Files Containing Personally Identifiable Information (PII) Shared Externally
If any Google Drive file is shared externally and contains personally identifiable information, we need to automatically revoke any sharing for that file, and notify our security team via email that a violation of company policy has occurred.
The workflow below will trigger any time the ‘Files Shared Externally PII’ custom alert detects violating documents from this point forward. Once it has triggered, the file will have its sharing settings set to private, all file collaborators will be removed, and the security team will receive an email containing the file’s details.
1. ‘Files Shared Externally PII’ Alert
This custom alert can be configured in the Alerts Manager section of BetterCloud. To start, locate the ‘Files Shared Externally’ alert template. Editing it will allow you to create a new version of the alert that includes your content scanning parameters.
In the Content Scanning block select “Scan files going forward for the following content”, to activate scanning and select which information types to identify. For this example we have selected the following information types:
- U.S. Passport
- U.S. Driver’s License Number
- U.S. Social Security Number (SSN)
You may add more types by selecting the ‘+’ symbol, or add content from different regions or categories. Each content type will function with OR logic, meaning that if any of the selected varieties of data are present in the document, the alert and workflow will trigger.
Please note: Only documents edited from this point forward will trigger the alert and workflow.
2. Set File Sharing Settings
Use the ‘Set File Sharing Settings’ action to target the file that triggered your workflow and change the sharing settings to off.
Under ‘Sharing Settings’, select ‘Off - Specific People - Shared with specific people’. This will ensure that the file cannot be viewed publicly or domain-wide.
3. Remove File Collaborators
Add the ‘Remove File Collaborators’ action to your workflow. Since our focus in this use case is files that have been shared externally, removing collaborators will be an important step in the process. Under ‘Collaborator to Remove’, use the dynamic field to target the external user that triggered the Workflow. All users previously shared on the document will still have access.
You could also choose the "Remove All Collaborators from this file?" option to remove all collaborators.
Please note: Selecting "Remove All Collaborators from this file?" will remove both external and domain-internal users.
4. Send Email to Group
Though sharing has been automatically remediated, you will likely still want your security team to be notified when these types of sharing violations occurring in order to follow up as necessary and prevent future instances of improper sharing. Use the ‘Send Email to Group’ action to send an email to your security group. In this example the message includes the file owner’s name in the subject and the file name and owner email in the body of the email. You may add additional file fields or adjust your message as necessary.
Additional Alert and Workflow Example
Here is an additional example of how you can create the same Workflow in Box.
Files Shared Externally
Edit File Sharing Link Settings - Use this action to change the sharing setting so that only people specifically shared on the file can access. This will ensure that the file cannot be viewed publicly or domain-wide.
Remove File Collaborator - Use this action to target the external user that triggered the Workflow. All users previously shared on the document will still have access.
You could also choose the "Remove All Collaborators from this file?" option to remove all collaborators. This will also remove any sharing links for the specified file.
Important: Due to limitations with the Box API, removing a file collaborator will also revoke the user's access to any parent folders containing the file if file permissions were inherited.