What you need to know about Google Workspace Drive DLP Data Protection Insights

Greater visibility into cloud data security is a good thing – unless a report tells you that your business is at risk due to vulnerable FDA prescription drug data, but you don’t have any. What’s worse than a scary alert about data risk? When that alert is >50% wrong!

That’s what happened to us when we followed up on a notification from Google Workspace about its new Drive DLP data protection insights, available to certain Business and Enterprise accounts. This quarterly report is supposed to list files containing sensitive data types stored in the cloud Google Workspace (formerly known as G Suite) application and are accessible to the entire world. That objective is great! Who wouldn’t want to know when sensitive data is incorrectly shared with the entire world. However, as we dug deeper we became concerned about the approach and the accuracy of these results. What initially caught our eye is that Google analysis shows that 34% of our company’s sensitive data has been shared outside our organization, as well as curiosity about why we were getting flagged for at-risk prescription data.  

As we investigated Google’s findings, we drew the conclusions listed below. In short, Google took a strong step forward to raise awareness about this urgent data security risk. Innovation and growth are great, but this solution is not ready for the vast majority of businesses that desperately need assistance in this very space. If you received the email from Google introducing the DLP data protection insights report and want to learn more about our experience, see the summary below and watch our video. 

In this video, Michael will give you a sneak peak into the new Drive DLP Data Protection Insights services provided by Google today.

1. Drive DLP raises awareness for the need for cloud data protection in a work from cloud reality. 

Looking at the types of data stored in the cloud and shared with people outside your organization is an eye-opener for many companies. Moreover, when you consider that Google Docs, Sheets, and Slides gives you the ability to name other people as editors who can then share it with other people, you begin to realize how easy loss of personally identifiable information, health data, account numbers, or any sensitive data can be. Google’s quarterly report is a laudable attempt to increase visibility of the problem; however, it is also succumbing to the classic challenges of data protection solutions - massive false positives and lack of workflows for businesses to easily act on these alerts (no, automatic blocking of a highly false positive alert is not a reasonable workflow for any business). 

2. Google’s tool may be helpful for big corporations with large security teams. 

It took some time to figure out how to set up rules and then go through the hundreds of alerts they produced when deployed in a small company. The solution does provide additional insight, but at a cost. Because of poor accuracy and a large number of alerts, security teams would need to integrate the alerts into SOC workflows using considerable amounts of human time for individual investigation and response. Businesses with IT security staff may have the resources to make checking the DLP data protection insights report into their workflows, but this is a non-starter for smaller companies that can’t invest in numerous human analysts or customer security engineering cycles.

3. False positives set businesses up for failure.

Depending on how an organization sets up its rules, the tools can return numerous false positives, alerting their team to incidents that really aren’t putting sensitive data at risk. This is most easily seen from the sample report provided by Google itself. Using our own systems as an example, we received numerous alerts for prescription drug data - something we don’t have in our GSuite instance at all. In addition to taking more time than necessary to manage data protection, false positives will eventually lead to alert fatigue, which causes people to ignore alerts. The last thing we need is an inaccurate system flooding us with alerts that are wrong - or worse, deployment in auto blocking mode that results in disruptions to business operations across the company!