When files are shared too broadly, they can pose a security risk by exposing data to a broader audience than necessary. To resolve such issues, it’s recommended that file permissions be reduced to include only those who need access to the information in order to perform their jobs. The process of updating permissions in order to mitigate security risks is a kind of remediation. Remediation is the process of performing a specific set of actions by a security team member in order to resolve or partially resolve a security incident. Performing remediation helps you protect your business:
removing the threat of data exposure
minimizing risk by stopping the exposure of data already accessed without business justification
Reco helps manage file sharing for your security team by:
continuously monitoring the files that are found in any of the sources you have connected
identifying and prioritizing incidents based on the risk that the related events pose to your business
alerting on security risks and guiding you through the recommended remediation, also based on your business processes
Depending on the issue, Reco can recommend relevant steps and guide you through remediation. By working with Reco, you can resolve issues significantly faster, and from within Reco, without needing to change context to multiple platforms.
When you have configured a connection to Google Drive specifically, Reco monitors, and alerts on assets that:
are stored on individual users’ private folders
accessible by users inside or outside the organization without business justification
have been viewed, downloaded or edited by users inside or outside the organization without business justification
that have been shared by users inside or outside the organization without business justification
The information provided in the rest of this article explains how to remediate issues with Google Drive files from the Incident Investigation area of Reco:
How to remediate Google Drive files
From the Investigate Further area, scroll down to the Files at Risk part to understand which files pose risk:
From any of the files in the list, click Remediate.
The side panel opens with extensive access details for the specific file.
From this view, the People with Access section lists all users who currently have access to the specific file. You can see complete details for each of these users: their name, email address, and their access level (their role) for this file.When reviewing the list of users, if you find someone who does not need access in order to perform their jobs, click Remove Access next to their name.
About 5 seconds after you click the link, the specified user’s access is removed from the file.
If you refresh the screen, you’ll notice their name no longer appears in the list.Scroll down in the side panel to the General Access section
This section gives details about the overall access provided for this file. With Google files, access can be provided as follows:Restricted access - only specified users can access and only according to the permissions assigned to them explicitly; if access is restricted then most likely remediation of the incident requires removing users explicitly, as explained in the previous step.
Anyone in your organization with the link - anyone inside your company can access the file if they have the link.
Anyone with the link - anyone in the world with the link can access the file.
If access is available by the link, click Restrict Access to update file-level access to be restricted to only those users specified.
When access is updated, confirmation appears