Google Drive sầu data is most likely lớn be lost via end user negligence/malice or compromised endpoints, và a proper evaluation of Google Drive’s security functionality should focus on these vulnerabilities.

Bạn đang xem: How to create shareable download links for files on google drive

Google Document Sharing

Due to lớn the open & collaborative nature of Google Drive, data loss via incorrect sharing practices is an inherent & persistent threat. This is certainly not a risk quality to lớn the Google Drive platform, & fortunately Google provides native sầu reporting features which help admins keep tabs on externally shared data. First, let’s take a closer look at how sharing works in Google Drive sầu và which practices represent a data loss threat.

Link-Based Sharing

Link-based sharing is the most convenient way to lớn disseminate information stored in Google Drive sầu. Consequently, link-based sharing also poses the highest risk to lớn data if misunderstood or misused. It’s also important lớn note that link-based sharing can result in unintentional sharing of confidential information internally, such as human resources files.

In Google Drive, end users can cốt truyện tệp tin links in several ways. Choosing the “get shareable link” option will result in the file being shared khổng lồ anyone inside the organization with the link. Users can also choose to cốt truyện files externally, either khổng lồ “anyone with the liên kết,” or at a “public” setting. Obviously, the latter is the most dangerous in terms of accidental data exposure, since the tệp tin will be available khổng lồ anyone on the internet. When sharing liên kết, users can elect lớn tóm tắt with or without edit rights. It is worth noting that editors can re-cốt truyện a tệp tin without receiving permission from the original owner of the file.

Invite-Based Sharing

As an alternative to lớn broader, link-based sharing, Google Drive sầu nội dung can also be shared with specific individuals based on their email address. This method is far more secure than link-based sharing, since collaborators are forced to authenticate themselves with a Google sign-in in order to lớn view or edit the tệp tin. Google Groups can be leveraged for invite-based sharing to expedite the process when a large number of individuals need access to lớn a specific file or thư mục. For sensitive sầu data, invite-based sharing either individually or by Group should be encouraged in lieu of link-based sharing options.

File Downloads

One area of concern for admins is that shared Google Drive files can be downloaded by either viewers or editors. However, viewers can be prevented from downloading or printing individual files in non-Google Docs formats via the details pane on the Google Drive sầu home screen (


Google Drive sầu Sharing Admin Controls

The Google Apps admin controls offer a wide range of options for configuring mặc định sharing settings for Google Drive sầu. Below we will nhận xét each available setting as well as any potential implications.

Google Apps for Work vs. Google Apps UnlimitedBoth Google Apps for Work (GfW) & Google Apps Unlimited (GAU) feature the administrative sầu controls described below. However, an Unlimited subscription allows administrators khổng lồ define sharing permissions at the organizational unit level, rather than making changes that impact the entire organization. This added granularity better accommodates organizations with distinct business units & user roles. For example, a kinh doanh department may have a legitimate use case for sharing documents publicly, & be permitted to do so, whereas finance department users are restricted to internal sharing only.

Sharing Options

OFF – Files owned by users in yourtên miề cannot be shared outside of yourdomain.comChoosing this setting disables the ability of users to share Google Drive sầu content outside of your domain. Although this is the safest setting in terms of preventing data loss, it also negates much of the collaborative sầu advantage of Google Drive and should be used only if external collaboration is not a factor, or if security takes precedence over productivity.

Allow users in to receive files from users outside of yourdomain name.comThis setting can only be enabled if sharing outside the domain is disabled. Enabling this setting allows users in your tên miền to lớn receive Google Drive files sent from outside the domain name. Users will be able to lớn view, edit, & collaborate on documents owned by outside parties, although they will still be prevented from sharing documents that originated inside your tên miền. Generally this option is low-risk and is often enabled if external sharing is disabled.

WHITELISTED DOMAINS – Files owned by users in yourdomain can be shared with Google accounts in compatible whitelisted domainsThis option allows you to lớn restrict the ability of users lớn cốt truyện outside the company khổng lồ trusted domains only, and is available only with a Google Apps Unlimited subscription. Users will only be able lớn nội dung data with user accounts of whitelisted domains, & sharing for all other domains is essentially turned off. This allows for slightly more flexibility than the basic “OFF” setting, although our recommendation is to lớn restrict sharing only if security is of the utmost importance. Otherwise, such restrictions severely limit the ability of over users lớn leverage the Drive platform.

For files owned by users in, warn when sharing with users in whitelisted domainsFor data security purposes, it is highly recommended that this setting be enabled if sharing to whitelisted domains is turned on. With this box checked, kết thúc users will receive a pop-up prompt when attempting to chia sẻ lớn an gmail address of a user tài khoản on a whitelisted domain name.

Allow users in yourtên miề khổng lồ receive sầu files from users outside of whitelisted domainsThis setting can only be enabled if sharing is limited to lớn whitelisted domains. Enabling this setting allows users in your tên miền to lớn receive Google Drive files sent from outside the tên miền (even from domains which are not whitelisted). Users will be able to view, edit, và collaborate on documents owned by outside parties, although they will still be limited to lớn sharing documents lớn whitelisted domains only. Enabling this option is low-risk & is recommended due khổng lồ the collaborative efficiencies gained.

