to join the beta here. You’ll get more details via email when the beta is available to use. 
Availability 
Drive labels 
  • Available to Google Workspace Essentials, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Standard, Education Plus, and Nonprofits customers 
  • Not available to Google Workspace Business Starter, Education Fundamentals, and Frontline, as well as G Suite Basic and Business customers. 

Automated classification & DLP integration 
  • Available to Google Workspace Enterprise Standard, Enterprise Plus and Education Plus customers. 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 
Resources 
Labels: , , ,

What’s changing 
We’re creating reports with recommendations that will help customers proactively understand and protect sensitive content. The reports will show: 
  • How many files in your organization contain sensitive information. 
  • How many sensitive files in your organization have been shared externally. 
  • Insights into the type of sensitive information (e.g. credit card numbers, social security numbers, etc.) in those files. 
Note that a report will be proactively generated for Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, and Enterprise Plus customers on a periodic basis. They do not require any Data Loss Prevention (DLP) rules to be set up in the Admin console. You can turn off the report by going to Admin console > Data Protection > Data protection insights

An example of a Data Protection insight report 

Who’s impacted 
Admins 


Why it matters 
Protecting your company’s confidential data is critical. DLP supports this by giving you control over what users can share, and helps prevent the unintended exposure of sensitive information. 

These new reports will help you understand what sensitive information is stored in your organization, and can help you make more informed decisions to protect it. For customers new to DLP, a report can help you identify the types of sensitive content, such as credit card numbers and tax IDs, that you might want to prioritize establishing DLP policies for. For customers already using DLP, a report can help you identify data types that you may not have authored DLP policies for. 

Enterprise Standard and Enterprise Plus customers also have access to Google Workspace’s DLP systems, which can make it easier to implement chosen DLP policies and create alerts for ongoing monitoring of issues identified in the report. 


Getting started 
  • Admins: 
    • Reports will be produced periodically. When they’re created, links to the report will be sent by email, and an alert will be shown in the Admin console. You can also find the report in the Admin console at Security > Data protection
    • Reports will only be accessible by super admins and other admins with the View DLP rule privilege. 
    • You can turn off the report by going to Admin console > Data Protection > Data protection insights
    • Visit our Help Center to learn more about managing DLP insights reports.  
  • End users: No end user impact. 
An email which helps admins find and use the report 

Rollout pace 
Availability 
  • Available to Available to Business Standard, Business Plus, Enterprise Essentials (domain verified), Enterprise Standard, and Enterprise Plus customers, as well as G Suite Business customers
  • Not available Available to Essentials, and Business Starter customers, as well as G Suite Education, Enterprise for Education, Nonprofits, and Basic customers
Resources Roadmap 
Labels: , , , ,

What’s changing We’re introducing a new data loss prevention (DLP) system that will make it easier to deploy more advanced detection policies for content on Google Drive. The new Drive DLP functionality can be found at: Admin console > Security > Data Protection. Key updates include:

  • Advanced detection policies that enable more detailed rules using nested conditions, volume-based detection, finer detection thresholds, and more. 
  • New DLP incident management dashboard to see incident trends, view detailed incident reports, dry run rules, and more. 
  • Simplified deployment with more flexible scoping, roles based access for admins, and more. 


Use our Help Center to learn more about the differences between the legacy and new DLP systems.

The new system is separate from the legacy Drive DLP system. 

Currently, the new DLP system (at Admin console > Security > Data Protection) will exist alongside the legacy DLP system (at Admin console > Rules). Rules created in the new system will be separate from rules in the legacy system, and both will continue to work. You can migrate legacy DLP rules to the new DLP by manually creating a new rule in the DLP and then deleting the legacy DLP rule. When you perform this migration, we encourage you to consider reconfiguring them to use the more advanced functionality offered by the new system. Use our Help Center to learn more about migrating from the legacy to the new DLP system.

Who’s impacted Admins

Why you’d use it Protecting your company’s confidential data is critical. DLP supports this by giving you control over what users can share, and prevents unintended exposure of sensitive information. You can use it to prevent or warn users from sharing sensitive content (such as confidential information and customer social security numbers) outside of the domain on a per file basis. As an admin, you can also use the system to get alerts about policy violations and DLP incidents and to investigate information on the policy violation.

We have developed this new system to provide a more advanced way for you to configure DLP for Drive, going beyond the previously announced Drive DLP systems (DLP for Drive, and DLP for shared drives). You can use it to make your deployment more powerful and flexible with more granular policies customized for the specific needs of your organization. Combined with added deployment flexibility, it will be easier to deploy more advanced DLP policies that add visibility into and control over your data. Use our Help Center to learn more about how the new DLP system is different from the legacy system.

