Every Google Workspace administrator knows how quickly Google Drive becomes a messy mess of loosely shared confidential information. This is no one’s fault; it’s inevitable as your productivity suite is specifically designed to enable real-time collaboration, both internally and externally.
For security and risk management teams, the unsustainable risk of any Google Drive footprint lies in toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be difficult to distinguish between typical business practices and potential risks without fully understanding the context and intentions.
Material Security, a company renowned for its innovative method of protecting sensitive data within employee inboxes, recently launched Data Protection for Google Drive to safeguard the enormous amount of confidential information scattered across Google Drive with a Powerful detection and remediation toolkit.
How Material Security helps organizations safeguard Google Drive
Trying to answer fundamental questions about what’s in Google Drive and where it’s shared is painstakingly manual using the Workspace admin dashboard, and working with the Drive API is expensive and complex. Given the breadth of sensitive content, this is an area that deserves attention, but it is difficult to achieve the required depth.
The material is supported by a powerful data platform that synchronizes with your Google Workspace tenant to create a structured content model of historical files, metadata, permissions and sharing settings that is kept updated based on ongoing activity. This data platform allows for in-depth inspection that would not be possible by interfacing with the Drive API alone. With this data platform as a foundation, Material:
- Scans file contents against a set of custom ML-based detection rules to identify and classify sensitive content across a broad range of PII, PCI, PHI, and other sensitive data categories
- Calculate file and folder permission sets and sharing settings to create a unified access model that is easier to understand and demonstrate for compliance purposes
- Enables automated access revocation based on precise search results and activity triggers to continuously reduce your risk profile
Material’s precision allows you to effectively manage such a complex and vast data repository without getting in the way of everyday use: security without impacting productivity. See it for yourself.
Brighten up the blind spots on your Google Drive footprint
With a powerful data platform as a foundation, you get an expressive search interface that guides you through your Google Drive footprint to identify toxic combinations worthy of investigation. You can search by file metadata, ownership, content, location, and sharing to answer questions like:
- Show me all files that contain financial records shared externally
- Show me all files viewable via a public link that contain personal information
- Show me all the files that can be accessed by users who are leaving the company next week
- Show me all files with sensitive information shared with a Gmail address
- Show me all files in a shared drive that contain health data
By illuminating these dangerous blind spots more, you continually get a more complete view of the environment with an increased confident posture, the kind of thing that makes it easier to sleep at night.
Block exfiltration paths with automated remediation
The primary repair way to fix toxic combinations in Google Drive is to revoke access. It seems easy on the surface, but when you consider the conditions of the entire space, it becomes a multidimensional puzzle. When is external sharing valid and when not? Are there users who belong to groups that shouldn’t? What settings should change when a document is edited to add sensitive information?
Precise search and activity-based filtering enable remediation workflows for scenarios such as:
- Automatically revoke public links for any file that contains sensitive information
- Send users a message to confirm external sharing when files contain sensitive data
- Stop access to all files shared with specific external domains in a single bulk job
- Revoke all access to a specific account exhibiting compromised behavior
- Reset all organization-accessible files that contain personal health information to Restricted
Applying automation can typically get in the way of everyday use, so it’s important to create with precision: a better understanding of the nature of content, which domains are trusted, and common user behaviors helps keep surface area in your right way way.
Keep your productivity suite productive with Material Security
At Material, we focus our efforts on the productivity suite because we believe it is a critical infrastructure for any organization. As critical infrastructure, in-depth security defenses that effectively stop attacks and reduce risks across the environment are critical.
The new Data Protection features for Google Drive solve complex data discovery, governance and access problems that have traditionally been difficult to solve without dedicated tools.
Want to see it in person? Schedule a personal demo with our team today.