Cisco Cloudlock scans Google Team Drives for DLP content just as it scans Google Drives for DLP content. However, because the ACL structure of Google Team Drives is different, there are some differences in the features available or the data reported. Cloudlock scans files for ownership or exposure based on policy criteria, however, files within a Team Drive are "owned" by the entire Team and not an individual user who created the document.
While Team Drives does not require a manager or content manager to be a user on the shared drive, Cloudlock does require at least one user on the drive be a manager or content manager for scanning to occur. See Team Drive Access Levels or Control Sharing in Team Drives for more information.
Google Team Drives acknowledges files within the drive as owned by the entire team, and not an individual user. When Cloudlock reports incidents in Google Team Drives, the owner will always be reported as the name of the Team Drive.
However, in an incident where a document is owned by a Google Team Drive, the members of the Team Drive are listed in the Access Control of the incident.
In policy creation, you can specify a Google Team Drive as an owner for monitored content. If however, All Users is selected, this will search for all users and Team Drives as owners. You can also add a Team Drive to an exception if you wish all users to be monitored with the exception of specific Team Drives.
By default, all Team Drives are included in the ownership criteria for a policy. However, you do have the option to Exclude All Team Drives from the policy.
Exposure within Cloudlock is detected at the ACL level of the file. Because Google Team Drive views all files within the drive as owned by the Team and not individuals, some complications can occur with exposure outside of Team Drives. Documents shared at the document level will be flagged for exposure, however, if a user is added to the Team Drive and given access to all the files within (a potential exposure) it is not flagged.
Example: Luke has a Team Drive with ten documents, one of which he wishes to share with someone outside of the Team Drive. If he shares the document itself, Cloudlock will see the exposure and flag the event. However, if Luke decides to add a user to the Team Drive, the user will have access to all 10 files and Cloudlock will not flag this action as exposure.
However, any files shared from the team drive publicly or to an external user will flag for exposure.
The global response actions and Google Drive response actions apply to Google Team Drives with some exceptions listed below:
When a document triggered an incident for a policy with this response action, the owner of the document received an email notifying them of the violation. With Google Team Drives, because the filed within the drive are seen as owned by the drive itself, there are no specified owners. Instead, the notification will be sent to the first five users of the drive with the Manager role. If there are not five users with this role, Content Managers will also be included as the five to receive the notification.
Revoke sharing will only apply to users outside of the Team Drive.
Transfer of ownership does not apply with Team Drives file violations. Files within the Team Drive are owned by the drive and not any one individual and thus cannot be transferred to another individual user for ownership.
Updated 3 months ago