DLP Risk Assessment Engine
DLP Risk Assessment Engine
The GSuite DLP system uses automated risk scoring to identify potential security threats through behavior analysis and file sensitivity assessment.
Dual-Scoring System
User Risk Scoring (0-5 Scale)
Assesses overall user security risk based on:
- Download Behavior (30%): Volume, frequency, and patterns
- Sharing Behavior (25%): External shares and concentration
- Access Patterns (20%): Time, location, and device anomalies
- Policy Violations (15%): Historical compliance issues
- External Activity (10%): Risky external interactions
Risk Levels:
- 0-1 (Green): Low risk - compliant, predictable user
- 1-2 (Light Green): Moderate risk - normal business activity
- 2-3 (Yellow): Elevated risk - heightened activity
- 3-4 (Orange): High risk - concerning behavior patterns
- 4-5 (Red): Critical risk - immediate security threat
File Sensitivity Scoring (0-20 Scale)
Evaluates data sensitivity using:
- Content Classification (35%): Keyword detection
- Metadata Indicators (25%): File name, location, labels
- Access History (20%): Who has accessed the file
- Owner Context (15%): File owner’s role and department
- Manual Tags (5%): User-applied classification
Sensitivity Levels:
- 0-5 (Green): Public/low sensitivity
- 5-10 (Yellow): Internal/moderate sensitivity
- 10-15 (Orange): Confidential/high sensitivity
- 15-20 (Red): Restricted/critical sensitivity
Behavioral Analysis
Baseline Establishment
The system learns normal behavior patterns over 30-90 days including:
- Average downloads and shares
- Typical access hours and locations
- Known devices
- File type preferences
Anomaly Detection
Flags deviations from baseline such as:
- Download volume spikes
- Access from unusual locations
- Off-hours activity
- New or unknown devices
Trend Analysis
Identifies accelerating risk patterns:
- Increasing download rates
- Growing external share activity
- Unusual behavior velocity
Risk Threshold Configuration
Customizable thresholds for:
- Daily/weekly/monthly download limits
- External sharing quotas
- Sensitive file access limits
- User risk score triggers
Organizations can configure conservative, moderate, or permissive threshold levels based on their security requirements.