Xem thêm: Cách Nén Video Mp4 Giữ Nguyên Chất Lượng, Cách Nén Dung Lượng Video Không Cần Phần Mềm

ON – Files owned by users in can be shared outside of yourdomain name.comThis is the default setting for Google Apps, which allows Google Drive sầu users to lớn mô tả files outside of their own domain. Although sharing outside the domain name represents a data loss risk, the convenience of file sharing and real-time collaboration is one of the biggest value-adds of the Google for Work platsize. Unless there is a compelling legal reason lớn constrain sharing outside of the organization, Google Drive admins would be remiss to not at least consider enabling external sharing. In addition lớn proper user education, there are additional admin controls (see below) which limit the likelihood of accidental data exposure.

For files owned by users in yourtên miề warn when sharing outside of yourtên miền.comFor data security purposes, it is highly recommended that this setting be enabled if external sharing is turned on. With this box checked, over users will receive the following pop-up prompt when attempting khổng lồ cốt truyện khổng lồ an email address outside their own organization:

“You are sharing to lớn (email address of external user) who is not in the Google Apps organization that this nhà cửa belongs khổng lồ.”

They are then required to lớn explicitly clichồng “yes” lớn proceed. At the expense of minor end user inconvenience, the threat of accidental external sharing is greatly reduced.

Allow users in lớn sover sharing invitations lớn people outside yourtên miề who are not using a Google accountIf this box is checked, over users can chia sẻ files to lớn non-Google Apps addresses. The recipient will then receive an gmail notifying them that a file has been shared with them và providing an access liên kết. This represents a risk because while even external Google Apps users need lớn be authenticated in order lớn view a shared tệp tin, non-Google users have sầu no way of proving their identity in the Google system. Administrators are therefore required to lớn choose one of two options when enabling external sharing to lớn non-Google accounts:

Require Google sign-in for external users lớn view fileForces external users lớn create a không tính tiền Google trương mục in order lớn view or edit the shared document. This option is more secure because even though the external tiệc nhỏ will be using a consumer tài khoản, they are still required to sign in with a username and password.

Allow external users to lớn pĐánh Giá tệp tin without Google sign-inThis option is less secure, but more convenient for the external user. Users without Google accounts will be able khổng lồ previews the document, but not make edits. Non-Google users would also be able to forward the invite along, or download the file. Therefore, this setting represents a much higher risk of data exposure than requiring a Google sign-in. Before enabling this setting, you should weigh the convenience factor against the potential security risks.

Allow users in yourtên miề to publish files on the web or make them visible to lớn the world as public or unlisted filesEnabling this setting permits users khổng lồ change the liên kết sharing setting of a tệp tin to “anyone with the link” or “public on the website.” The former makes the file accessible khổng lồ anyone who has the Google Drive file’s URL, whereas the latter not only makes the liên kết accessible, but also publicly indexes the tệp tin, meaning it could show up in ordinary web search results. This setting is useful for users who want to lớn make documents easy khổng lồ access by embedding URLs on internal or external websites, or by attaching to lớn emails (e.g. sales, sale, etc.). However, this setting poses a security risk if a sensitive document is shared publicly. The recommendation, therefore, is to ensure users are properly trained khổng lồ use Google Drive khổng lồ prsự kiện accidental exposure of data.

Link Sharing Defaults

These options allow an administrator lớn change the default behavior of newly created documents and files within Google Drive. It’s important to note that users may still override the default, but they will need to take that action on each document, tệp tin, or folder individually.

OFFThis is the default setting for Google Apps. With links sharing defaulted khổng lồ “off,” a new file will remain private khổng lồ the owner until the owner specifically chooses lớn the chia sẻ the file, or moves the file into lớn a shared Google Drive sầu thư mục. This is the most secure setting, và is highly recommended for all but the most transparent organizations.

ON – Anyone at yourtên miề with the linkIf the default for link sharing is mix as “on,” every new tệp tin or document created can be viewed by anyone in the organization, but only if they have sầu the exact URL. Because Google Drive URLs are very complex, it’s unlikely that the document could be found, although this setting does create the risk of accidental internal data exposure and is generally not recommended.

ON – Anyone at yourdomain.comIf this setting is enabled, every new tệp tin or document created will be visible & searchable internally. This setting carries the highest risk of accidental internal data exposure because any user within the organization may find any other user’s documents by searching Google Drive sầu. Therefore, this setting is generally not recommended.

Mitigation Strategies

There are four primary tactics for mitigating data loss due lớn improperly or maliciously shared files:

restriction of sharing capabilitiesuser educationpassive sầu monitoring (audits)active monitoring (policies)

Of these tactics, restriction of sharing & user education is possible for basic Google for Work subscribers, while a Google Apps Unlimited subscription allows admins lớn conduct basic audits. Advanced passive & active monitoring requires a third-buổi tiệc ngọt application, such as

Restriction of Sharing Capabilities

Restriction of sharing capabilities is typically the instinctive reaction for admins concerned about security. However, this approach often discourages the use of Google Drive and has a counterproductive sầu effect.

Xem thêm: Bạn Có Còn Nhớ Đội Hình Đt Tây Ban Nha Vô Địch World Cup 2010? ?

User Education

We strongly recommend comprehensive sầu user training as an effective sầu mitigation strategy for data loss due lớn policy violations. Training should describe in detail individual sharing permissions (e.g. viewer, editor, commenter) and link sharing options. The curriculum should also include a review of restrictions which can be enabled on the end user side, such as the ability to lớn restrict editors from re-sharing a document, or the option to prsự kiện viewers from being able lớn download certain tệp tin types. This ensures that users know exactly what happens when choosing sharing settings và can reduce the risk of accidental data exposure.

Chuyên mục: Kiến thức bổ ích