About
This document reviews connecting a third-party data loss prevention service with the Virtru Gateway (Virtru SaaS Hosted or On-Premise). The Google DLP service will be the example used throughout, but any DLP application which can append an email with a custom SMTP header is compatible. With this guide, you will be able to set up your organizations mail flow to leverage third-party DLP in conjunction with Virtru encryption. References are included at the bottom of this document with links to Google DLP documentation, as well as the Virtru Control Center.
Assumptions:
- Virtru Hosted Gateway, or Virtru Customer Hosted Gateway is configured within your environment
- Access to a Data Loss Prevention System which can append SMTP Headers for outbound email
Install Steps
Configure Data Loss Prevention Rules in the Admin Console of Google Workspace
- Log in with your Google Workspace Admin Account at admin.google.com
- Go to Menu Apps > Google Workspace > Gmail > Compliance
- Select your Outbound Encrypt Content Compliance Rule
- Add Expression(s), Select Predefined Content Match
- Choose from the list of pre-defined DLP rules offered by Google (Multiple can be added to the same rule)
- Click save to apply the changes
Full list of Predefined Detectors offered by Google Workspace
Notice from Google: Supported editions for this feature: Frontline Standard; Enterprise Standard and Enterprise Plus; Education Fundamentals, Education Standard, Teaching and Learning Upgrade, and Education Plus; Enterprise Essentials Plus. Compare your edition
Add Custom Header to your existing Outbound Encrypt Content Compliance Rule
- Add custom header
- This will append the custom header to any email message which is flagged by the DLP rules in your Content Compliance rules
- Validate that your rule is routing mail to your Virtru Gateway
- Example: Header Value: GDLP, Header Key: DLP01 (Full string will appear as X-GDLP:DLP01 in the email headers)
Add custom header check in Virtru Control Center to trigger encryption upon detection of the email header
- Navigate to the Virtru Control Center
- Select the Admin Tab, and open the Email Rules for your Virtru Organization
- Scroll to the bottom of the page to add a New Custom rule
SMTP Header Check Example Rule
- Within the 'if' condition, select SMTP Header (if you do not see this option, please contact your Virtru Representative)
- Select Contains
- Input your Custom Header Key into the text box shown
- For the 'then' condition, select Encrypt Email
- In the below example, Virtru systems will trigger encryption when the string DLP01 is detected in a given messages headers:
- Send a test email through the Virtru Gateway with content that will be detected by your DLP rules, and subsequently have your new custom SMTP header applied
- Validate on the recipients inbox that the email is being successfully encrypted by the Virtru Gateway
References
Google Documentation on Configuring DLP Rules