👏 BetterCloud acquires Tricent to revolutionize file security.

Read all about it here.
tricent bc logo

Sysadmins, enable a safe file-sharing environment in Google Workspace

It all starts in the Admin Console Don’t block external file sharing, because we’ll guide you step-by-step on how to get the best of both worlds - namely, data security and external collaboration. The two most important security settings that need to be made will be found under Apps and Security. Access admin.google.com with your…

By Tricent · August 24, 2021

The Drive and Docs Settings

We’ll start off with the Google Drive App, as it’s somewhat easier and faster to configure.

Click on:

Apps > Google Workspace > Drive and Docs

From here you’ll be presented with the following screen. However, we’ll be focusing exclusively on the “Sharing settings” section. Use the checklist and the screenshots in the upcoming section as guidance.  

Checklist for “Sharing settings”

(Disclaimer: This checklist must be adjusted accordingly to each organisation and its industry. Use this checklist as a guidance, but feel free to contact us if help is needed)

Extra security measures (Optional)

Although we won’t be covering these extra measures, they are worth mentioning. Feel free to contact us if help is needed.

Screenshots

Please note that this part could be adjusted accordingly to the different OUs, Groups, or Users. However, for the sake of simplicity, we’ll apply the following settings across the whole domain.

Sharing Options

Shared drive creation

Link sharing

The Security Settings

Still afraid that your users will leak any customer files, HR reports, business plans or any other sensitive data?

Data Loss Prevention (DLP) is a solution that catches emails and documents with sensitive data and prevents them from being leaked. In Google Workspace it’s called “Drive DLP” and needs to be configured via the Admin Console.


Click on:

Security > Data Protection

From here you’ll be presented with the following screen. Make sure to turn on the “Data scanning and report”.  

Data Protection Dashboard

There are two key concepts you need to understand before getting started with Drive DLP – namely, rules and detectors.


We have written a more detailed guide about DLP in Google Workspace, which you can download here. However, here’s a quick 101 on DLP.

How the DLP engine works

Whenever a sender wants to share files, it must first go through a “DLP engine” before it gets sent to the recipient. The DLP engine detects if the file contains any sensitive data and reacts based on rules created by the admin e.g. block files with sensitive data from being shared.

This ultimately means that the DLP engine will only be as effective as what it has been configured to detect and react upon.

DLP templates

Google has built 9 ready-to-use templates, which literally take less than a minute to configure. From the data protection dashboard – click on:

Manage Rules > Add Rule > New rule from template

Try using the “Prevent financial information sharing” template to stop credit cards, bank accounts and other financial data from being leaked with external parties.

DLP detectors

While the templates are great, they might not always suit your needs. That’s when detectors come in.

Detectors inform your DLP engine when a document contains one or more sensitive keywords (e.g. confidential, restricted, internal use only, copyright, etc). They can also be configured to detect more advanced patterns via regular expressions (e.g. employee and customer ID numbers). From the data protection dashboard – click on:

Manage Detectors > Add Detectors

DLP rules

Once you have created your detectors, it’s time to enforce an action through DLP rules.

You can configure rules to:

  • Disable shared files from being downloaded, printed or copied
  • Warn users on external sharing
  • Block external sharing of sensitive data
  • Alert admins about external file sharings

From the data protection dashboard – click on:

Manage Rules > Add Rule > New Rule

Checklist for DLP

We have written a more detailed guide about Drive DLP in Google Workspace. It covers everything related to configuring your DLP engine from scratch (with screenshots) and teaches you the basics of regular expressions. Download it here.

Extra Data Security Measures

Did you know that sysadmins can use GAM scripts and Tricent Compliance Tool to remove the file permissions of external collaborators?

Both methods help organizations to audit, protect and revoke any file that has been shared externally. In other words, files that have been distributed as email attachments, public links, or via a non-Google Drive environment cannot be remediated in the case of potential data leakage.  

Google Apps Manager (GAM) is a command-line tool that essentially carries out a series of operations in the Google Admin Console (see screenshot). It’s primarily used for automation and bulk operations, but it can also be used to audit your Google Workspace environment – for example:

  • View how many Google Drive files your organization has
  • Check how many of them are shared externally
  • Revoke some or all company files shared with 3rd-parties

… and much more


We have written a more detailed guide about GAM, which you can download here.

Screenshot of Google Apps Manager

GAM gives the sysadmin the power to monitor and control all file sharing activities taking place inside and outside the organisation. While GAM is great for the sysadmin, it doesn’t help the non-technical people to understand and protect their file sharing activities.

The Tricent Compliance Tool is a web app that makes it simpler for everyone in the organisation to audit and clean up their shared files. It lets users collaborate externally, sysadmins to control the file sharing activities and organisations to comply with data protection policies.

 

One more thing – there is something you need to know

Did you consider that the complexities of file-sharing pose significant challenges that require more than just basic management tools like Google Apps Manager (GAM)?

You can read more about this here: https://www.tricent.com/blog/why-gam-might-not-be-enough-the-intricacies-of-file-sharing-and-the-need-for-comprehensive-solutions/

Free Trial on Google Workspace Marketplace:

You can start your free trial today and gain insight into your file-sharing footprint. (Please note that you must have admin rights to your Google Workspace tenant.)

  • Install Tricent directly from Google Workspace Marketplace:
  • Get instant insight into your external file-sharing footprint.
  • Identify potential security risks and analyze sharing patterns.
  • Test key functionalities and experience the ease of use.
  • Subscribe to access advanced features like automated remediation, custom policy settings, anomaly detection etc.

Don’t leave your sensitive data vulnerable. Choose the option that best suits your needs, and start securing your Google Workspace today!

Try our interactive demo