This is the first out of multiple articles about specific use cases with Google Workspace. Stay tuned for the next articles.
Following our article on the basics of Google Workspace security for employees, let us dig one step further. In this article, I will explain how you can get notified when documents are being shared publicly within your organization.
Step #1: Becoming familiar with the Audit & Investigation section
First things first, open your administration console. It is the central place that allows you to manage all your Google Workspace services. Let’s meet at https://admin.google.com.
Then, go and find the Audit & Investigation panel.
You just have to click on any of the tabs to access the events related to that topic (eg. Admin log events).
Here you will find the exhaustive list of events that happened in your org, regarding the scope you selected. You can click on “Create reporting rule” to start building your own set of rules.
Let’s move to the use cases now! The following ones are just examples, thanks to the Console you will able to build any rule that passes through your mind.
Step #2: Creating the rule
The Basics
Conditions
Regarding what your company is doing, you may want to take control over who is sharing what. Are the documents sensitive? Are they being shared with the proper setting? Can anyone with the link have easily access to the information contained within the document? You can get a view on these topics by properly setting up your own rule.
1. Go to Drive log events > Create reporting rule
2. Name your rule. Click Next.
3. Click on Add a filter > Visibility change
Now you will get notified every time that someone shares a document outside of your organization. Click Next.
Actions
Once you are happy with the conditions you've selected, you can now decide where you will be notified. Google gives you three options :
- Select severity. Allows you to decide how bad the behavior you track should be classified (High, Medium, Low).
- Send to alert center. Allows you to record the alert on another console, with advanced details about the events. Useful for events you want to keep a specific eye on.
- Send email notifications. Allows you to choose who will be notified when the event occurs. It can be all the super admin, or whoever you want. Useful for events that need a quick response.
Click Next.
You can now Review your rule before deploying it. Once you are satisfied with your settings, just click Create Rule.
Et voilà ! You will now be notified every time the specific behavior you set up is performed by a user.
You will receive that email if you selected the option “Send email notifications”.
To go even further
You want more? Google offers a Condition Builder on step #2 (“Conditions”). You are able to build complex rules with different variables. Here is an example of a very specific event:
- The user shares it externally
- The document is a PDF
- The title of the document contains the word “confidential”. One could think of other sensitive terms such as “password”, “private”…
- The owner of the document is… me
Your imagination is the only limit! Thanks to that builder you can create extremely personalised rules that fit your own context.
Mastering Google Worskspace
The Administration Console is a very powerful tool. Yet it suffers from some major flows:
- The condition builder is quite simple (only AND or OR conditions, not both at the same time).
- The alerts sometimes don’t work like configured, and appear often late.
- The interface is complex to master.
This is why we are building Cyrius, the platform that helps you get the best out of your Google Workspace security -and more. Cyrius helps you configure the best security use cases on Workspace and go beyond the limitations of the Admin Console:
- Quick and intuitive use case configuration,
- Real-time notification of risky behaviors,
- Resolution of security vulnerabilities directly created by users,
- Visibility on solved and unsolved vulnerabilities,
- Aggregation of the best use cases used by our customers
Sounds right to you? Feel free to reach out 👋
