Wednesday, July 31, 2024

Prevent downloading, printing, or copying files by combining Data Loss Prevention rules with Context-Aware Access conditions

What's changing

Controlling access to sensitive content stored in Google Drive is a critical component for any company's security posture. One way admins can do this is with data loss prevention (DLP) rules that enable Information Rights Management (IRM) on specific files. This allows admins to disable actions that can lead to accidental or deliberate data exfiltration, such as downloading, copying, and printing. 


Today, we’re expanding these protections by enabling admins to combine DLP rules with Context-Aware Access conditions. When combined, admins can configure if IRM should be enforced based on context conditions, such as a user’s location or IP address. This gives admins the ability to configure context-aware-access conditions in a more granular way and is an important step forward in applying administrator controls at the document level. Prior to this release, Context-Aware-Access can only be used to restrict full access to an entire application. 



Getting started

  • Admins: This feature will be OFF by default and can be enabled per-file by creating DLP rules with a CAA access level attached. See this help center article for more information on how to configure these rules.

  • End users: Depending on your admin configuration, you may be restricted from taking certain actions on Drive files.

Rollout pace

Availability

Available for Google Workspace: