Secure collaboration allows admins to monitor sharing activity on sensitive content, and apply DLP policies to modify sharing permissions. You can detect and remove public links on files, and scan existing data to detect folders and files shared with external users, and apply DLP policies. These policies are applied when collaborators are invited to any folder or file.
There are two types of Collaboration policies that are part of Google Drive Secure Collaboration:
- Collaboration Policies for Files and Folders
- Collaboration Policies for Shared Links
Different Response actions are supported for each policy type.
NOTE: Files inside shared folders inherit the same sharing permissions as the folder. These permissions cannot be overridden at the file level.
Collaboration Policies for Files and Folders
There are two ways to handle responses for Collaboration policies for files and folders: modify permissions responses or quarantine/delete. For details, see Collaboration Policies for Files and Folders.
Collaboration Policies for Shared Links
When a shared link is generated on a file with sensitive content, or when a file with an existing shared link is edited by adding sensitive content, Collaboration policies for shared links allow you to remove a shared link, which stops the file from being shared.
To create a Collaboration policy for Shared Links:
- Go to Policy > DLP Policies.
- Click Actions > Sanctioned Policy > Create New Policy.
- On the Description page, enter a name, description, and deployment type. For Services, select Google Drive. Then select the users the policy will apply to.
- On the Rules page, select Collaboration.
- For Sharing From, select the users you want the policy to apply to.
- For Sharing To, select one of the following:
- Anyone with link. Anyone who has the link can access it. No Sign-in required. For example, SaaS applications such as Office 365, Box, Dropbox, G Suite.
- Anyone on web. Anyone on the web can find and access. No Sign-in required. For example, Only G Suite applications such as Gmail, G Drive.
- Anyone in organization with link. Anyone at a specified company who has the link can access it. Sign-in required. For example, SaaS applications such as Office 365, Box, Dropbox, G Suite.
- Anyone in the organization. Anyone at a specified company can find and access. Sign-in required. For example, Only G Suite applications such as Gmail, G Drive.
- For Sharing Permission, make a selection:
- Add any option keywords or data identifiers.
- On the Responses page, select THEN and Remove Link.
- Select an Email Template if needed.
- Review the policy and click Save.