When you share a file from your Google Drive via Google mail, the default method of sharing is to make your file ‘Public with Link’. This means the file properties are changed and any party with the link can now view the file. One security weakness with this method of sharing is that Google do not allow the file owner to track file usage, either by the intended recipient or other parties.
On Dropbox, this problem can be mitigated against somewhat with the link having a validity ‘lifetime’. GAT is now introducing a similar feature for Google Apps Domains.
To enable ‘Public with Link’ clean-up use the following steps.
Select the User, Group or OU you wish this policy to apply to. For all users, which is the default Drive Audit view, simply exclude documents shared in (click on ‘x’ beside the ‘In’ figure in the selection bar just above the report table). We use the example of a Group.
First, find all the files owned by the group ‘Sales’ by adding ‘firstname.lastname@example.org’ to the group search field, select ‘Owned Docs’ and clicking on ‘Search’. After the search results are returned you can then click ‘Schedule/Save’ and complete the steps outlined on the next page of the document.
You are then presented with the report and policy creation tool
Complete the following steps.
- Set the type to ‘Policy’ – that way you will only get a report when a match triggers.
- Set the report type to PDF – more readable in an email
- Run this policy once a day (After Midnight is a good choice but you can pick anytime)
- Remove the Link ‘Public with link’ for all files if the link is older than 7 days (you can set this value).
- If you wish, for the first time this runs, don’t take any action, just get a report on the files that would be checked (currently this shows all the files checked which is larger than the set of files that would be changed). When you are happy, come back later and uncheck this box. You will see this job listed in the scheduled reports.
- Notify the local user that the link is being removed. This is optional. One suggested message is
The referenced files have had their ‘Public with Link’ share removed for security reasons. The original recipient will have to request access from you again.
Or for the dry run in Step 5…
The referenced files have a link ‘Public with Link’ share that is older than 7 days. For security reasons, we propose to remove this link. The original recipient will have to request access from you again.
7. Update the rule to commit it.
This feature is available in v.4316 and upwards.