As discussed in our previous blog post 6 Google Drive Data Loss Prevention Practices for every CIO, your Google Shared Drive structure is one of the first pillars to a complete Drive DLP strategy.
One dilemma many CIOs and system admins may face is not knowing how to best structure their organisation’s Shared Drive (or where to begin).
That’s common when first deploying Google Drive for your users, or when they’ve been using Drive for some time without sticking to a specific structure.
In the second scenario, however, you’ll have multiple files and folders spread out across Shared and My Drives. It may even feel like you need cowboy tools to assign everything to its proper place — Which isn’t true, but that’s a topic for another day.
To start, first decide on how you want to set up your Google Shared Drive structure — It’s the architectural equivalent of a design master plan.
Below are the three most common Shared Google Drive structure options, with a glimpse on what each option presents.
Let’s help you ‘drive’ the most efficient structure to your organisation.
You might be thinking should I create one Shared Drive with a folder for each area — OR one Shared Drive for each area? (area= department, team, project or whatever best describes your organization).
However, your Shared Drive structure choice heavily depends on what your organisation looks like. Particularly:
- Organization size and industry.
- Number of teams.
- Do their workflows differ or intertwine?
- Is there any information that NOT everyone should view/ or have editor rights to?
Now let’s dive into your three options:
A single Shared Drive for your entire organization (aside from users’ personal ‘My Drives’), with users added as viewers/editors of their area’s folder.
- Drive Security: From a management perspective, it may seem easier. Instead of managing dozens of Drives you simply manage one. You can also search for files more efficiently.
However, this could entail remarkable DLP and Security risks, especially when different users have access to sensitive or ‘classified’ information.
One way to address this is by deploying folder level permissions for your Shared Drive to pare down access to different folders — Yet, you still need to pay extra vigilance to Drive file ownership to avoid things like lost or orphaned files.
Checkout our blog post Manage Google Drive File Ownership like a Security PRO to learn more.
- Collaboration: This could improve internal collaboration when different people need constant access to different resources across different areas.
- Storage Limits: Drive could run into file/size limits on the long run. While there’s a 400k file limit on each shared Drive, it actually fills up faster than you’d think.
Overall, this would be the option we least recommend, especially for bigger organizations dealing with sensitive information.
Create a Shared Drive (previously known as Team Drive) for each area, then add the correct users to their relevant Drive.
For larger domains, ideally, each “area” would get a prefix (e.g. OPS for operations), followed by a Drive name related to the subject/ team/ project (e.g. OPS- Training).
- Drive Security: From a Drive security perspective, this is a far better choice because users can’t view folders from other areas and checking permissions for each Drive folder would be easier.
You can also be more selective about who has access to what, thereby improving your overall information security operations.
Additionally, you can create user groups and assign Shared Drive permissions at that level to get more granular. Especially if you have many users.
|PRO TIP: Disable users’ ability to create Shared Drives. Otherwise it could turn into a mess, especially if users confuse sharing a folder in their My Drive with creating a Shared Drive folder.|
A Mix of Both
Alternatively, you can balance out the scales by adopting a mixed Google Shared Drive structure that integrates both of the above options:
- Creating a “View only” Shared Drive where only admins, IT staff and managers have editor rights, but all employees can view. This would include essential information everyone needs like templates, forms, etc..
- Create another “Open” Shared Drive where everyone can upload, download and edit information and files. Here you can keep things like project plans, calendars, etc.
- Finally, create One Shared Drive for every area. That way every department can adjust the workflow and layout of the shared Drive to its specific workflow and needs.
For more information on how to manage Shared Drives make sure to check Google’s recommendations here.
We hope you’ve found this post useful — Feel free to share it with your peers on social media using the buttons below 👇