How to Manage Public or Public with link Shares

Intro

If there is a large number of files being shared out from your domain to the public (visible on the internet) or Public with link (anyone who has a link can access the file). There may be a possibility that not all of these shares are intentional and maybe accidental. Learn how to easily manage publically shared files.

In either case, using GAT+ you can develop a procedure to carefully report and handle these shares.

Getting Started

Google Docs can be made public in two different ways, understanding the difference is important in assessing the risk.

  • Files that are shared Public are fully available to everyone on the internet. Public files are indexed by Google Search engines and can turn up in search results.
  • Files that are shared Public with link are available to all those who have a copy of the link. They are not however available for indexing by search engines. The link can be passed on anonymously.

Take Immediate Action

This allows the Admin to directly remove the public access from one user’s account or all files from everyone’s account across the domain. It can be done in four easy steps in the Drive Audit.

  1. Select the type of public file you wish to target, your options are Public or Public with link. Click on the Apply custom filter button. And select the following search parameters:
  2. Now select either some or all of the files that appear in the table. Then click on the File Operations button.
  3. In the File Operations dropdown menu select Remove Permissions.
  4. Now select the following options:                

Results

All the files you selected will lose the Public permission and the owners of the files will be notified with a custom message via email. The email will display the custom message you created.

Note: {{RECIPIENT}} will display the owner’s full name and the {{FILES}} will display the title with a hyperlink (URL) to the files which were affected by this permission change.

Notify Before Taking Action

On the Remove Permission dialog box, there’s an option to Report Only. When this option is selected no action will be taken but you can report to the user what files they have shared out to the public. Give them some time to self manage their public files before taking remediating them.

In this case, we set up a policy to identify all public files and notify the user of the exposure and show them how to revoke access if required. 

Addressing Future Vulnerabilities

Having looked at and alerted users to the historical situation the Super Admin should now look to stay on top of the situation.

Again the assumption is the users are allowed to make files Public or Public with link. We will start by focusing on Public or Public with link files and then creating a scheduled report that generates a Google Spreadsheet each day showing us files which were shared out to either Publicly or Public with link.

In the Drive audit

  1. Use the Apply custom filters button. 
  2. For Sharing Flag select Public with link.
  3. Exclude those shared in.
  4. Select files that are Updated.
  5. Once Updated is selected pick before and after or equal to parameters. Create a one-day timeframe.
  6. Click on Scheduled, to create the scheduled report parameters.
  7. For the Occurrence make it Every day – after midnight to match your one-day timeframe.
  8. Select Enabled and make sure to add your Recipients who will receive this report.
  9. Now click on Apply & Schedule.
  10. You will be able to view this scheduled report in the Configuration area.                                                                                                                               

Results

GAT will run this every day after midnight and will automatically update the Before and After or Equal to date. In this way, the rule covers a 24 hour period. A Google spreadsheet will be emailed to the recipients and will be available on Google Drive.

Take Automated Action with Report

  1. When a scheduled report is created in Drive Audit.
  2. Navigate to Scheduled reports and click on Job Action Edit.                                                                                           
  3. Enable the status of the Schedule job details. If you wish to report on this without taking an action make sure to check the checkbox for Report only. If Report only is not checked an action will be taken. You can also notify the owner of the files and tell them what they need to do or to inform them what you have done. 
  4. Whenever the scheduled report runs the above actions will also run.

Tip

You may find this post about removing public and published permissions helpful.