Content Compliance Testing in Gmail

Google now provide in-line genuine Data Loss Prevention (DLP) for Gmail and Drive. In this post, we show you how to configure DLP for G Suite eMail. We now have a DLP reporting section in GAT+.

From the G Suite for Work Admin console it is now possible to test email contents for compliance with company rules and regulations or to perform actions like alerting a Security officer if a credit card number is detected passing through. This is potentially a very important link in your cloud security fence and complementary to tests and checks performed by the General Audit Tool.

From the Admin console, select Apps, Google Apps, Settings for Gmail and then scroll down to ‘Advanced settings’.

Apps > Google Apps > Settings for Gmail > Advanced settings

Under ‘General Settings’ you will find three configuration areas, each linked to compliance. In this example, we are going to look at ‘Content compliance’, which is where we can execute a regular expression test on email contents. (Here are some regular expressions you can use)

The configure button for each section appears on the right of the screen, click on this to configure. 

You can ‘Add Setting’ to Inbound or Outbound email for your domain or to internal email.

We selected both Inbound and Outbound to test for Credit Card movement inside email.

Under ‘Expressions we select ‘Advanced Content match’

Gmail settings

For Location, we select the Body of the message and for Match type, we select Matches regex. A nice feature is you can test the expression before saving it.

Gmail settings

\b(1800|2131|30[0-5]\d|3[4-7]\d{2}|4\d{3}|5[0-5]\d{2}|6011|6[2357]\d{2})[- ]?(\d{4}[- ]?\d{4}[- ]?\d{4}|\d{6}[- ]?\d{5})\b

The regular expression used to test for credit cards is given above – cut and paste to your own configuration.

Be sure to save the ‘Expression’ test you have just built (this is the first of 3 save actions you will have to take).

Step 3 will allow you to configure what actions you wish to take if a match is found, these can include sending a copy of the message to a security officer, or quarantining the message until further release after inspection.

more Gmail settings

then Save the completed compliance rule

and finally, Save the Configuration!

Note also the rule may take up to 1 hour before coming into effect.

A Google Help Page on this feature is to be found here.

Comments

comments