Data Loss Prevention for Google Apps Email – Introducing Virtru DLP

As we’ve seen over the past several years, email is a tremendous source of data leaks.  Once a user hits send, sensitive information is in the wind – and could very easily put your organization at risk.

To mitigate this risk, there are three steps that all organizations must take.

  • Deploy on-demand client-side email encryption for all users who must share sensitive information.  This ensures that users can be the first line of defense for data protection.
  • Implement user and admin controls for email digital rights management (email DRM).   This includes the ability to revoke access to secure emails sent with Virtru at any time, to set expiration dates, and control forwarding.
  • Implement rules-based data loss prevention (DLP) to scan and protect emails and attachments before they’re sent.  This ensures that messages that should be protected are, in fact, protected.

At Virtru, we broke new ground on items 1 and 2.  We took great pains to make it extremely  easy for individuals and business to encrypt their most sensitive information.  Hundreds of organizations of all sizes now use Virtru Pro to meet regulatory requirements like HIPAA, FERPA, or CJIS and to protect HR, finance, or legal information.  And our email DRM has put tens of thousands of users in control of their emails – forever, regardless of where ever their messages travel.

But we knew this wasn’t enough.  Our customers need rules-based content controls to automatically protect sensitive information. When we studied the market, we found that existing DLP solutions were difficult to configure, complicated to use, and did provide any control or information for the end user.

So we got to work on building our own DLP service – incorporating the type of clean simplicity that has become the hallmark of the Virtru brand.  As with all of our products, we started with the premise that data protection technologies must be powerful, easy to use, and not get in the way of the user.  Virtru DLP rules are configured centrally by administrators, and enforced on client endpoint.

Virtru DLP makes it easy for administrators to set up rules based on senders, recipients, message contents, and attachments.  You can use these rules to automatically encrypt, warn users, send copies or blind copies, and more.

Seeing is Believing

Watch this short video, or schedule a demo to see for yourself how easy it is to set up powerful data protections using Virtru DLP.

Setting Up Virtru DLP Rules

As this video shows, you can set up Virtru DLP rules in three ways:

1) Common Patterns – To make things easy, Virtru detects common types of sensitive information like social security numbers, employee identification numbers, and more.

In the instance of common patterns, the administrator uses simple radio buttons to determine the desired actions associated with a particular type of content.

Virtru DLP - Easy to use Radio Buttons for Rules

2) Custom Rules – Administrators can configure custom rules based on sender, recipient, message or attachment content, and more.  Rules are boolean and can be expanded easily with if/then logic.

In this simple example, we’ve set up a rule to detect messages sent outside of our domain that also  contain content that seems to be confidential.

Once detected, the email is automatically encrypted, attachments are removed, and the administrator is blind copied notified.


Rule Packs – Virtru rule packs allow organizations to get a quick start on configuring DLP rules for patterns associated with specific regulations or standards, such as HIPAA. Watch this video for a tour of Virtru’s HIPAA Rule Pack in action:

End User Experience

Virtru DLP provides feedback to end-users and takes actions based on the rules set up by administrators.

For instance, in the first screenshot, an administrator has Virtru DLP set up to warn the end user if an SSN is detected. When the user sends a message, the end user’s Virtru plug-in scans the message and attachment content and provides an easy reminder to the user to encrypt the message.  This is all done on the end user’s computer and, like our other products, Virtru never has access to message content.

DLP WarningWhen a DLP rule is configured to CC or BCC an administrator or other party, this operation is conducted transparently to the user.  Rules set to automatically encrypt take this action immediately when the end user clicks “send,” ensuring that sensitive content will not leave the organization unprotected.

Any time a Virtru DLP rule is triggered, this event is recorded  for later audit by the administrator.


Ready to Get Started?

Virtru DLP is now available to all organizations using Google Apps (now known as G Suite).  Chrome and Firefox support is currently available, and Outlook 2010, 2013 and 2016 support will be available in the coming weeks.

Ready to see more? Schedule a demo to see for yourself how easy it is to set up powerful data protections using Virtru DLP.

Subscribe to Our Newsletter

Connect With Us

Dive Deeper