Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Google Drive Sharing Settings & Native Rights Management Features

Getting the Most Out of Google Drive – Part 1 of 3.

Google Drive eliminates many of the traditional problems associated with file collaboration by providing an intuitive way to create, store, share, and manage documents in the cloud. Organizations that understand Google Drive sharing settings and native controls can enhance secure cloud collaboration. However, Google Drive introduces significant new security risks and requirements.

Organizations considering file sharing in G Suite should get very familiar with Google Drive sharing settings and native control features for each tiered G Suite offering, then determine where layered security can fill any gaps the security team identifies.

G Suite Basic, Google’s entry level offering, does not include the granular data protection controls necessary to meet regulatory or corporate confidentiality requirements. All enterprises will require Google Drive for Business at a minimum for suitable controls, while heavily regulated organizations driven by compliance will need to consider Google’s enterprise plan. More robust controls come with significant costs: the enterprise plan retails for five times as much as the Basic plan.  

Information Rights Management in Drive

Built-in Google Drive sharing settings and information rights management features determine how users interact with Drive. Different permission levels can be associated with files or folders, such as edit, comment only, or view only. Administrators can limit files to internal use only, restrict access to certain departments or roles, disable sharing, printing, or copying, and blacklist (or whitelist) specific domains. Admins can also set up Team Drives – shared spaces used to store, edit, and access files. Team Drives belong to a group, not an individual, so files stay put even when the individuals who created them leave.

Google Drive sharing settings and rights management controls support basic corporate security requirements, but they break down in cross-platform collaboration workflows. When files are shared beyond Drive with external partners, controls don’t travel with them, so G Suite organizations need an overarching strategy for controlled, secure external sharing workflows.

Security Risks with Collaboration in Drive

Keeping documents secure while supporting collaboration is a balancing act in Google Drive. Administrators should pay close attention to end user workflows to remove as much friction as possible while maintaining the highest level of control over their data.  

External Sharing Concerns: Passwords vs Open Link Sharing

If recipients don’t already have Google accounts, document creators must choose between two poor alternatives: forcing recipients to create a new Google account, or sharing an open, public link.

Forcing collaborators to create a new Google account inhibits the productivity Drive is designed to enable. This makes collaborators create and manage another password, on top of the nearly 200 other passwords the average business user already keeps track of. And despite all the data breach headlines over the past few years, 123456 remains the most common password. When collaborators set weak passwords, they open another attack vector and increase the risk of data loss.

Open link sharing, while more convenient, adds significant risk. Creating an open link and enabling public sharing essentially forfeits your control over the document. Anyone who gets the URL can view sensitive content. A collaborator could accidentally send the link to the wrong recipient, who can then forward to other unauthorized users. This drastically increases risk of data loss and violates privacy and regulatory compliance requirements.

Since the vast majority of organizations share content with external parties that are not already using Google, this is a significant security concern.

Unauthorized Insider Access Risks

Insider sharing and unauthorized employee access is a key security concern within Google Drive. The rapid internal collaboration and file sharing workflows in Google Drive exacerbate the risks that confidential memos, financial records, and privileged HR documents containing healthcare, benefits, and salary data fall into the wrong employees’ hands. All it takes is one careless user action to lead to an employee relations crisis. That’s why it’s critical for administrators to set guardrails by managing Groups and OUs properly, then configuring folders and Team Drives with the appropriate rights management settings.

However, administrative precautions can only go so far. At a certain point, it’s up to your users to prevent access by unauthorized insiders by leveraging Google Drive sharing settings and rights management controls in a way that synchronizes with your internal policies. Regular training sessions can help, but organizations taking a more proactive security posture add control layers on top of Google Drive’s native functionality.

Collaborate Carefully

Google Drive has made powerful collaborative capabilities accessible to all businesses, of all sizes. Enterprises using Drive must support that collaboration with controls that extend Google Drive’s native security. Adding enhanced control features ensures that data remains private when stored in the cloud and secure when shared with external parties.

Enhanced protection and control functionality is often necessary to ensure secure file sharing. The vast majority of G Suite customers that operate in heavily regulated industries will implement third-party solutions to implement defense in depth in G suite. As long as your employees interact with sensitive content, your data will be at risk. The ultimate goal should be to protect data with solutions that work behind the scenes to support sensible, secure business practices.

Learn how Virtru enables secure sharing workflows in Google Drive with fine-grained access controls here.