Ingeniøren (Danish for The Engineer) is a newspaper for engineers – traditional, software, IT engineers – as well as for tech leaders, technology enthusiasts, and other niche work areas for specialized types of engineers. Today they have about 180.000 readers, having grown one of the largest audiences for their topics compared to other publishers in Denmark.
From email attachments to Google Drive
Chief Information Officer (CIO) Lars Emil Christensen and IT consultant Alex Schou Jensen disclosed that they transitioned from a Microsoft culture with file servers for internal use and email attachments for external communication to collaborating in Google Drive. This made daily production work and file-sharing easier for their users, especially the journalists. They have been using Google Workspace for about 10 years now.
The more files, the bigger the risk
The journalists were creating a lot of Google Drive files on a daily basis, and they were also sharing accordingly. However, the IT department had no control over file-sharings and feared sensitive information being leaked, especially before GDPR would be in effect. As a result, 3 years ago they decided to turn off external sharing completely. The decision was taken as a precaution and as a proactive approach to data protection.
Blocking external sharing only solved part of the issue
While users could still share internally, they were no longer able to share files externally. The problem was that journalists would still need to collaborate with informants and other third-party companies on articles and stories. That’s why the IT department created a common “sharing account” to overcome this issue. However, that quickly hampered the work of both the journalists and the IT department; the journalists needed to deliver news in an almost “real-time” manner, and the IT would have to carry out other technical tasks besides granting access to the account. What’s more, IT didn’t know which files from the sharing account eventually needed to be unshared, only the journalists did.
Why is unsharing important?
The journalists would sometimes be communicating sensitive information with outsiders, and while this wasn’t a GDPR-related issue, that information classified as confidential data such as company secrets, plans, documents, etc.
“It’s important to unshare primarily because of sensitive data. Also because we might have information that should only be shared in a short period of time with certain people. That could be all sorts of things, it could be company secrets, it could be … I wouldn’t say directly GDPR-related things, but some things could be sensitive. For instance, if you work together on a contract for a new employee, you might want to share that with an external lawyer to look it through, but you don’t want that file to be forever shared. You want the sharing to die at some point.”
— Lars Emil Christensen
Did you know that …
When it comes to email attachments and file servers, you don’t have the possibility of revoking sharing permissions i.e. killing the sharings, whereas in Google Drive you do?
The ingenious solution 1.0
Ingeniøren’s Google Workspace account didn’t include Data Loss Prevention (DLP) for Drive, feature which automatically prevents sensitive data from being shared externally.
Instead, Lars Emil and Alex came up with a rather creative approach to cleaning up their shared files with Google Cloud Search. They created a string containing sensitive keywords such as “sick”, “CV”, “application”, etc. that each user would run on their personal work account.
The Google Cloud string would scan emails, documents, sites, groups, and calendar meetings matching the given keywords (see screenshot). Each employee would then delete everything that is not worth keeping and revoke outsider access to files that are still in use internally. By frequently educating the users on GDPR and data protection best practices, the users were operating on a strong trust-based culture and doing the cleanup on their own. “It was trust-based, but through a lot of communication, almost all of our colleagues were aware of GDPR since IT wrote about it a lot, so everyone had it on top of their mind. People were pretty good at doing the cleanup,” said Lars Emil Christensen.
The ingenious solution 2.0
Over the years, the IT department had found various creative ways to deal with file-sharing while educating the users on how to do it properly, but it wasn’t until recently they came across a tool that would allow external collaboration and automate the cleanup process, all without unsharing anything that shouldn’t be unshared.
They were introduced to Tricent through a Google Workspace partner, Apps People, who pointed out that people forget about or leave shared files unattended, especially in a hectic work environment. Because of that, Ingeniøren decided to give Tricent a go.
Happy users, happy IT
Everyone was very receptive to Tricent from the beginning, since it meant they would be able to share again outside the organization.
“The users have a good experience with Tricent. They’re happy to share again and accept the tradeoff to clean their shares every once in a while”
— Lars Emil Christensen
But it wasn’t just the users that were happy about Tricent Compliance Tool. A big load was taken off the IT department’s shoulders as they didn’t have to worry about exposing files to third parties for longer than needed. Instead, they gained visibility into the file-sharing process and can now control and audit all users’ sharings.
“TCT takes some of the workload off the IT department and puts some of the responsibility on the users who are making the sharings. It is only fair that they get to decide which files should be unshared or not.”
— Lars Emil Christensen
There are also other perks that come with it though.
“Before Tricent, we couldn’t unshare anything from people’s own Drive. Now we can automate the storage and cleanup process.”
— Alex Schou Jensen
Managing file-sharing: it takes two to tango
By going with Tricent, Ingeniøren solved 2 things: 1) it made their users’ lives easier by automatically reminding them when to unshare files while allowing them to share externally again and 2) IT admins can now automate unsharing and cleanup processes, gain control and visibility of the sharings, and not have to worry about improper sharing habits on the users’ side.
At Tricent we believe that collaboration should be facilitated, not hampered, so now users don’t have to depend on IT to carry out their daily tasks and the other way around. Users can go back to their old ways of sharing, just in a much safer way. What’s more, they also become aware of their file-sharing habits as the frequent reminders train them in a way, and the responsibility between the users and IT is finally divided fairly.