Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DLP using client configuration - prevent messages with some patterns from being sent unencrypted #4629

Open
tomholub opened this issue Aug 23, 2022 · 3 comments
Open

DLP using client configuration - prevent messages with some patterns from being sent unencrypted #4629

tomholub opened this issue Aug 23, 2022 · 3 comments
Labels
actionable
Milestone
discussion

Comments

@tomholub
Copy link
Collaborator

tomholub commented Aug 23, 2022
edited
Loading

Google has its own mechanism for this https://cloud.google.com/dlp/ - you can configure it with various regexes and it may eg reject a message that the user is trying to send through standard gmail compose, across platforms.

FlowCrypt could also offer a list of regexes that customer can configure, passed through client configuration.

That way, the browser extension could inform the user that their email contains sensitive information, and prompt them to use encrypted email instead. This means the user will be informed as they are composing the message, not after.

Implementation-wise, it would be something like the following in client config:

  "prompt_switch_to_encrypted": [
    {"name": "Credit Card", "regex": ["\d{12-16}", "(\d\d\d\d\s?){4}"]}
  ]

The content script will then look for content of standard gmail compose, and scan it against these regexes. If there is a match, it would show a modal like The content of your message includes sensitive information: Credit Card. You should encrypt this message before sending. [Use encrypted message] [Continue composing].

The Use encrypted message would use existing functionality that copies the content from the compose window and opens new secure window and pastes it there. We currently use this for a similar prompt Your recipients use encryption: switch to encrypted message
@tomholub tomholub added this to the Second priority milestone Aug 23, 2022
@tomholub
Copy link
Collaborator Author

tomholub commented May 3, 2023

As an alternative approach, an important customer of ours uses labeling mechanism from Google Workspace to classify sensitive messages. And then they have particular labels that highlight that a message is sensitive. I don't know at which point the label is applied, whether it's during composing or only after it's sent, that would have to be tested. Here's an example of the settings:

image

@tomholub
Copy link
Collaborator Author

Here's what it looks like when composing a message - it will have a semicolon separated list of labels that I blacked out, which could be interpreted to look for the interesting labels and force user to use encrypted window instead:

image

@tomholub
Copy link
Collaborator Author

Similar when receiving email (unsure if this would need to be interpreted, I imagine the labels only matter to us when composing):

image

@tomholub tomholub modified the milestones: First priority, discussion Oct 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actionable
Projects
None yet
Milestone
discussion
Development

No branches or pull requests
1 participant
@tomholub