How to manage Google Shared Drives at your enterprise?
Shared Drives can be a tricky territory for Google Workspace admins.
While they power up file collaboration and facilitate things like remote working in Google Workspace, you need to ensure such activity is Secure, Data compliant, and enforce Data loss prevention (DLP).
This may not always be the most straightforward job for admins, and we understand that.
In this post, we’ll share our 5 Top recommendations to secure and manage Google shared Drives from the inside out.
1. REVISE YOUR DRIVE FOLDER STRUCTURE
Your Drive folder structure is one of the first keys to securing and managing Google shared Drives effectively.
That’s because if Google Drive is your core file collaboration tool, without a proper structure in place things can get pretty messy fast.
Also, understanding your folder structure helps you identify where sensitive files are. From there you can set up the right measures to secure and protect them.
2. AUDIT GOOGLE DRIVE FILE SHARING
File sharing is Google Drive’s best and trickiest feature.
While it offers fantastic collaboration perks, it can also introduce a whole range of security hazards if not managed properly.
Below are TWO admin practices you’ll want to maintain to effectively manage Google Drive file sharing:
I. AUDIT INTERNAL AND EXTERNAL FILE SHARING:
Abnormal file sharing is one of the first tell-tale signs of Drive data leakage or malicious activity.
This covers files shared out and into your organization.
External file-sharing of the wrong files in the wrong direction can have huge data breach consequences.
Similarly, Internal file sharing of sensitive files with unauthorized users can bring in unexpected data security hazards.
That’s why you need to stay on top of these two areas by regularly reviewing Google’s File Sharing report in the admin console.
You can also use GAT+ to get a FULL view of your organization’s file sharing and see things like files shared, more granularly.
II. SECURE FILE SHARING:
Allowing full shares to all Shared Drive files (and folders) can result in users sharing everything everywhere — which is the last thing any admin needs.
As an admin, you can set different rules for groups or departments:
- To apply sharing settings for certain users check out Google’s advice on setting sharing permissions.
- You also need to set up policies and alerts to secure the file-sharing process in Google Shared Drives.
This will alert you to any sharing violations in real-time so you can take fast and immediate action like removing sharing permissions from shared files.
3. SET UP GOOGLE DRIVE DLP
Drive Data loss prevention (DLP) ensures that sensitive Google Drive data is not lost, misused, or accessed by unauthorized parties.
When working in shared drives, DLP becomes more of a priority as there are usually multiple collaborators working on sensitive files.
To get a general sense of this area make sure to monitor the DLP incidents report in the admin console.
You can also follow our 6 Google Drive Data Loss Prevention Practices for the FULL scoop on how to ensure Google Drive DLP.
4. ENSURE DRIVE DATA COMPLIANCE
Data Compliance and Google Drive management go hand in hand.
Without a proper Drive management process, you can’t locate and secure sensitive data like Personal Identifiable Information (PII).
Google Drive data mapping is one of the best ways to ensure that only the right people can access sensitive or protected Drive files.
Also, to prevent the alteration of sensitive information you can enable notifications for anytime a collaborator makes a change in a Google Docs file.
5. LOCK LEAVERS OUT OF SHARED DRIVES
Finally, let’s not forget about employees who exit your company.
Leaving users usually have the big advantage of knowing what sensitive files lie in shared drives, and where to find them.
With the right file access permissions they can continue to access (and even share) these files, even long after they’ve left your organization.
Even if you delete their account, they can share sensitive information to private email addresses, change file access rights, etc. before leaving.
That’s why after offboarding users make sure to perform a quick log review of their account activity to check for sharing via link actions or personal accounts.
This will show you if the user changed files into a public link or added their personal email account to files as a collaborator to still access them after leaving the company.
Facing a particular admin challenge related to Google Drive management? Give us a shout at email@example.com. We’ll be happy to help.
What to read next? — Check out our Admin’s Google Drive Management Playbook.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.