Data classification labels for Gmail are no longer in open beta as Google has made them "generally available." This feature allows organizations to categorize their emails using custom labels or by leveraging existing data classification labels already in use within Google Drive.
Google provides a little insight into why this is a big deal:
Data breaches are increasingly common and costly across all organizations, including enterprises, public sectors, and government institutions. By extending data classification labels to Gmail, Google Workspace offers admins a more comprehensive and integrated system for protecting sensitive information.
Admins can define rules based on these labels, perhaps preventing emails marked "Internal" from being sent outside the company, or automatically applying a "Confidential" label to messages containing specific sensitive content like financial data.
Since the open beta launched, Google has rolled out several improvements. These include auto-classification labeling integrated with Data Loss Prevention (DLP) rules, which can automatically assign a label based on message content. For web users, these DLP rules and actions triggered by labels are applied instantly, providing immediate feedback.
Google also added "Sensitive content snippets" for Gmail messages that trigger DLP rules, giving users a quick heads-up about what caused the flag. For the administrators managing all this, audit logs now include events specifically related to labeling, such as when a label is applied or removed, which helps with reporting and analysis. Importantly, support was added for both Android and iOS devices, ensuring data protection policies extend to mobile users.
Google says the instant application of auto-classification and DLP rules directly within Gmail is a significant benefit. It not only helps enforce policy but also educates users in real time, allowing them to fix issues before a message is sent, which should help reduce accidental data leaks. The availability across desktop and mobile devices means this layer of protection is consistent wherever users are accessing or sharing information.
For admins who were already using the feature in beta, there is no change to the experience. New admins can enable classification labels at the domain, group, or individual user level via the Admin console, and they have the option to sync labels used in Drive for use in Gmail.
Users, depending on the rules set by their administrator, might see a dialog box explaining that a message cannot be sent due to a rule triggered by a label and how they can modify the message to comply. Google mentioned that the instant application of DLP rules and actions triggered by labels on mobile devices is coming soon, which is anticipated in May.
Looking at the available editions, the Label Manager tool and manual classification are quite broadly available across many Google Workspace tiers, including Frontline Starter and Standard, Business Standard and Plus, Enterprise Standard and Plus, Education Standard and Education Plus, Essentials, Enterprise Essentials, and Enterprise Essentials Plus. You can access the Label Manager tool by going to Security > Access and data control or admin.google.com/ac/dc/labels in the Admin console.
On the other hand, the Data Loss Prevention rules that use labels as a condition or action are limited to higher-tier plans like Enterprise Standard and Plus, Education Fundamentals, Standard, Plus, and the Teaching & Learning Upgrade, Frontline Standard, and Cloud Identity Premium when combined with a compatible Workspace edition.
In related news, Google Workspace has received numerous feature updates over time, including a strong focus on AI integration with Gemini across apps like Docs, Sheets, and Meet for tasks such as drafting content, analyzing data, and summarizing meetings, the introduction of an AI-powered video creation tool, Vids, and more.
3 Comments - Add comment