Play Video about Google Drive DLP regex

How to use Wildcard in your Google Workspace DLP policies

Hey Google Workspace admins. This is Goldy again. In this episode of FAQ series about Google Workspace and Cloud Identity, I’m going to answer a question or use case that one of Google Workspace customers had.

This customer allows users to share Google documents with outsiders (e.g suppliers, vendors etc), however does not want these documents to be copied, printed or downloaded by these 3rd parties.

1. There are two use case DLP Policy viewers and Commenters

Of course you can go to DLP and you can apply the beta policy of Information Rights Management to get this done, but the special condition in this use case is that this policy should be applied on all the documents regardless of whether these documents contain or do not contain sensitive information.

So I’ll show you how you can achieve it by leveraging a regex, here is my Google Workspace Admin console.  I’ll click on Security Access and Data Controls and I’ll go to Data Protection.

Okay by the way, if you do not see Data Protection here, that means you are running Google Workspace or Cloud Identity subscription that does not provide this functionality.

4. Here you can see Running Google workspace or Cloud Identity that does not provide this Functionality

 

Once you’re in Data Protection you should go to Manage Detectors, and create a new detector. I’ve already created one.

If you look at my regex here (.*), you will see that it matches everything even if I’m not putting anything to test because it’s going to capture everything. So whatever I write it will always be matched. 

5. Click on REGEX expression its already created lets click on everything whatever we write it will always be matched

Now you should go to Manage Rules and then here you will create a new DLP policy.

6. Lets go to manage rules and here will create a new DLP Polices

So I think I’ve already created one. Block everything leveraging regex. Yeah, that’s the one. So I’ll click on that and show you what I did here.

 

Now you can apply this policy either on the whole organization or maybe a subset of your users, then click on Continue.

7. Let's Put the description and Click On Continue

Now let’s apply that policy specific to Google Drive and also scan for all content and look for my regular expression and the expression was everything and anything. Click on Continue.

8. Here Leveraging BCE or Corporate enterprise applay that policy to google drive and Scan for all Content the expression was everything and anything

Here I’m going to choose the beta Information Rights Management which will disable download, print or copy for commenters and viewers. 

9. Here i will Choose the beta Information Click on Continue

Note : It will not be applicable on editors of the documents, and then it’s up to you, you can send it to alert center, etc. So I’ll click on continue, I’m going to click on Update and let’s make this policy active. 

10. Click on update and make this Policy active

Okay. So it may take some time. Just like everything else in Google Workspace admin console to reflect the changes that you made. 

So I have created this Google document and I will just say this is my test document and then I will share this document with one of my other users. 

11. Lets share this document

Let’s go to Gmail and then sign in with that other user which is BCE.

12. Lets go to Gmail Sign in with that other user

let’s see that user’s experience.

This is an internal user (within my google workspace domain), but even if you share this document with external parties outside your domain, that should still work. 

The only thing is that recipients should be either the viewer or the Commenter.

Now, when i access this document as a viewer or editor, I see that options to make a copy, print or download this document are disabled.

15. Now i am in BCE Let's go to file and as you see a way to make a copy or download a Copy or to print the Document

This is how you can leverage regex in Google Drive (or Gmail) Data Loss Prevention policies to make granular policies. If you have any questions, comments or feedback, do not hesitate to put that under this video and I’ll be happy to collaborate.

 

If you have any questions for sure, you can go to Goldyarora.com/FAQ and submit your question. You don’t need to provide your email address or you don’t need to subscribe me. I just love doing this stuff so feel free to leverage me

Thank you so much.

RECOMMENDED READING

As you just read How to use Wildcard in your Google Workspace DLP policies, I would recommend following as complimentary reading.
Google Workspace to Office 365 SSO & Provisioning Guide
AdminGoogle WorkspaceSecuritySSO

Google Workspace to Office 365 SSO and Provisioning Guide

Read More →
Okta - Google - Integration - Guide
AdminGoogle WorkspaceSecuritySSO

Definitive Guide to Okta & Google Integration

Read More →
Google Workspace Password Vaulted Apps
AdminGoogle WorkspaceSecuritySSO

Securely login to any app with Google Workspace Password Vaulted Apps

Read More →

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top