Was sich ändert
In addition to Google Drive, we’re expanding data classification labels to now include Gmail. Classification labels are used to classify and audit content according to organizational guidelines (“Sensitive”, “Confidential”, etc.) and apply policies, such as Regeln zum Schutz vor Datenverlust (DLP), to protect sensitive information in email messages. Classification labels will be available when using Gmail on the web – support for Gmail on mobile devices will be introduced in the coming months.
Wer ist davon betroffen?
Admins und Endnutzer
Warum es wichtig ist
Data breaches are increasingly common and costly across all sectors, including enterprises, public sectors, and government institutions. To minimize data exfiltration and better understand the data being shared, organizations need to differentiate between various types of information and their sensitivity levels to apply data protection policies accordingly. By expanding data classification labels to Gmail, Google Workspace provides admins with a more flexible and robust system integrated with data protection capabilities to help organizations effectively categorize and protect sensitive information.
Specifically, admins can create:
- New classification labels or extend existing ones enabled in Drive labels for Gmail from the Label-Manager. Labels can be used to denote department names, document types, document status, and other custom categories.
- Data protection rules with classification label as a condition, to apply actions to a message based on its classification. For example, a message will be blocked if it’s classified as ‘Internal’ and is being sent to an external recipient.
- Data protection rules to automatically apply classification labels to a message, based on its content. For example, a ‘Confidential’ label can be applied to a message if it contains sensitive financial information, such as credit card or bank account numbers.
- DLP rules with Confidential Mode as a condition to prevent sending messages with sensitive information, if it is not encrypted (Confidential Mode is not enabled)
- Endverbraucher can view and apply Classification Labels when using Gmail on the web.
Zusätzliche Details
- When Data loss prevention (DLP) rules for Gmail using classification labels either as a condition or as an action, messages are scanned asynchronously. This means that the message is classified, blocked or quarantined after it leaves the sender’s mailbox) and before being dispatched to the recipient. In a future release, we plan to provide synchronous support with instant notifications consistent with our synchronous support of instant DLP enforcement for Gmail.
Note that:
- If the message is blocked as a result of the classification label applied to it, the sender will get a bounce back message.
- If the message is automatically labeled by a DLP rule, the sender will not see the label reflected in the sent message. The recipient will see the automatically applied label the same way as any other classification label applied manually by the sender.
- Only Badged options list and Multiple Options list (Single select) field types are supported in Gmail. If classification labels are enabled for usage in both Gmail and Drive, and it contains fields that are not supported in Gmail, such as date or persona, Gmail users will see the label only with fields of the supported types.
Erste Schritte
- Admins:
- Gmail classification labels can be enabled at the domain, group level, or individual user level. You also have the option to enable existing classification labels used in Drive for use in Gmail. The Label Manager tool can be accessed by going to Security > Access and data control oder admin.google.com/ac/dc/labels in the Admin console.
- Besuchen Sie das Hilfezentrum und erfahren Sie mehr über getting started with classification labels, Gmail DLP & automatic classification labelsund preventing data leaks in email and attachments.
- Note: Labels can be viewed by any admin in your organization with the Manage Labels privilege. They can also be visible to everyone in your organization based on the label’s permissions settings.
- Endverbraucher: If configured by your admin, you’ll see the “Classification” option when composing a new messaging or replying to an existing message — when you open the menu, you can select labels relevant to your message. We’ll share the end user Help Center article on Monday, November 3, 2024.
Tempo der Einführung
- Bereiche für schnelle Freigabe und planmäßige Freigabe: Gradual rollout (up to 15 days for feature visibility) starting on November 1, 2024
Verfügbarkeit
- The Label Manager and manual classification is available to Google Workspace:
- Frontline Starter and Standard
- Business Standard and Plus
- Enterprise Standard and Plus
- Education Standard and Education Plus
- Essentials, Enterprise Essentials, and Enterprise Essentials Plus
- Data loss prevention rules with labels as a condition or labels as an action are available to:
- Enterprise Standard and Plus
- Education Fundamentals, Standard, Plus und das Teaching & Learning Upgrade
- Frontline Standard
- Cloud Identity Premium (in combination with a Workspace Edition eligible for Gmail)