How to Make Your Shared Drive Secure

It’s been a great season for content here at Damson, completing interviews with some of the most interesting minds in digital transformation. This week, however, we wanted to share some of our own advice – this time around shared drive security and how we can make changes and improvements. Check out the full video above, and don’t forget to like and subscribe for more top insights from Damson Cloud.

Previously we’ve discussed the difference between My Drive and Shared Drive. There’s a big difference between these, and it’s no surprise that our discussion around this has become one of our most popular videos. This week, we want to specifically focus on Shared Drives and how we can begin to make those more secure, including some of the key security settings for end-users and administrators. 

Setting Access Permissions 

Before we get into the nitty-gritty, it’s worth looking at access levels – one of the first areas within a shared drive where you can set access permissions. There are actually five different access levels: 

  • The first two are viewers and commenters. These are self-explanatory: a viewer can view all the files, whilst a commenter can view and also comment on files. 
  • One that is a little unusual is the contributor. These individuals can view and comment on files, as well as make edits; approve & reject suggestions and create files. However, they can’t add or remove members, nor move files or add folders. Notably, they also can’t delete files or folders. 
  • A Content Manager, which is the next level up, can almost do anything that the full controls have, but they can’t add or remove members. What we find in most organisations is that Content Managers tend to be team leaders or managers within an organisation or team, with the rest of the team being contributors with certain outsiders being commenters or viewers. 
  • Managers tend to be left to senior managers or IT administrators, and have full control over Shared Drives.
shared drive security blog image 2
This table shows the different levels of access available to Shared Drive users.

Now that we’ve covered access levels, let’s get into the details of the Shared Drive itself. When we look at our Shared Drives, we can see that they are easily created and visible along the left-hand drop-down menu in Google Drive. We can create a new Shared Drive by selecting the Shared Drives panel and selecting ‘New’. We can see folders within those Drives, but it’s crucial to remember that permissions are created at the Shared Drives level. 

End User Management of Shared Drives

When we look at our Shared Drive’s drop-down menu, we can see that we can add members. When we proceed to add a user, we can set access permission: viewer, commenter, contributor, a content manager or a manager. We can see the members within a Shared Drive by clicking ‘Manage Members’, whilst also being able to change their permissions. 

Something that is really important to be aware of is the settings of the Shared Drives themselves. These settings are quite interesting, as they allow you to set additional restrictions on what the users can do. For example, we can decide whether that user can share information outside of your organisation. This means that we can actually say who we want to access these files – and that means that we can place confidential information into a Shared Drive and restrict its access to specific people such as HR or executive teams.  

shared drive security blog image 3
In the window shown above, users can change levels of access, including external sharing, downloading, copying and printing.

The final setting we’d like to touch on is the ‘download, copy, and print’ feature. Here, we are given the ability to prevent commenters and viewers from downloading, copying and printing files contained within that Shared Drive. We can set specific permission access levels here, and as you can see in our video, users may, for example, be able to view a document without being able to download, copy or print the file. Users can request additional access if need be, which is a fantastic feature.

shared drive security blog image 4
Above: Users can request additional access – a feature we love

Administrator Controls

Now that we’ve covered the end-user perspective, we’d like to get into some of the details for administrators and the controls that they have. 

In the administrator control panel, you can do a search for Shared Drives, opening up a full Shared Drives section. When you get into the Shared Drives you can set permissions at a global level, either for the entire organisation for for a group within the organisation. When we click ‘Manage Shared Drives’, we can immediately see that we can change some of those permissions that we’ve already spoken about. However, what we actually wanted to cover were those global settings themselves. 

In the Shared Drive creation section, it will bring us into the Google Drive/Google Docs levels – those of you who are administrators will know that Google separates things according to organisational unit. When we edit the Shared Drive creation tab, we can immediately see a range of settings, including being able to prevent users from creating new shared drives. This means that, for example, if you make that choice, only IT administrators could create Shared Drives. 

We can prevent full access members from modifying the Shared Drive, as well as preventing people outside of our organisations from accessing those Shared Drives; preventing non-members from accessing files in the shared drive, and preventing a commenter/viewer from downloading, copying or printing. This can be set on a global or individual level, which is really interesting!

shared drive security blog image 5
Access can be set at a global or individual level

There’s one last area we’d like to mention. In some cases, you may see Shared Drives with little keys on them. This means that the Shared Drive isn’t owned by your domain or organisation, and this is important to note. Anything that we place in here will give us an immediate notification letting us know that we don’t have the permission to do that, which is great. However, it’s also important to remember that IT administrators can actually give outside access to those folders if they need to.

That’s it from us this week. If there’s anything you are unsure about or anything that you think we should’ve covered around shared drives, let us know in the comments!

More About Damson Cloud

Here at Damson Cloud, we’re always looking towards the latest ways in changing the way we work. Digital transformation and change management are our areas of expertise – so feel free to check out our impressive library of tutorial videos which can help show you the way. 

As a longstanding member of the Google Cloud Partner program, Damson Cloud specialise in bringing people and ideas together through new ways of working. We champion change management and digital transformation using some of the internet’s most trusted solutions, including Google Workspace (formerly G Suite), Happeo and Jamboard. To find out more about our services, check out our library of tutorial videos or our blog.

Just ask. Get answers.

Your questions and comments are important to us.