Design Partner Program Updates

January 26, 2024
January 19, 2024
January 12, 2024
January 5, 2024
December 15, 2023
December 8, 2023
December 1, 2023
November 17, 2023
November 10, 2023
November 3, 2023
October 27, 2023
October 20, 2023
October 13, 2023
October 6, 2023
September 22, 2023
Back to top

January 26, 2024

We hope you are all having a great week. With your help, we've documented several recent success stories involving reducing or eliminating risk through Violations, including one this past week where a design partner discovered and removed millions of PII data points stored inappropriately in their Google Drive environment. This week's update highlights several capabilities designed to support and accelerate investigations and provides details on planned new features.

Programming note. After this week, we're transitioning from weekly DLP updates to monthly updates delivered as part of our product release notes blog posts. The January product release notes blog will be published next week and will cover all platform releases, including the latest DLP functionality. We'll continue to communicate updates during regularly scheduled meetings and, of course, through emails as needed.

Let's dive in.

⚡ Things You Can Do Now ⚡


Conducting Investigations Using the Data Catalog

Let's say you want to determine which employees store PII in Google Drive and how much. Have you tried using the Data Catalog? With the Data Catalog, you can ask questions and start investigations. For SaaS DLP, you can filter by My Drive or Shared Drive and any Data Collection or Data Class. For example, by filtering on Resource Type = Google My Drive and Data Collection = Personal Data, you can instantly see all My Drive assets that contain PII.

By clicking on the actions at the end of a row, you can drill into each My Drive for a detailed list of all relevant files and data findings.

Google Activity Log

Want to verify if an externally shared file has, in fact, been viewed or downloaded? Accessible through the File Details page, the Google Activity Log provides visibility into recent access activity. This information lets you determine if access activity resulted in a data leak.


New Email and Slack Notifications

Manage risk with new email and Slack notifications that include more context and the ability to take action directly from the message. We're deploying templates this week and will work with design partners next week to activate them.

🛠️ What's Coming 🛠️

  • File scanning: We're working on adding the details of when a file was last scanned so that users have the relevant context when viewing findings or conducting investigations.
  • Violation details: We're adding details to violations regarding the cause of the violation, including the specific email addresses that triggered it.
  • External user view: Our new functionality will allow you to see all external users, how many files you've shared with them, and the types of data in those files. And, you will be able to filter based on data types.

💻 Product Updates 💻

This week's platform release includes twelve new data classes:

  • Argentina Driver's License Number
  • Argentina National ID (DNI)
  • Argentina Passport Number
  • Argentina Phone Number
  • Argentina Taxpayer Number
  • JSON Web Token
  • South Korea Driver's License Number
  • South Korea National ID (RRN)
  • South Korea Passport Number
  • South Korea Phone Number
  • South Korea Tax ID

January 19, 2024

A short intro for a short week. This week's update features scale improvements, new UI elements, updated rules, and a preview of upcoming notification enhancements.

⚡ Things You Can Do Now ⚡

Improved Overview Page Load Time
We made several backend scaling improvements that dramatically improved the load time of the Overview page. Load times for large environments are less than five seconds, delivering improved performance, an enhanced user experience, and increased capacity for insights.

New File Details UI
Clicking on a file name will bring up the new File Details UI. The File Information section provides file metadata such as type, ID, and creation date but also information essential for speeding up investigations, such as the parent folder and Drive name. The Sharing Details section identifies the owner, the quantity and identities of external and internal users with access, and the ability to view additional user details or directly remove sharing permissions. The Violations section shows the applicable violations for the file in order of severity.

Updated Rules
We've updated our initial rules by removing "GDrive" from each, refining the rule names, and adding two new rules for a total of 30.

✍️ Program Notes ✍️

This past week, we witnessed the benefits of implementing a Denied Domains list and activating corresponding rules. They've surfaced risky sharing activities, providing important visibility and awareness – and, in some cases, triggering investigations.

🛠️ What's Coming 🛠️

We've been working on updating email and Slack notifications to include more details and the ability to take action directly from the message. We expect to release them next week. Here's a preview:

January 12, 2024

With the foundation in place – rules are active, violations are triggering, notifications are flowing, and remediation actions are running – we continue to focus on UI development, UX enhancements, and scaling. As always, your feedback is essential, and we thank you for your partnership.

Let's dive into this week's updates.

✍️ Program Notes ✍️

Denied Domains
We produced a custom list of potential domains for each partner to include in Settings -> Google Drive Settings -> Denied domains. External sharing that includes a denied domain triggers violations of denylist-specific rules, making it easier to prioritize remediation. Latimer Luis, Director of Customer Success, is working with each design partner to verify their specific denied domains list.

Violations and Notifications
We've connected with about half of all design partners regarding experiences with violations and notification actions. We will connect with the remaining partners this coming week.

We also spent time with partners tuning violations and implementing Allowed Domains lists. External sharing involving allowed domains does not trigger violations. The implementation of allowed domains led to the closure of roughly 26.8% of open violations in one instance, and 67.8% in another.

🛠️ What's Coming 🛠️

  • Updated email and Slack notifications with default subject and body content, more item, event, and data classification details, and actionable links.
  • Granular sharing remediation, specifically the ability to remove sharing permissions for specific people.
  • Updated rule names.

💡 Did You Know? 💡

Bleeping Computer recently reported Japanese game developer Ateam discovered they had a Google Drive containing 1,369 files with PII on ~1M people, 98% were customers, which had been exposed to "Anyone with Link" since 2017.

January 5, 2024

Welcome back. We all know that security never sleeps, but hopefully, you managed to spend time with family and friends, rest, and recharge during the holidays. We have several topics to unpack in this week's update. Let's dig in.

✨ Design Status ✨

Quick recap: here's what we delivered in mid-December:

  • 27 SaaS DLP-specific rules
  • The ability to take one or several actions on violations, including sending messages via Slack or email, calling a Webhook, and remediating the violation by removing sharing permissions
  • Configurable allow and deny domain lists
  • Several UI enhancements

While we continue to enhance and refine each of these features and others, we've started to work on scaling up to a level even larger than what we've seen so far.

✍️ Program Notes ✍️

With all the recently released functionality, it's time to kick the tires, check under the hood, and put things through their paces. Starting next week, we will engage with you to activate rules, set up notification actions, bang on the UI, and collect your feedback.

⚡ Things You Can Do Now ⚡

We recently published an updated SaaS DLP Overview dashboard. This version reflects your feedback and brings the critical insights that need attention to the surface while making it even easier to take action.

December 15, 2023

Happy Holidays once again. We're making our lists and checking them twice to help you see which sharing users have been naughty or nice. Yes, it's the final days of December, and our focus is on delivering more core capabilities over the next few days. This will be our final weekly update of the year. We'll resume on January 5th.

Let's dive in.

💡 Did You Know? 💡

Google Drive does not remove sharing permissions when users move files to Trash. You heard that right. Anyone with access can access files in Trash for up to 30 days.


But wait, there's more. Google is nice enough to let impacted users with access know exactly what they can do with the file upon opening it, and they make it super easy to create a copy using a shiny blue button.

​​​And just when you thought things couldn't get worse. Files in Trash are excluded from search results and essentially invisible to users and administrators. Without manual intervention, these files remain accessible for 30 days before being permanently deleted. That's what we call hot garbage.

⚡ Things You Can Do Now ⚡

Rolling out in the next few days are several core features including the ability to close the loop on violations by taking actions.

Users can now enable or disable rules in the UI and configure what actions are automatically taken when violations are detected. Actions include sending messages via Slack or email, calling a Webhook, and remediating the violation by removing sharing permissions.

​​​​​​Actions can be configured on a per-rule basis by clicking on each rule and configuring one or more actions. Email and Slack actions include customizable subjects and messages.

Also available are configurable allow and deny domain lists in Settings-> Google Drive. Users can add domains to either an allow list or a deny list. Domains on the allow list will not trigger external sharing violations. Sharing activity involving domains on the deny list will trigger a high-severity alert.

Finally, we've crafted 26 SaaS DLP rules, 10 of which will be rolled out in the next few days. This list addresses everything from high-severity external sharing, including by data class (Developer Secrets, PII, PHI, Financial Data, etc.), to sharing involving General Access permissions (Anyone with the link). Here's the complete list:

  • File with Developer Secrets shared externally
  • Dataset (10+ records) of Financial Data shared externally
  • Dataset (10+ records) of Health Data shared externally
  • File shared with email address on the DENY list and contains data findings
  • File containing Developer Secrets shared with email address on the DENY list
  • Dataset (10+ records) of Financial Data shared with email address on the DENY list
  • Dataset (10+ records) of Health Data shared with email address on the DENY list
  • Dataset (10+ records) of Personal Data shared with email address on the DENY list
  • File shared with email address on the DENY list
  • Drive being shared outside of company domain
  • File accessed more than 90 days ago (or never accessed).
  • File created more than 6 months ago.
  • File edited more than 90 days ago.
  • File being shared to anyone with the link
  • File being shared outside of company domain
  • Dataset (10+ records) of Personal Data shared externally
  • Dataset (10+ records) of Personal Data shared publicly
  • File with Developer Secrets shared publicly
  • File with Financial Data shared publicly
  • File with Health Data shared publicly
  • File with public write permissions
  • File being shared to anyone with the link and contains contains data findings
  • File being shared to an external user and contains data findings
  • File shared to more than 15 individual users
  • File shared to more than 3 different external domains
  • File personal email address

✍️ Program Notes ✍️

Thank you again for your partnership. We wish you happy holidays and a happy New Year!

