How to enable trust rules for Google Drive sharing
In the early days of Google Workspace, or Google Apps Premiere Edition as it was known back then, Google Drive settings were organization-wide with limited capabilities. Can users share outside the organization? It was all or nothing. Over the years, capabilities expanded, and organizational units or groups can now enforce policies. Google Drive data loss prevention took it one step further and controlled sharing based on the file's contents. You can learn more about how to safeguard Gmail & Drive data with Google Workspace data loss prevention (DLP) in a previous post.
What are trust rules for Google Drive
Trust rules for Google Drive are the latest feature to help you manage Google Drive sharing in your organization. Supported editions for this feature include Enterprise, Education Standard, and Education Plus. Released as generally available in Nov 2022, trust rules take the place of the original Drive sharing settings.
What happens to Drive sharing settings
Drive sharing settings automatically convert to trust rules. Once you enable trust rules, these transitioned rules will be active. You can turn off trust rules, but note that any trust rules created will be permanently deleted. If disabled, sharing controls would revert to their previous setting. Trust rules give you very granular internal and external sharing controls. They allow you to prevent internal groups of users from collaborating and allow specific settings on external collaboration, preventing or allowing with beyond just an allowed domain list.
An organization’s sharing policy can be straightforward or highly complex. Enabling external sharing for everyone might be all that is needed. Or you might create numerous trust rules for different organizational units and groups, individual rules that prevent/allow both internal and external sharing.
One of the most common use cases is the ability to block internal sharing between two sets of users. For example, a company wants to restrict sharing between the Research and Development team and the Marketing department. Creating a trust rule will prevent these two teams from collaborating. The teams must be in an organizational unit or Google group to block sharing. Below we will walk you through an example like this to demonstrate how you can enable trust rules for Google Drive.
Watch our latest how-to video to learn how to enable Google Drive trust rules.
Defining the trigger and conditions
Trust rules are triggered by two file activities, sharing and receiving. Sharing is when you attempt to share a file, and receiving is when someone tries to share a file with you. There are four options for conditions: user, organizational unit (OU), group, and external organization. The OU selected becomes the user set allowed or blocked from sharing.
If you are familiar with Drive data loss prevention rules, the end-user experience is nearly the same. The attempt to share will be blocked, and the user will receive a notification when attempting to share a file with a restricted organizational unit, group, or domain.
Mapping out trust rules
Mapping out sharing boundaries can help you visualize the needed trust rules. It can also help reduce the number of rules by combining or eliminating redundant ones. It's also essential that you understand how conflicting rules work. Conflicts may not produce the desired configuration.
As with any new feature or setting, there are always things to consider. First, consider the types of data your users have and the implications of that data falling into the wrong hands, then map out boundaries.
Next, consider the user. Over time users' behavior may change. Understanding your users and the types of data they share will remain critical to mapping out and applying a suitable trust rule.
As a Google Cloud Partner with a Specialization in Work Transformation, our seasoned team is available to help you map out trust rules within your organization. Contact us today.