How to use Wildcard in your Google Workspace DLP policies
Hey Google Workspace admins. This is Goldy again. In this episode of FAQ series about Google Workspace and Cloud Identity, I'm going to answer a question or use case that one of Google Workspace customers had.This customer allows users to share Google documents with outsiders (e.g suppliers, vendors etc), however does not want these documents to be copied, printed or downloaded by these 3rd parties.
Of course you can go to DLP and you can apply the beta policy of Information Rights Management to get this done, but the special condition in this use case is that this policy should be applied on all the documents regardless of whether these documents contain or do not contain sensitive information.So I'll show you how you can achieve it by leveraging a regex, here is my Google Workspace Admin console.I'll click on Security Access and Data Controls and I'll go to Data Protection.Okayby the way, if you do not see Data Protection here, that means you are running Google Workspace or Cloud Identity subscription that does not provide this functionality.
Once you're in Data Protection you should go to Manage Detectors, and create a new detector. I've already created one.If you look at my regex here (.*), you will see that it matches everything even if I'm not putting anything to test because it's going to capture everything. So whatever I write it will always be matched.
Now you should go to Manage Rules and then here you will create a new DLP policy.
So I think I've already created one. Block everything leveraging regex. Yeah, that's the one. So I'll click on that and show you what I did here.
Now you can apply this policy either on the whole organization or maybe a subset of your users, then click on Continue.
Now let's apply that policy specific to Google Drive and also scan for all content and look for my regular expression and the expression was everything and anything. Click on Continue.
Here I'm going to choose the beta Information Rights Management which will disable download, print or copy for commenters and viewers.
Note : It will not be applicable on editors of the documents, andthen it's up to you, you can send it to alert center, etc. So I'll click on continue, I'm going to click on Update and let's make this policy active.
Okay. So it may take some time. Just like everything else in Google Workspace admin console to reflect the changes that you made.So I have created this Google document and I will just say this is my test document and then I will share this document with one of my other users.
Let's go to Gmail and then sign in with that other user which is BCE.
let's see that user's experience.This is an internal user (within my google workspace domain), but even if you share this document with external parties outside your domain, that should still work.The only thing is that recipients should be either the viewer or the Commenter.
Now, when i access this document as a viewer or editor, I see that options to make a copy, print or download this document are disabled.
This is how you can leverage regex in Google Drive (or Gmail) Data Loss Prevention policies to make granular policies. If you have any questions, comments or feedback, do not hesitate to put that under this video and I'll be happy to collaborate.If you have any questions for sure, you can go to Goldyarora.com/FAQ and submit your question. You don't need to provide your email address or you don't need to subscribe me. I just love doing this stuff so feel free to leverage me.Thank you so much.
Related Posts
....