This is left unchecked by default.Īnother less than obvious but essential setting is allowing external sharing permissions for Team Drives. Clicking the box allows people in the organization or group to search for this file. There’s an additional setting hidden behind the gear on the permissions and sharing box that’s only available to groups using Google Drive: a search setting.
Google Drive permissions controls that would enforce PoLP aren’t easy to find. Document settings may default to private (only the user can see and make changes to the document) but it’s very easy to set a user as an editor of the document, where they can have immense control.Įditors have permission to change permissions and add other users to a shared document - giving them near-administrator level powers. The problem here, as TechTalks points out, Google Drive and the related applications like Google Docs and Sheets tend toward a most-privilege policy.
As a best practice for managing applications, PoLP gives minimal access to any user or component, and only increases those privileges when explicitly instructed by an administrator. You probably keep a certain set of knowledge and sensitive information on a need-to-know basis within your company. Problems like this can be avoiding by adopting the principle of least privilege, or PoLP. The NHS changed the permissions to private after receiving the tip. Wired UK found the files entitled “Product Direction: Release One” and labelled “OFFICIAL – SENSITIVE” and alerted the National Health Service. It’s important to know what each of these access levels mean and how changing settings can impact the visibility - and therefore security - of your data and files.įor example, Wired UK reported on a breach where the UK government accidentally revealed some of its future plans for its COVID-19 contact-tracing app by leaving them on a publicly accessible Google Drive. When sharing a document or folder with another user in Google Drive, there’s a number of ways to set access levels, both for individual users (like viewer or editor) and for an organization (like sharing only within the users within your business). Pay close attention to your permissions settings in Google Drive (photo courtesy of Google Developers) #1: Know your Google Drive permissions and best practices H ere are four concepts to understand about Google Drive’s sharing and permissions settings that can help save your organization from a major data loss or breach event. Cloud infrastructures like Google Drive must be secured to protect data while preserving the best user experience possible. And not a moment too soon with the exodus of employees from the office to working from home. 59% can see data from other departmentsįortunately, taking control of your organization’s Google Drive permissions is easier than ever.69% can view data they didn’t contribute to.73% of employees have access to data they didn’t create.Help Net Security reported in February on the reality of how everyday users interact with cloud-based tools like Google Drive: Functionality comes first for most people. It’s so easy to use that many users gloss over sharing permissions and other settings designed to protect business-critical data and files from leaking outside the organization. More than 90% of organizations store data in the cloud, and 60% rely on cloud file storage systems like Google Drive to collaborate across remote teams, internal departments, and external partners. Google Drive is built for easy access, sharing, and management of files and folders for personal and business users.