I’ve been a Google Workspace (GSuite) admin at work, and have used Workspace for my personal email, for over a decade. I’ve seen a number of vendors with Google Workspace DSPM and DLP solutions over the years, but quite frankly I don’t see the point, nor how they could be as effective as Google themselves (both theoretically and practically).
Admittedly, Google hasn’t been the fastest to release features that enterprises want, but when they do, I find they’re superior to third-party offerings. Even when Google hasn’t released a specific feature you want, there’s often a way to use their API’s to achieve a reasonable level of security. As an example, it’s trivial to find files shared outside the organization, and potentially remediate them automatically, or report on them for follow up. A good starting point is the Google Drive search api, alternatively, take a look at the Google command line Swiss army knife GAM/GAMADV-XTD3.
As a starting point, I recommend enabling basic DLP, and consider if there’s any use-cases for creating custom content detectors. In place of endpoint DLP agents, consider if you’re able to implement an endpoint (MDM) control to restrict browsing to Chrome Enterprise, and utilize Chrome’s Insider Risk monitoring. For organizations operating in regulated industries, the use of Google’s Advanced Protection, and data sovereignty controls might be helpful to your compliance program.