Skyhigh CASB's email passive mode Data Loss Prevention (DLP) solution is designed to scan email as it is sent by a user. When a Gmail user sends an email, G Suite sends a copy of the email to Skyhigh CASB for analysis. You must configure Gmail to use Skyhigh CASB passive email DLP.
Before you begin, make sure that you have:
- A G Suite Enterprise account. (G Suite for Business will not work.)
- An admin account to the G Suite tenant.
- An Skyhigh CASB tenant
Configure Passive Email DLP for Gmail
Perform the following steps in both the Google Suite administrator console and Skyhigh CASB.
To configure Gmail:
- Log in to Skyhigh CASB.
- Go to Settings > Service Management and click Add Service Instance.
- Select Gmail, enter a name for this new instance, and click Done.
- Select Configure for the new instance.
- Domains. Enter the public domains that Skyhigh CASB DLP will accept for Email DLP.
NOTE: This list of domains is shared with other Email DLP services (for example, Exchange).
- Copy the journal mailbox, as you need this later. Do not click Next yet.
Log in to the G Suite admin console at https://admin.google.com and go to Billing. Make sure that the license is GSuite Enterprise. (This is mandatory.)
Go to Home > Apps > GSuite > Gmail.
Select Advanced Settings.
On the General Settings tab, find the Routing section
For Third-party email archiving, select Configure.
Enter a description for this third-party email archive.
Paste the journal mailbox you copied from Skyhigh CASB under Send journal messages to this email address.
- Return to Skyhigh CASB.
- Under Passive Email DLP, select the checkbox for I have set up journaling in Gmail and have verified that envelope-journaled messages will be sent to the address above. Then click Next.
- Review the configuration and click Done.