Learn how K-12 Google Workspace Admins secure and manage Google Shared Drives easily
Schools today store and process huge amounts of data in Shared Google Drives.
Some of this Drive data may be curriculum-related, and some may contain private staff and student information that needs to be protected.
If you’re a K-12 admin you probably understand how Shared Drives can be one of Google Workspace’s best and trickiest features.
While they certainly facilitate online teaching and file collaboration, Shared Drives get messy FAST if not well managed and maintained.
This can lead to private data leakage or data loss and generally complicates your Google Drive tasks as an admin.
It’s also important to regularly audit and secure those Shared drives to protect students and staff against increasing cyberattacks targeting schools recently.
‘’The education sector was responsible for at least 172 data breaches in 2021, making it the second most vulnerable to security incidents.’’ — GDPR.co.uk
5 BEST PRACTICES TO SECURE AND MANAGE SHARED GOOGLE DRIVES
1. REVIEW YOUR SCHOOL’S SHARED DRIVE FOLDER STRUCTURE
Reviewing your school’s Shared Drive folder structure is one of the first steps to securing and managing Google shared Drives.
That’s because, with all the file collaboration happening there, things can jumble up pretty quickly.
With the right folder structure, everything will be processed and stored in the right place as users continue to work in Drive.
You’ll also be able to identify where sensitive files lie and set up the right measures to secure them.
This will ultimately help you ensure that only authorized users have access to protected files/ and folders.
2. AUDIT GOOGLE DRIVE FILE SHARING
File sharing is one of the most important areas to AUDIT regularly.
As students and staff share files internally and externally, you need insight into these Drive file-sharing activities.
To effectively do so you’ll need to:
A. AUDIT INTERNAL AND EXTERNAL FILE SHARING:
Unusual file sharing is your first whisperer of Drive data leakage or malicious activity.
External file-sharing of sensitive files in the wrong direction can have huge data breach consequences.
Similarly, Internal file sharing of sensitive files with unauthorized users can bring in unexpected data security hazards.
By reviewing Google’s File Sharing report in the admin console you can get a glimpse into how file sharing exposes your domain’s data.
You can also use GAT+ to get the FULL Drive file-sharing picture and see things like files shared in more granularly.
B. SECURE FILE SHARING:
Allowing full shares to all Shared Drive files (and folders) can result in users sharing everything everywhere.
This can bring about many data security hazards that can be easily avoided.
To secure file sharing more granularly you need to set up different sharing policies and settings for groups or departments across your school:
- Apply sharing settings for certain users. Check out Google’s advice on setting sharing permissions.
- Set up policies and alerts to secure file sharing in Google Shared Drives.
This will alert you to sharing violations in real-time so you can take fast and immediate actions like removing sharing permissions from shared files.
3. SET UP GOOGLE DRIVE DLP
Data loss prevention (DLP) protects your school’s Google Drive data against loss, misuse, or unauthorized access.
When working in shared drives, DLP becomes more of a priority as there are usually multiple collaborators working on files.
Checking the DLP incidents report in the admin console is one good way to monitor this area.
You can also follow our 6 Google Drive Data Loss Prevention Practices for the FULL scoop on how to ensure Google Drive DLP.
4. ENSURE DRIVE DATA COMPLIANCE
Data Compliance and Google Drive management are closely interlinked.
Without having a proper Drive management process in place you can’t locate and secure sensitive data like students’ grades, Staff’s SSNs, absence reports, etc.
Google Drive data mapping is one effective way to ensure that only the right people can access sensitive or protected Drive files.
Also, to prevent the alteration of sensitive information you can enable notifications for anytime a collaborator makes a change in a Google Docs file.
5. CAREFULLY OFFBOARD USERS FROM SHARED DRIVES
Finally, let’s not forget about graduates and staff members who leave your school.
With the right file access permissions, leavers can continue to access (and share) files, even after you’ve deleted their account.
This can happen if they share sensitive information to private email addresses, change file access rights, etc. before leaving.
That’s why after offboarding users (students and staff) you need to perform a quick log review of their account activity to check for sharing via link actions or personal accounts.
This will show you if the user changed files into a public link or added their personal email account to files as a collaborator to still access them.
When it comes to managing Google Shared Drives in education settings, the need for consistent auditing, protection, and preparation is now more urgent than ever.
This can be achieved via:
- A solid Drive folder tree structure
- Auditing your domain’s Drive File sharing activity
- Setting up Drive DLP
- Ensuring Drive Data Compliance
- Carefully Offboarding users from Shared Drives
Want to learn more about how to best manage Google Shared Drives? — Check out our Admin’s Google Drive Management Playbook.
Facing a particular admin challenge related to Google Drive management? Give us a shout at email@example.com. We’ll be happy to help.
Audit. Manage. Protect.
Discover how Management & Security Services can help you with deeper insight and on-call, personalized assistance.