LinkedIn
Twitter
Hi, we've identified a range of security issues with sharing Google Drive/Shared Drive files through restricted Spaces/Chat:
- When files/folders are shared this way, you can't see who has shared your file, or who they've shared it with (see image at the bottom of the message)
- You can't currently search for files that have been shared this way - you have to manually view the sharing settings for each file and folder in your domain. (eek)
- When you find files/folders shared in this way, you can't find out who they have been shared with to check if you have a security issue.
- You may be able to see anyone who's accessed your documents in the Activity Dashboard if they haven't opted out.
This results in documents/folders being shared internally/externally in a manner that document owners can't track/monitor/mange which is a significant security risk.
To resolve these issues, can Google look at:
- Adding the ability to disable sharing of Google Drive/Share Drive files through Google Chat / Spaces?
- Change the Restricted Spaces/Chat sharing mechanism so that when files are shared through this pathway the individual names are added to the shared documents/folders rather than using the Restricted Group?
- Implementing a search command to find files/folders shared in this way within Google Drive/Shared Drive?
- Update Restricted Space/Chat access to allow the owner of Google Drive/Shared Drive files to see the name of the person who has shared the document(s) using the Google Restricted Space/Chat group as a contact-point for the given access
Does anyone have any suggestions on how to manage/mitigate access shared in this way with current tools?
Thanks for your help.
Solved
1 ACCEPTED SOLUTION
