Skip to main content
All CollectionsHOW-TO guides
How to Secure Your Google Drive Configuration
How to Secure Your Google Drive Configuration
Reco Product Management avatar
Written by Reco Product Management
Updated over a week ago

Introduction

This article provides security guidelines for sharing and managing Google Drive files and folders in your organization. This will help employees work together in a secure way both internally and with any third-party organization, while enhancing business collaboration. By leveraging Reco's Business Context Justification engine that maps high-impact business initiatives, you can reduce the risk inherent to digital collaboration, while enabling business acceleration through collaboration using Google Drive.

Please note that after applying these changes, it can take up to 24 hours for them to take effect. During this time, older and newer settings may be enforced concurrently.

For more information please visit: https://support.google.com/a/answer/60781#restrictoutside

Setting Link Sharing Options

To set link sharing options:

  1. Log in to your Google admin account at https://admin.google.com/.

  2. Navigate to Apps -> Google Workspace -> Settings for Drive and Docs.

  3. Mark the following checkboxes:

a. For files owned by users in <your organization>, warn when sharing outside of <your organization> . This will warn users when they share a file outside of your domain.

b. When sharing outside of <your organization> is allowed, users in <your organization> can make files and published web content visible to anyone with the link.

Distributing Content Outside the Organization

To control content distribution:

  1. In the Distributing content outside of <your organization> pane, select Only users in <your organization>. This implements the following policy:

a. People with Manager access to a shared drive can move files from that shared drive to a drive location in a different organization.

b. Users in the selected organizational unit or group can move content from their My Drive to a shared drive owned by a different organization.

Disabling Default Link Sharing Access

To disable default link sharing for new files:

  1. In the pane below, select OFF.

Opening Secured Shared Drives for Business Processes

To manage shared drives per business process:

  1. Identify the organization’s high-impact business initiatives. For example a specific group/team, or a specific process such as Finance or Legal.

  2. Create a new process using RecoLabs (see Appendix).

  3. Create a shared drive per business process in drive.google.com.

4. Log in to your Google admin account at https://admin.google.com/.

5. Navigate to Apps -> Google Workspace -> Settings for Drive and Docs -> Manage shared drives.

6. Right-click the shared drive button of the specific drive that you have just created.

7. Set the drive access based on the policy required by the associated business process.

8. Look for the most active users in each process in the Most Active Users section in Reco's process mapping screen.

9. Add business owners as Manager/Content Manager.

10. In case of a sensitive process that shouldn’t be shared externally, you can optionally restrict access to the entire drive from external domains.

Moving Data from ״My Drive״ to Shared Drives

To ensure privacy, G Suite does not allow administrators to move files from users’ personal drives. Only the users can move their files.

​​To migrate users’ files from their private drives to a shared drive, the users should “move” their files (make sure not to “copy” them). That way, links remain intact and existing collaborators retain access.

  1. Communicate with the business-owner and present the process mapped by Reco.

  2. Look for the “owner” field in the “Files” table of the process screen. The “owner” represents the user that obtains files related to the process on his organizational “My Drive”.

  3. Contact each one of the owners, and ask them to move their process-related files to the new shared drive.

Disabling existing “anyone with the link” permissions

In the case of files with “anyone with the link” access on a shared drive (these actions don’t work for files stored on “My Drive”):

  1. Create a temporary folder on the shared drive.

  2. Move all the files into the temporary folder.

  3. Change the permissions of the temporary folder to “anyone with the link”.

  4. Change the permissions of the temporary folder back to “restricted”. This action disables any existence of “anyone with the link” access.

  5. You can now move back all files to the root of the shared drive and delete the temporary folder.

For more information about how to migrate data from the business group’s My Drive to their process drive, please see:

Move files to shared drives - Google Workspace Learning Center

Securing On-going Data Collaboration

After identifying the high-impact business initiatives and creating new processes using the Reco Application (see Article), the Reco engine automatically applies out-of-the-box policies for identifying security incidents such as exposed files, revocation of access recommendations, unjustified access, etc. All the incidents will appear on the Incidents Feed.


Did this answer your question?