Secure Google Drive File Sharing in 3 Steps (for Google Admins)

Secure Google Drive File Sharing: Audit, Manage, Automate!

Google Drive file sharing has revolutionised the way we work. We can now collaborate faster in real-time and access files from anywhere, anytime. 

While this has tremendously accelerated and improved the way we work — it also introduced a new  data access concerns and threats for enterprises.

In this post we’ll show you how to maintain such ‘’collaboration ease’’ while securing Google Drive file sharing in the process.

How to Secure File Sharing in Google Drive ?

Step 1: Audit Internal and External Drive File sharing

External file sharing of sensitive data in the wrong direction can have big data compliance implications.

Similarly, internal file sharing of sensitive data with unauthorised users can bring in unexpected data security hazards.

As an admin you need to see the FULL picture of your domain’s Drive file sharing activities (and methods) to better understand your security needs.

• Start by regularly reviewing Google’s file sharing report in the admin console. 

(This gives you details on different file sharing methods. It also includes which shared files have been viewed frequently, and which outside domains have been shared to more often).

• Complete the picture using a third-party tool to dig deeper beyond the admin console.

(See things like incoming files shared in, publicly shared Google Drive files and more)

Note: The Security Dashboard in the admin console also includes a brief summary of file exposure data but might be limited.

Step 2: Manage Shared Google Drive Files

Time to act on what you’ve audited.

Set up Drive management measures to remedy file sharing violations and limit access to sensitive Drive data.

Here are a few admin actions to consider based on your organisation’s file sharing needs and security situation.

From the Admin Console:

• Set Drive file sharing permissions
• Restrict sharing to certain domains
• Control how users share links to files
• Restrict the access levels users can give to files

(See Google’s advice on setting sharing permissions for more on the above settings)

Using a third-party Google Workspace auditing tool:

• Revoke external file shares in Google Drive
• Replace current Google Drive sharing permissions
• Find all files shared to Gmail accounts and remove them
• Set and detect file sharing policy violations
• Remove permissions to sensitive Drive folders and their sub-folders
• Remove external shares when files haven’t been accessed for a certain number of days.

(We’ve embedded links on how to perform each using GAT+ and GAT Unlock)

Step 3:  Automate Google Drive Sharing with Policy Alerts

Finally, seal your monitoring and security game with Google Drive policy alerts and alert rules.

Alerts ensure Drive file sharing is monitored 24/7. Alert rules enable you to act fast to prevent (and avert) data compliance incidents.

Here are a few admin options to consider:

• Set up Google Drive DLP Alerts: create and apply Data Loss Prevention (DLP) rules to control the content that users can share in files outside the organisation.
• Create DLP Drive rules: Create complex rules and specify an action that sends a message to the user that their content has been blocked.
• Set up Google Drive DLP alerts for shared out files
• Enforce ‘Restricted mode’ to sensitive Drive files and folders

Automations brings you peace of mind and makes for a more agile and prompt security system.

Closing thoughts

Allowing full shares to all Drive files (and folders) can result in users sharing everything everywhere, causing a big Drive access mess.

The above steps will help you better understand your domain’s Drive file sharing activities, control file access as needed, and set off the right action on time.

Other steps that also help boost your Drive security include better securing users’ Google accounts, managing shared Drives wisely and auditing linked Google Drive Apps.

SEE: The Admin’s Google Drive Management Playbook