Additional details 
Advanced detection policies 
The new Drive DLP system provides more advanced functions to help admins configure deeper content detection rules including:

  • Nested conditions with AND, OR, and NOT - You can now define complex DLP rules leveraging a wide variety of conditions. 
  • Volume-based detection - Enforce DLP actions based on the number of violations to reduce the incident volume. 
  • Finer detection thresholds - Additional detection confidence thresholds help to balance DLP settings and reduce false positives. 
  • Targeted detection - Choose to target detection to comments, suggestions, title, body or all content of a Drive file. 


Additionally, you can now utilize DLP rule templates to quickly author new policies. Templates utilize predefined content detectors, which can then be fine-tuned with appropriate threshold levels suitable for your environment.


More advanced rules can leverage nested conditions, targeted detection, and more. 

Incident management dashboard 

The new system includes a DLP dashboard that will help you test, understand, and manage rules and alerts in your domain, including by showing incident trends. Features include:

  • “Dry Run” for your data protection rules - Generate reports without having the rule active so you can start monitoring your environment without enforcing blocking actions. 
  • New alert delivery options - Choose who receives alerts for specific rules, including additional members of the organization outside the super admin groups. 
  • Detailed incident reports - See more detailed reports for all the DLP actions (block, warn, audit). 
  • Integration with policy investigation tool - Help DLP response teams dig deeper into violations when needed. 



New dashboard helps you see violation trends. 


New dashboard gives insight into your DLP alerts. 

Simplified deployment 
The new system makes it easier to deploy DLP rules with features like:

  • Roles-based access for administrators - Assign delegated admins for DLP functions in the Admin console. Learn more
  • Predefined content detectors - Use 90+ predefined content detectors to help expand coverage and better manage policy violations. 
  • Policy exports - Download a copy of DLP policies. 
  • Flexibility for scoping policies - Scope DLP policies to include or exclude specific groups or OUs. 


Getting started 
  • Admins: This feature will be OFF by default and can be controlled at the domain, OU, or group level. Find the new DLP system at Admin console > Security > Data Protection. Use our Help Center to learn more about the new Drive DLP system.
  • End users: No action needed. 


Rollout pace 


Availability 
  • Available to G Suite Enterprise, G Suite for Education, G Suite Enterprise for Education, and Drive Enterprise customers 
  • Not available to G Suite Basic, G Suite Business, and G Suite for Nonprofits customers 


Resources 


Roadmap 
Labels: , , , ,

Protecting your company’s confidential data is critical, regardless of where it’s stored. In January of this year, we announced Data Loss Prevention (DLP) for Google Drive, giving G Suite Enterprise edition customers more control over how data is shared beyond their company. Today, we’re bringing DLP to content stored in Team Drives.

DLP analyzes the files in your organization’s Team Drives for sensitive content. You can set up policy-based actions that will be triggered when any sensitive content is detected. G Suite admins will be able to control what content members of the team can share externally using easily configured rules and easily enforced policies.



Important notes about Team Drives:

  • Because Team Drives are owned by the domain, rather than individuals, existing DLP rules applied at the domain level will apply to Team Drives.
  • If a DLP rule is assigned to an organizational unit or a group, then that rule will not apply to Team Drives.
  • When files stored in a Team Drive are flagged by DLP rules, users outside of your organization will lose access to these files.
For detailed instructions on how to set up these rules and policies, visit the Help Center.

Launch Details
Release track:
Launching to both Rapid Release and Scheduled Release

Editions:
Available to G Suite Enterprise edition only

Rollout pace:
Full rollout (1–3 days for feature visibility)

Impact:
Admins only

Action:
Admin action suggested/FYI

More Information
Help Center: Scan and protect Drive files using DLP rules

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates
Labels: , , ,

Earlier this year, we launched several improvements for Data Loss Prevention for Gmail, such as optical character recognition and more flexible content detection thresholds. Google Apps Unlimited customers all around the world were able to start using DLP to automatically check outgoing messages according to content policies set by the administrator and help prevent accidental data loss.

In this latest release, we’re adding several new Personally Identifiable Information (PII) predefined detectors to enhance your DLP for Gmail solutions. The new detectors are as follows:
  • Mexico - Passport Number
  • Mexico - CURP Code
  • Korea - Passport Number
  • Spain - Passport Number
  • Germany - Passport Number
  • USA - Passport Number
  • China - Passport Number
  • Canada - Passport Number
  • France - Passport Number
  • Japan - Passport Number
  • UK - Passport Number

DLP for Gmail is available for Google Apps Unlimited customers only.


Launch Details

Release track:
Launching to both Rapid release and Scheduled release

Rollout pace:
Gradual rollout (potentially longer than 3 days for feature visibility)

Impact:
Admins only

Action:
Change management suggested/FYI

More Information
Scan your email traffic using data loss protection

Note: all launches are applicable to all Google Apps editions unless otherwise noted

Launch release calendar
Launch detail categories
Get these product update alerts by email
Subscribe to the RSS feed of these updates
Labels: , ,