Skyhigh CASB's email passive mode Data Loss Prevention (DLP) solution is designed to scan email as it is sent by a user. When a Gmail user sends an email, G Suite uses the third-party email archiving feature to send a copy of the email to Skyhigh CASB for analysis. A copy of the email is sent in parallel to the original email. This means that Skyhigh CASB receives a copy of the email with no impact of the delivery to the original recipient. This workflow provides notification, but no active remediation.
The workflow uses the following steps:
- An email is sent or received by the user.
- G Suite delivers the email to the original recipient (Skyhigh CASB can't block emails from being sent or received)
- G Suite is configured to send copies of emails to Skyhigh CASB over secure SMTP (this is configured in G Suite admin under Gmail advanced properties)
- Skyhigh CASB receives a copy of the email using an SMTP listener (Sky Gateway Email Mode). The listener is set up by Skyhigh CASB.
- Skyhigh CASB scans the email using a DLP engine.
- As required, Skyhigh CASB sends a notification email to the user regarding policy violation.
Prerequisites for G Suite Email DLP
- An Enterprise G Suite license to provide the third-party email archiving feature.
- A G Suite tenant configured for third-party email archiving.
- The third-party email archiving destination (where the copy of the email is sent).
Upon receiving the message from the Gmail, Skyhigh CASB temporarily stores the email in S3, which acts as a queue. Each message is encrypted with a customer-specific encryption key. The instant the message has been processed it is removed permanently from S3. We don't retain customer emails post-processing.