Nightfall Documentation
  • Sensitive Data Protection
  • Data Security Posture Management
  • Data Exfiltration Prevention
  • Data Encryption
  • Firewall for AI
  • Nightfall Data Encryption
  • Encryption FAQs
  • Gmail
    • Data Encryption for Gmail - Overview
    • Installing Nightfall DLP
      • Installing Nightfall DLP on Individual Devices
      • Installing Nightfall DLP Across Organization
    • Creating Policies for Encryption
      • Integration
      • Scope
      • Advanced Settings
      • Creating Policy
      • Remediation for Data Encryption
      • Encryption Policy FAQs
    • Nightfall Encryption - Sender Experience
    • Nightfall Encryption - Recipient Experience
    • Encryption Events Page
Powered by GitBook
On this page
  • Admin Alerting
  • Encryption Settings
  • Disable Forwarding
  • Persistent Protection
  • Set Expiration
  • Overriding Encryption Settings
  • Disable Forwarding
  • Persistent Protection
  • Set Expiration

Was this helpful?

Export as PDF
  1. Gmail
  2. Creating Policies for Encryption

Advanced Settings

PreviousScopeNextCreating Policy

Last updated 7 months ago

Was this helpful?

The advanced settings page allows you to configure the Admin alerting and Plug-in defaults section.

Admin Alerting

The admin alert settings are the same for Gmail DLP and Gmail encryption protection. You can refer to the admin alerting section for details on configuration. Data encryption policies support alerting to Slack, Email and Webhooks.

Encryption Settings

The Encryption Settings section consists of automated actions. Automated actions are automatically applied on emails before they reach the recipient's email. You must first enable the toggle switch and then select the check box for the required action to be applied in the policy. Nightfall supports the following automated actions.

Disable Forwarding

With this action, recipients cannot forward the email to any other user or user group. Once enabled, the forward button is hidden for senders within Gmail. By default, recipients cannot forward any emails or add additional recipients when replying to emails via the Secure Reader

Persistent Protection

With this action, the recipients cannot download or copy the contents of attachments included in the email. Attachments with persistent protection enabled can only be accessed via the secure reader.

Set Expiration

This action allows you to set an expiration time on the email. With this action, the encrypted email has an expiration time after which the recipients cannot access the email.

Overriding Encryption Settings

While Nightfall administrators set default encryption settings in policies, users have some flexibility to modify these settings when composing emails. Here's how each setting can be overridden:

Disable Forwarding

Users can enable forwarding even if it's disabled by default in the policy.

Persistent Protection

Users can enable persistent protection on attachments even if it's disabled by default.

Set Expiration

Users can enable expiration even if it's disabled by default. If both admin and user set an expiration time, the shorter time period is applied.

Key Points:

  • User actions in the Gmail compose window can override default policy settings.

  • This flexibility allows for case-by-case adjustments to encryption settings.

  • For expiration times, the most restrictive (shortest) time is always used.

This approach balances organizational security policies with user discretion, allowing for adaptability in specific communication scenarios while maintaining overall security standards.

The settings configured by the Nightfall admin are applied by default to all the user/user groups who are included in the policy . However, in some cases, the default settings configured by Nightfall admin are overridden. The following section describes the scenarios in which each of the encryption settings can be overridden.

scope
Gmail DLP