Protecting sensitive company data is no longer just a best practice—it’s business critical. In today’s world, data breaches can have serious consequences, from financial losses and reputational damage to legal repercussions and operational disruptions. That’s why Chrome Enterprise Premium, our advanced secure enterprise browser offering, includes a growing suite of Data Loss Prevention (DLP) capabilities to help organizations safeguard their sensitive information and maintain compliance.
Google recently launched a number of enhancements to Google DLP capabilities, giving you even more granular control over your company’s data. This blog post will explore how these new capabilities support your organization’s comprehensive DLP journey—from discovering potential risks and user behavior, to controlling data flow with robust security measures, to investigating potential incidents with detailed reporting and analysis, and finally, to expanding protection beyond desktops.
Discover and understand user behavior
Understanding how your users interact with data is the first step in preventing data leaks. Chrome Enterprise provides powerful tools to gain visibility into user activity and to identify potential risks:
1. Chrome Security Insights
Chrome Security Insights empowers Chrome Enterprise customers to proactively identify potential threats with simplified security monitoring. This feature monitors key security configurations, security event logging, and 50 common DLP detectors with just a few clicks. Administrators gain valuable insights into high-risk activities through detailed reports on users, domains, and sensitive data transfers, enabling swift identification and remediation of security concerns. Start your 30-day Chrome Enterprise Premium trial and enable Chrome Security Insights here.
2. URL Filtering Audit Mode [Currently in Public Preview (beta), general availability coming soon]
Chrome Enterprise Premium’s URL Filtering Audit Mode offers a valuable tool for organizations seeking to refine their web access policies. It allows administrators to selectively activate monitoring of employee browsing activity without enforcing restrictions, providing insights into users behavior and potential security risks. By analyzing this data, IT and security teams can make informed decisions regarding URL filtering rules, striking an effective balance between security and user productivity. See here to learn how to configure URL Filtering Audit Mode.
Enforce DLP controls
Once you understand your users’ behavior, it’s time to put the right controls in place to prevent data leaks. Chrome Enterprise offers a robust set of in-browser protections.
1. Copy and paste protections
Controlling how users interact with sensitive data is crucial. Chrome Enterprise Premium’s copy and paste protections allow you to restrict or block users from copying sensitive information from web pages or pasting it into unauthorized applications or websites. This granular control helps prevent data exfiltration and ensures that sensitive information stays within designated boundaries, reducing the risk of data breaches and helping with compliance with data protection regulations. The copy and paste protections include:
- Preventing data leakage to Incognito mode: Concerned about sensitive data being copied into incognito mode, where it can potentially bypass security measures? Chrome Enterprise Premium now allows you to block or warn users when they attempt to copy data between regular browsing sessions and incognito windows.
- Controlling data sharing between applications: For organizations looking to prevent data leakage to external applications, Chrome Enterprise Premium now allows you to block or warn users when they attempt to copy data from your web applications into external programs like Notepad, Microsoft Word, or other apps.
- Isolating data between Chrome profiles: Shared devices or users with multiple Chrome profiles can introduce risks of data cross-contamination. Chrome Enterprise Premium’s new copy-paste controls now allow you to block or warn users when they attempt to move data between different profiles.
- Securing sensitive emails: Emails often contain highly confidential information requiring stringent protection. With Chrome Enterprise Premium, you can implement specific rules, such as blocking any copying from Gmail unless it’s being pasted back into Gmail.
See more details about setting up copy and paste protections here.
2. Watermarking
Watermarking acts as a deterrent to unauthorized data sharing. Chrome Enterprise Premium allows you to apply visible watermarks to sensitive company documents viewed in the browser, displaying information like the user’s email address, date, or a custom message. This helps discourage data exfiltration and makes it easier to trace the source of any leaked information. See here on how to set up watermarking with Chrome Enterprise Premium
3. Screenshot protections
Screenshots can be a convenient way to capture information, but they also pose a data leak risk. Chrome Enterprise Premium’s screenshot protection allows you to prevent users from taking screenshots of sensitive content within the browser. This adds another layer of protection to your DLP strategy, limiting the potential for unauthorized data capture. Learn how to set up screenshot protection rules here.
These controls work together to create a comprehensive security strategy, limiting the ways in which data can be exfiltrated from your organization.
Investigate potential data leaks
Even with the best preventative measures in place, it’s crucial to be prepared to investigate potential security incidents. Chrome Enterprise provides tools to help you quickly identify and address threats:
1. Evidence Locker [Currently in Private Preview, general availability coming soon]
The evidence locker provides a secure repository for storing files and data that require further investigation by security teams. For instance, if an employee attempts to download a non-public financial report, Chrome Enterprise Premium can block the action and retain a copy of the file in the evidence locker. This triggers a detailed report for IT and security teams, enabling them to take appropriate investigation and remediation steps. Stay tuned for more information on the upcoming release of Evidence Locker.
2. Chrome Extension Telemetry in Google Security Operations
Chrome Enterprise Core integrates with Google Security Operations, our cloud-native security analytics platform, to provide deeper visibility into browser activity. Previously, detection and response teams were limited to analyzing static extension attributes. Now, you can set dynamic rules that continuously monitor extension behavior in your production environment, enabling proactive identification and remediation of risks before they escalate into threats. For example, you can monitor if extensions are unexpectedly contacting remote hosts or accessing cookies. This enhanced visibility empowers your security team to detect and mitigate data theft and infrastructure attacks in near real-time, significantly reducing your organization’s vulnerability to malicious extensions. See how to set this up here.
Expand protection to other platforms
Chrome Enterprise is committed to extending its threat protection capabilities beyond the desktop.
1. Mobile threat protections
With the growing use of mobile devices for work, securing the browser on these devices is essential. Chrome Enterprise Core is extending its threat protection capabilities to Android devices with download blocking. This feature will allow organizations to set policies to prevent users from downloading malicious files flagged by Google Safe Browsing from the web onto their mobile devices, bringing threat protections beyond desktops. Organizations can also choose to block all downloads on Android on managed Chrome. Get started with Chrome Enterprise Core today at no additional costs.
Chrome Enterprise Premium: Your partner in DLP
These features are just a glimpse into the comprehensive DLP capabilities offered by Chrome Enterprise. Google are consistently enhancing our security capabilities to help organizations like yours take a proactive approach to data loss prevention, safeguarding sensitive information at the critical browser layer and ensuring compliance in today’s increasingly complex digital landscape.