What’s changing
You can now automatically restrict the ability to download, print, and copy sensitive documents through data loss prevention (DLP) rules. These new DLP-driven information rights management (IRM) controls, currently available in beta, will make it more difficult for users to make copies of documents that might expose sensitive content.
G Suite DLP rules already enabled admins to limit the sharing of documents directly. However, users could make copies of documents by printing it, copying it to unmanaged locations, or downloading it to physical media. These copies were not subject to the same sharing controls, increasing the risk of that content being exposed.
There are already controls so that document owners and editors can manually prevent viewers and commenters from printing, copying, or downloading their files. However, this placed the responsibility of selecting the correct restriction on a file on end users.
Who’s impacted
Admins and end users
Why it’s important
The new IRM controls will help ensure that only a single version of sensitive documents exists, and therefore that company DLP policies will help protect it. This could help reduce the potential for accidental or intentional exposure of sensitive content in documents. It also reduces the need for end-users to recognize and manually adjust the IRM settings for files, creating a more scalable and automated process to protect your organization’s content.
Additional details
Admin setting for IRM in the DLP rule creation workflow
When you’re creating or editing a DLP rule, there will be a new option: “Beta: Disable download, print, and copy for commenters and viewers.” If selected, this will prevent downloading, printing, and copying of the document unless the user has editor or owner permissions. Note that this is only available as part of our new Drive DLP system.
Admins can add IRM controls to DLP rules
Users will see new notifications on affected files
Document editors and owners will see a new note when in the settings section of the sharing screen, as pictured below. Users with view or comment access will not be able to download, copy, or print the document—these options will be greyed out for them. Note that this only places limits on “viewer” or “commenter” roles within Drive.
Document owners and editors will see a new note when they try to share the document
Document viewers and commenters will have print, download, and copy options greyed out
Getting started
- Admins: This feature will be OFF by default and can be enabled as part of new and existing DLP rules. Visit the Help Center to learn more about how to create new DLP rules and see FAQs about the Drive DLP IRM beta.
- End users: There is no end user setting for this feature.
Rollout pace
- This feature is available now for all users.
Availability
- Available to G Suite Enterprise, G Suite Enterprise for Education, G Suite for Education, and G Suite Enterprise Essentials customers
- Not available to G Suite Basic, G Suite Business, and G Suite for Nonprofits, and G Suite Essentials customers
Resources
Roadmap
- This feature was listed as an upcoming G Suite release.