We’re introducing a new product to our Cloud Office Security Suite – Data Protection for Google Drive. Google Workspace customers can now leverage Material to illuminate blind spots and block exfiltration paths across your entire Google Drive footprint – swiftly, and with precision at scale.
By design, documents in Google Drive are meant to contain private information, encourage collaboration, and be shared with others. However, this doesn’t take long to become a messy sprawl of highly sensitive and regulated data. The right way to protect the environment isn’t always obvious as it’s difficult to answer fundamental questions around “What’s in my Drive?” and “Where is it shared?”
One of our specialties at Material is our unique method of identifying and safeguarding sensitive data. We've done this for email unlike anyone else, protecting the treasure trove of confidential information that exists across all employee mailboxes over time. We're thrilled to extend this effort to a new domain in shared file repositories by offering support for Google Drive.
The key to protecting Google Drive is to find and fix toxic combinations
Mitigating the risk of shared file repositories lies in detecting the toxic combinations of confidential data, excessive permissions, and improper sharing that are prevalent in daily use. What happens if trade secrets leak, earnings statements are seen too soon, or personal health information is exposed? When looking at data, permissions, and sharing in isolation, it’s difficult to infer what’s risky versus what’s normal business behavior. Adding it up is where one can start to identify patterns that are worthy of attention, but to do so typically involves a heavy lift. Material makes this automatic.
Discover sensitive data across My Drive and Shared Drive contents
Material connects to your Google Workspace environment via native APIs, and syncs your historical file repositories with our underlying data platform. We model the environment to enable in-depth visibility across file metadata, contents, permissions, and sharing settings across selected My Drives and Shared Drives. File contents are scanned against our ML-based detection rule set that covers a wide range of sensitive content across PII, PCI, PHI, and other confidential classifications.
With our powerful data platform as the foundation, you gain an intuitive search interface that guides you through your Google Drive footprint to identify toxic combinations. We designed this search interface specifically for Google Drive—nothing else comes close to this level of depth and focus.
Calculate permission sets and sharing settings
To ensure files have the right levels of access, both internally and externally, it’s important to understand how permissions are modeled and inherited. This can be a challenge with Google Drive as there’s more than one way to grant someone access – you can share files and folders by email, by domain, or with a link, and assign Viewer, Commenter, or Editor rights. The inevitable sprawl of files is only compounded with the inevitable sprawl of permissions.
To break it down in a manner that makes actionable sense, we calculate the total access outcomes for files within our data platform and present a unified view so you can better visualize who can access what under which conditions. We also distinguish external access by domain so you can quickly see where select files are being shared.
A unified access model makes it easier to search by permissions and sharing settings. For example, you can search for all files shared externally to freemail accounts, or for all files accessible by a single user. More precise search leads to more precise automation, so you can ensure your security policies are being adhered to in practice, not just written down for good measure.
Automatically revoke external access across files in bulk
The primary remediation mode to fix toxic combinations in Google Drive is to revoke access. Easy on the surface, but when you consider the conditions of the whole space, it becomes a multi-dimensional puzzle. When is external sharing valid and when is it not? Are there users that belong to groups that they shouldn’t? Which settings should change when a document is modified to add confidential information?
The first step to solving this puzzle is to get precise with search-based filtering. The next step is to build policies around search results that trigger automation. From a file detail or search results view, you can choose to revoke access across one or more files. As there may be cases where some external sharing is valid and others are not, you can explicitly select which domains you wish to revoke.
Keep your productivity suite productive with Material Security
At Material, we focus our efforts on the productivity suite because we believe that, as the cloud office, it’s critical infrastructure to any organization. And as critical infrastructure, in-depth security defenses that can effectively stop attacks and reduce risk are paramount – but depth is what’s missing from what’s built-in and what’s typically offered up by others who treat the environment like just another SaaS application.
Expanding our unique approach to data protection to shared file repositories is a natural step in our product evolution. We’ve spent years building and improving our sensitive data classification engine, working closely with customers of all shapes and sizes, so we know what it takes to become a force multiplier to your organization.
The new capabilities with Data Protection for Google Drive solve hard data discovery, governance, and access problems that you won’t get from traditional DLP tools that only inspect what’s moving around on the surface.
