Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 5 MINUTES AGO.
You are here: Home / Network Security / Data Loss Prevention Comes to Gmail
Google for Work Debuts Gmail Data Loss Prevention Tool
Google for Work Debuts Gmail Data Loss Prevention Tool
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
10
2015
Data security is top of mind for every CIO, CTO -- and anyone else who reads technology news stories about multimillion-dollar security breaches. Knowing this, Google for Work is making moves to beef up Gmail security.

Dubbed Data Loss Prevention for Gmail, the tool adds yet another layer of protection to keep important information out of the hands of people who have no business seeing it in the first place.

Suzanne Frey, director of security, trust, and privacy at Google Apps, issued a warning this week for every company that has data, whether large enterprises or small businesses and whether that data is about strategic plans, sensitive HR issues or confidential inventions: Organizations need to keep data safe from accidental leaks and targeted hacks in ways that are simple and reliable.

“Google for Work already helps admins manage information security with tools such as encryption, sharing controls, mobile device management and two-factor authentication,” Frey said in a blog post. “However, sometimes user actions compromise the best of all of these controls. For example, a user might hit ‘reply all’ when meaning to send a private message with sensitive content.”

Applying Security Rules

Frey offered an example of how Data Loss Prevention for Gmail could work. Let’s say your organization has a policy against the sales department sharing customer credit card information with third-party vendors. In this case, the IT admin can set up a data loss prevention policy to keep the information safe by choosing “credit card numbers” from a predefined content detector library.

Once this is in place, Google’s tech will check every single outgoing e-mail from the sales department automatically and execute the actions IT has required. That could mean holding the e-mail for review, asking the user to modify the e-mail’s content, or letting the salesperson know that the e-mail has been blocked.

“These checks don’t just apply to e-mail text, but also to content inside common attachment types -- such as documents, presentations and spreadsheets,” Frey said, noting that Data Loss Prevention for Gmail is the first step in a long-term investment to bring rules-based security across Google Apps. “And admins can also create custom rules with keywords and regular expressions.”

Technical Controls

Frey then offered a laundry list of efforts Google has made on the security front in 2015, from inviting an independent auditor to check out its privacy practices for Google Apps for Work and Google Apps for Education to introducing security keys to make two-step verification more convenient to launching a cloud security scanner and more.

We contacted Ken Westin, a senior security analyst at advanced threat detection firm Tripwire, to get his take on the state of security. He told us the challenge for security leaders is that no matter how much they train their staff members about security, there always seems to be those few employees who download porn apps directly from untrusted third-party Web sites to their phones.

“To our horror, those individuals are then connecting their devices to the corporate Wi-Fi, accessing corporate e-mail and documents from that same infected phone,” Westin said. "It is important to not only have clear security policies established, but also have the technical controls in place to detect and mitigate when there is a policy break or threat that touches your network.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.