Data security is top of mind for every CIO, CTO — and anyone else who reads technology news stories about multimillion-dollar security breaches. Knowing this, Google for Work is making moves to beef up Gmail security.
Dubbed Data Loss Prevention for Gmail, the tool adds yet another layer of protection to keep important information out of the hands of people who have no business seeing it in the first place.
Suzanne Frey, director of security, trust, and privacy at Google Apps, issued a warning for every company that has data, whether large enterprises or small businesses and whether that data is about strategic plans, sensitive HR issues or confidential inventions: Organizations need to keep data safe from accidental leaks and targeted hacks in ways that are simple and reliable.
“Google for Work already helps admins manage information security with tools such as encryption, sharing controls, mobile device management and two-factor authentication,” Frey said in a blog post. “However, sometimes user actions compromise the best of all of these controls. For example, a user might hit ‘reply all’ when meaning to send a private message with sensitive content.”
Applying Security Rules
Frey offered an example of how Data Loss Prevention for Gmail could work. Let’s say your organization has a policy against the sales department sharing customer credit card information with third-party vendors. In this case, the IT admin can set up a data loss prevention policy to keep the information safe by choosing “credit card numbers” from a predefined content detector library.
Once this is in place, Google’s tech will check every single outgoing e-mail from the sales department automatically and execute the actions IT has required. That could mean holding the e-mail for review, asking the user to modify the e-mail’s content, or letting the salesperson know that the e-mail has been blocked.
“These checks don’t just apply to e-mail text, but also to content inside common attachment types — such as documents, presentations and spreadsheets,” Frey said, noting that Data Loss Prevention for Gmail is the first step in a long-term investment to bring rules-based security across Google Apps. “And admins can also create custom rules with keywords and regular expressions.”
Frey then offered a laundry list of efforts Google has made on the security front in 2015, from inviting an independent auditor to check out its privacy practices for Google Apps for Work and Google Apps for Education to introducing security keys to make two-step verification more convenient to launching a cloud security scanner and more.
We contacted Ken Westin, a senior security analyst at advanced threat detection firm Tripwire, to get his take on the state of security. He told us the challenge for security leaders is that no matter how much they train their staff members about security, there always seems to be those few employees who download porn apps directly from untrusted third-party Web sites to their phones.
“To our horror, those individuals are then connecting their devices to the corporate Wi-Fi, accessing corporate e-mail and documents from that same infected phone,” Westin said. “It is important to not only have clear security policies established, but also have the technical controls in place to detect and mitigate when there is a policy break or threat that touches your network.”