Additional details
Advanced detection policies
The new Drive DLP system provides more advanced functions to help admins configure deeper content detection rules including:
- Nested conditions with AND, OR, and NOT - You can now define complex DLP rules leveraging a wide variety of conditions.
- Volume-based detection - Enforce DLP actions based on the number of violations to reduce the incident volume.
- Finer detection thresholds - Additional detection confidence thresholds help to balance DLP settings and reduce false positives.
- Targeted detection - Choose to target detection to comments, suggestions, title, body or all content of a Drive file.
Additionally, you can now utilize DLP rule templates to quickly author new policies. Templates utilize predefined content detectors, which can then be fine-tuned with appropriate threshold levels suitable for your environment.
More advanced rules can leverage nested conditions, targeted detection, and more.
Incident management dashboard
The new system includes a DLP dashboard that will help you test, understand, and manage rules and alerts in your domain, including by showing incident trends. Features include:
- “Dry Run” for your data protection rules - Generate reports without having the rule active so you can start monitoring your environment without enforcing blocking actions.
- New alert delivery options - Choose who receives alerts for specific rules, including additional members of the organization outside the super admin groups.
- Detailed incident reports - See more detailed reports for all the DLP actions (block, warn, audit).
- Integration with policy investigation tool - Help DLP response teams dig deeper into violations when needed.
New dashboard helps you see violation trends.
New dashboard gives insight into your DLP alerts.
Simplified deployment
The new system makes it easier to deploy DLP rules with features like:
- Roles-based access for administrators - Assign delegated admins for DLP functions in the Admin console. Learn more.
- Predefined content detectors - Use 90+ predefined content detectors to help expand coverage and better manage policy violations.
- Policy exports - Download a copy of DLP policies.
- Flexibility for scoping policies - Scope DLP policies to include or exclude specific groups or OUs.
Getting started
- Admins: This feature will be OFF by default and can be controlled at the domain, OU, or group level. Find the new DLP system at Admin console > Security > Data Protection. Use our Help Center to learn more about the new Drive DLP system.
- End users: No action needed.
Rollout pace
Availability
- Available to G Suite Enterprise, G Suite for Education, G Suite Enterprise for Education, and Drive Enterprise customers
- Not available to G Suite Basic, G Suite Business, and G Suite for Nonprofits customers
Resources
Roadmap