Skip to main content
Skyhigh Security

About Gmail Inline DLP

When using Inline Email DLP for Gmail, remediation actions occur in real-time so data never leaves your organization through Gmail email messages.

NOTE: Skyhigh Security supports Gmail Inline DLP only for outgoing emails.

Prerequisites 

Before you begin, make sure that you have:

  • Admin account to the GSuite tenant.
  • Skyhigh CASB tenant
  • Opened a ticket with Skyhigh Support and requested assistance in pre-configuring your tenant.


IMPORTANT: If you require Email DLP for both Gmail and Exchange-Online simultaneously, contact Skyhigh CASB Support

 

NOTE: When Inline Email DLP users send an email, there is a time-out of 55 seconds to receive a response from Skyhigh CASB Gateway SMTP server. If the DLP inspection or policy evaluation is not finished within 55 seconds, Skyhigh CASB Gateway SMTP server uses the fail open process which relays the email back to Gmail without waiting for the policy evaluation to finish.

This time out can be over-ridden by allowing the policy evaluation to continue in the backend and cache the results. If Skyhigh CASB Gateway SMTP server processes the policy evaluation for more than 55 seconds, it allows the connection to time out instead of using the fail open process. Skyhigh CASB Gateway SMTP server continues policy evaluation in the background, and policy evaluation results are cached temporarily. When an email is re-sent after the time out, Skyhigh CASB Gateway SMTP server inspects the cache to see if the policy evaluation results are still available and then takes the appropriate action (Allow, Block) on the email. The maximum time out if the policy evaluation result is not yet ready (still processing) is set to 30 minutes by default.

NOTE: Gmail doesn't support Quarantine and Delete response actions.

Workflow

clipboard_e6a37d087a8b99a91ecaf7f5be3f0985d.png
 
Workflow steps are as follows:
  1. A user in your organization sends a message. 
  2. Based on mail routing rules configured in Gmail, messages are forwarded to the Skyhigh CASB Gateway SMTP server.
  3. The Skyhigh CASB Gateway SMTP server proxies the connection from the Gmail server (2), performs DLP inspection, and proxies back the connection to the Gmail server (4).
  4. The message is received by the Gmail Server.
  5. The Gmail Server forwards the message onto the original destination(s).
  • Was this article helpful?