How to conduct detailed automated audits of files shared externally, ensuring that their data remains secure. Video tutorial below!
Knowing who and when used information stored on shared drives and shared it with some external users is crucial for any organization’s data loss prevention strategy. As users create more and more files, more and more drives, and cary on sharing files externally, the need for automation in monitoring and auditing this process increases.
This blog post explains how you can use Zenphi, a must-have Google admin tool, to conduct detailed audits of files shared externally, ensuring that their data remains secure.
Step 1: Create a Manually Triggered Flow
Create a Zenphi flow that is manually triggered at a specific time and date, then set to run periodically (e.g., every 30 days). In Zenphi, you can choose how often you want the flow to be executed.
Step 2: Create an Action ‘Read Rows’
This action allows you to read specific drives that you have specified somewhere (for example, in a Google Sheet). Alternatively, if you want to audit all drives in your Google Workspace, use the ‘List Drives’ action.
Step 3: Create a Loop
This is achieved by using a ‘Foreach‘ action, which allows the process to loop for each drive that needs to be audited.
Step 4: List Shared Files
Within the loop, use an action called ‘List Shared Files’. This action lists all files on the shared drives that have ever been shared. To execute this action, you must create a Google Workspace Administrator connection so that Zenphi can list files on your behalf. You’ll also have to choose the type of file sharing you’re interested in. You can select between Domain Shared, Shared With External Email Address, Shared With A Link, or select all. If you choose Shared With External Email Address, specify your internal domain — all email addresses not associated with it will be considered external.
Step 5: List and Filter Permissions
To conduct the search and take action on the files, you’ll have to step into the shoes of the shared drive’s owner or perform an audit on their behalf. This means you need to locate an owner or content manager of every drive you audit. This can be easily done by adding another step in the loop — choose the action ‘List Permissions’. This action will list all members of a shared drive. Then use ‘Query Collections’ — an action that allows you to take data from the previous step (List Members) and filter in only those who are important for the next step — in this case, the drive’s organizer/manager.
Step 6: Create a Report
The best practice is not to take action on the files immediately but to create a report first. For this, you’ll need to create a template in Google Sheets with the following suggested headers: Drive ID, Drive Name, File ID, File Name, View Link, Has Link Sharing, Has Email Sharing, Shared With Emails. Use this template to be populated every time a flow runs on every single drive. Just add two actions: ‘Copy Template File’ and ‘Add Multiple Rows’, then specify your Spreadsheet template as a reference. This will allow you to generate reports for every drive separately, and then send this report to the drive owner or the Head of Security to take further actions.
Video Tutorial On How To Locate and Manage Files on Shared Drives That Have Been Shared Externally
Watch this video to learn how to build an automated external file sharing audit flow in just 5 minutes and boost the efficiency of your Google DLP strategy.
Sign Up For Free
Have more Google Admin tasks to automate? Sign up for a free trial to experience the power of Zenphi automations first-hand!