How To Enable Google Docs Security While Maintaining Collaboration with CloudLock

Collaboration is an essential aspect of every organization’s normal operations. Here are some examples of collaborations types we frequently see:

  • Trusted Collaboration – Between 2 or more organizations can be achieved by creating a Secure Zone. Secure Zones can be created to allow employees from company “A” to collaborate securely with employees from company “B”
  • Internal Collaboration – Between 2 or more departments. For example the HR department can share documents only with the Finance department but with no other departments in the company
  • External Sharing – Indicating when designated employees or departments can share documents externally with other Google Apps users. For example: Sales can share documents and proposals with customers, prospects and partners
  • Public Sharing – Allowing users to publish content that is available to anyone on the public Internet. For example: Marketing sharing product pages and making them available to anyone on the public Internet

CloudLock Cloud Security Policy Engine Graphic

CloudLock’s Security Policy Engine provides organizations the framework necessary to define policies and make sure that collaboration practices are monitored and remain compliant with companies policies and procedures. With CloudLock’s Security Policy Engine organizations can:

  • Create Secure Collaboration Zones – Allowing customers to create and define who is allowed in a zone and enforce rules for collaboration both internally and externally
  • Enforce Acceptable Use Policies – Define acceptable use policies to enforce internal governance and sharing
  • Put Data Security on Autopilot – Providing ongoing monitoring and continuous scans to alert when policies have been violated

In the following guide, we will show how to use CloudLock’s Security Policy Engine to:

  • Create policies for Google Documents and Sites
  • Define the policies for the entire domain, selected sub-domain(s), organizational unit(s) or individual users
  • Select the sharing violation (exposure type) for each policy
  • Create a white list to define exceptions for each policy
Step #1 – Give the New Policy a Meaningful Name

Give the policy a meaningful name to track items that violate the policy. Policies are active by default, and when policies are active, all relevant documents and/or sites will be flagged every time CloudLock completes a scan.

Collaboration Security Policy Engine Name Description

Step #2 – Define the Data that the Policy Applies to
  • Specify whether it applies to Google Documents, Google Sites or both.
  • Specify if the policy applies to all users in the domain or a subset of users. If only a subset of users should be selected for the policy you can either specify:
    • Users by email addresses
    • Subdomains
    • Organizational Units
  • Define the sharing violations for the policy. Each policy can flag any combination of the following sharing exposures:
    • Public Exposure – sharing with anyone on the public Internet
    • External Exposure – sharing with users outside your domain
    • Internal Exposure – sharing with ALL the users domain (Everyone)
    • Specified users – flag specified Google Apps users outside the domain

Security Policy Engine Define Data Policy Ownership Criteria Sharing Criteria 2

Optional: White List Exceptions

Identify users or external domains that should be excluded from the policy

Collaboration Security Policy Engine New Policy Sharing White List

Optional: Content-Aware Policies

Detect and alert on sensitive content shared the wrong way based on keywords and content

Collaboration Security Policy Engine Content Criteria

Step #3 – Define the Action for the Policy

Define the action each policy should take for the data that meets the criteria

Step #4 – Save

Click save, and the policy will be executed during the next CloudLock scan.