Project Description

📖 4 mins read

Google Drive Data Loss Prevention (DLP) — That one requisite baffling CIO’s the most. 

According to The Economist, ‘the world’s most valuable resource is no longer oil, but data’. So it makes sense that we’d want to protect our data assets from sly prying eyes, loss or damage 24/7.

When most of that data is stored in Google Drive, ensuring Google Drive Data Loss Prevention (DLP) is imperative, But is there a secret ‘1+1=2’ equation to ensure Google Drive DLP? That’s what we’ll unravel together in the next 4 minutes!

6 Google Drive Data Loss Prevention Practices every CIO Must Know 1

6 Best Google Drive Data Loss Prevention Practices for 2021

To ensure Google Drive Data Loss Prevention you need to develop best practices for it, and stick to them.

So Grab a fresh post-it (or open a new Google Keep) and jot down the below DLP practices to revisit and maintain as you go.

1- Build a DLP friendly Drive Structure

It all starts with your organisation’s Drive structure.

You want to ensure that your company’s Google Drive structure is in order

Start by finding out which files lie in personal or ‘My Drives’ and need to be moved to ‘Shared Drives’ and vice versa. Then move those files to the right and ‘secure’ place in your Drive.

You may also need to decide whether it’s better to create a shared drive with a folder for each area or one shared drive for each area? — that should help make your future Drive Audit operations easier.

**Checkout our post: How to restructure Google Drive files and folders in 3 easy steps**

Blog- 6 Google Drive Data Loss Prevention Practices 2

2- Audit Drive File Ownership and Access Management 

Who has Access/ Ownership rights to which files or folders? 

Now that you’ve got your Drive structure in order let’s move on to file ownership and access management. This is perhaps the most important DLP practice you need to vigilantly observe. Why?

Without knowing who owns which files and who can access them you can’t protect your most valuable data from being lost or leaked.

More importantly, you must ensure law-protected data isn’t accessed by unauthorised parties.

To do that you need to continuously audit your company’s Google Drive to grant and revoke file ownership and access rights to the correct users, especially when it comes to sensitive files.

One helpful way to do this is by creating “nested” groups to manage access to content and resources. This helps you decrease duplication, simplify administration, and centralize Drive access management.


Locking Important Drive Docs ?️

You may also consider ‘Locking’ your MOST sensitive Drive Docs. There are two ways to achieve that:

  1. Encrypt Docs: Google doesn’t yet offer native individual password protection for Docs. But you can encrypt them on your PC then upload them using Google’s Backup and Sync desktop program. The downside to this approach is that you won’t be able to edit these files in Google Docs (or the cloud). You’ll need to download them on your PC first, decrypt them, then edit them using a desktop program.
  2. GAT Unlock: A third party tool that saves you the above hassle and allows you to keep working ‘in the cloud’, rather than rely on desktops.

GAT Unlock operates on the principle that access to Docs, or change of ownership of Docs, without the owner’s knowledge or permission, can only be accomplished with the input of at least two people in the organization. Read more.



3- Monitor Google Drive Activity

Your Google Drive activity is your first whisperer of DLP trouble or risk. 

By monitoring Drive activity you can spot suspicious Behaviour Indicators  like unusual or unsafe Drive downloads, increased external or internal sharing, or deletions.

Such indicators also help you understand and assess users’ history and Behaviour, and decide whether it should be allowed to continue or altered, as well as establish a DLP process change for your organisation when needed.

How to Monitor Drive Activity for DLP?

  1. Visit and review the Data protection insights report and File Sharing Exposure report in your Admin console on a regular basis.
    Note: As of March 2021, Google started providing recommended data loss prevention (DLP) rules personalized for your organization. These can help you up your DLP rules game by knowing where necessary adjustments or additional investigation is needed.
  2. Alternatively, you can use GAT+ for deeper Google Drive DLP audits beyond the admin console, with one-click insights available at a glance.


4- Create a DLP policy for files shared out

Speaking of  ‘Google Drive Activity’, one particular activity you need to dedicate additional efforts to is ‘files shared outside your corporation’.

These files are perhaps the biggest DLP hazard and you need full insight into their content.

A powerful Google Drive Data Loss Prevention policy here should not only give you control over what users share with external parties, but also also prevents the unintended exposure of sensitive information such as company card details and social security numbers (SSN) 

**Set up Google Drive DLP Alerts, including Regex Alert Rules, for files shared outside your organisation using GAT+, Learn more**

5- Lock out Leavers

They say ‘Watch out for angry leavers’! — We say ‘Watch out for ALL leavers’.

One of the most important DLP practices you’ll want to adopt is deploying a bullet-proof DLP process for off boarding leavers, and here’s why:

  • Suspended accounts of leavers can result in the loss of important data. This is a common DLP scenario. Also, wrongfully suspended accounts typically can cause approximately 70% of data availability issues.
  • You need to ensure that leavers can no longer access important corporate Drive resources once they leave. This can bring in significant DLP hazards, especially if they choose to use it in malicious ways.


6- Configure Google Drive DLP Alerts

You also need to get notified of risky DLP behaviour! That’s like deploying a security system to your house.

It ensures 24/7 Drive protection, without having to manually run audit scans every hour of the day.

There are TWO ways to set up Drive DLP Alerts:

    1. For Enterprise; Enterprise for Education editions, you can Scan and protect Drive files using DLP rules, covering Google Sheets, Docs and Slides.
    2. GAT+: Real-time Google Drive DLP Actionable Alerts for files with specific content shared outside your domain.

**Getting these DLP alerts in real-time and defining the actions you’d like to be taken for each helps you act faster and handle accidental data mishaps better.

GAT Labs for Google Drive Data Loss Prevention (DLP)

GAT Shield is the only real time DLP solution for Google Chrome in the market. 

Blog- 6 Google Drive Data Loss Prevention Practices




Thanks for sharing and spreading the word!