✋ Questions / Feedback ✋

Have a question or want to share your feedback? Contact either Latimer Luis (lluis@openraven.com) or Hamilton Yang (hyang@openraven.com).

December 8, 2023

Happy Holidays, everyone. We're roughly 12 weeks into the Design Partner Program, and our team is heads-down as we push to release more core functionality and iterate on existing features over the next two weeks. Let's dig into this week's updates.

✨ Design Status ✨

  • Rules
    A few weeks ago, we talked about our plans for rules — roughly 10 to 15 focused on high-risk sharing conditions (external access, accessible by anyone with the link, contains sensitive data, etc.). Currently, nine rules are enabled, and our immediate focus is on tuning sensitive data and collaborator count thresholds, which differ from those used in DSPM rules. You can view these rules and what they are detecting in your environments by viewing SaaS DLP -> Violations in the UI. Our plans include providing the ability to toggle individual rules on or off.
  • Allow List
    We are building a configurable "allow list" that will accommodate relationships that permit data sharing between companies part of the same parent corporation, authorized business partners, etc., and include the domain names for those companies. Sharing with email address containing domains on the allowed list will not be considered external and, therefore, not trigger rule violations.
  • Violation Notifications and Remediations
    Our planned initial functionality includes the ability to assign custom notifications and a remediation action to each rule. Notifications will include violation details and a link to the UI or Google Drive, delivered via either Email or Slack. We will implement a rate limit for email notifications to ensure we don't flood inboxes.

    Our current plan for the initial remediation action addresses two scenarios and in both we will remove all sharing permissions belonging to the offending file. In both scenarios we will assume the role of the file owner to modify sharing permissions. The first involves sharing permissions granted at the file level in which we will automatically remove all "People with access", and any link sharing by changing "General access" to restricted.

    The second involves file sharing permissions granted at the folder level in which we will automatically move the file to a new folder at the top level of its parent Drive, remove all "People with access", and any link sharing by changing "General access" to restricted.

    We are also planning on including at key points in the UI the ability to manually invoke these remediation actions.

✋ Questions / Feedback ✋

Have a question or want to share your feedback? Contact either Latimer Luis (lluis@openraven.com) or Hamilton Yang (hyang@openraven.com).

December 1, 2023

Welcome to December. We're in that strange period between Thanksgiving and Christmas when the pace is fast, time flies, and everyone is in GTD mode. This past week was no exception, having received a good amount of feedback that fueled several design decisions. This month, the team is focused on delivering several core capabilities, including alerting and remediations.

Let's go!

⚡ Things You Can Do Now ⚡

Got 5 minutes? Watch a tour of the latest SaaS DLP dashboards.

✨ Design Status ✨

  • Alerting
    We've settled on a model in which we will send an alert message (e.g., Slack notification, email, etc.) for a single violation with the details and a method for linking back to the UI for investigation or to take action.
  • Remediations
    At the core of this capability is removing access permissions on an individual file or at the folder or drive level. We will meet with partners next week to walk through the details of our plan and obtain feedback.
  • UI
    Designs are taking shape, although it's still somewhat early days, primarily based on the flows developed by iterating and obtaining feedback on the Splunk-based dashboards.

November 17, 2023

We've said this many times before, but heading into the Thanksgiving holiday it feels especially relevant. We are thankful for your partnership. Our Design Partner Program is just that, a partnership. Your time, cooperation, and insights helped us deliver a solid foundation of capabilities and bring our vision to life. Today's updates focus on how we are extending those capabilities to provide more value and functionality en route to full productization. Let's dive in.

💡 Did You Know? 💡

Google's naming guidelines make sense within the constraints of users and groups. However, when extended to assessing sharing risks in Google Drive, that's when the fun starts. Names of users and groups can contain a single character, including traditional wild cards such as an asterisk. In some cases, group names can be the same as usernames, and groups can be nested within groups. Here are a few examples of valid group names:

Let the games begin.

⚡ Things You Can Do Now ⚡

Automatically scan files when modified or shared

In addition to scanning files when first discovered, Open Raven will automatically scan those files when modified. If a file has never been scanned and shared, it will be prioritized for scanning.

Automatically analyze file names for indicators of sensitive data

In addition to sensitive data findings, Open Raven now scans file names using keywords to find phrases such as "Board Deck, "customer_list", or "salary info" and flags them accordingly.

View violations in the Violations Explorer dashboard

We've deployed the initial set of rules that focus on identifying specific file-based conditions. Violations of those rules can now be viewed in the Violations Explorer dashboard.

Dashboard Spotlight: Share Target Explorer

You asked for it and now it's here. With the Share Target Explorer dashboard, administrators can view all drives, files, and sensitive data that can be accessed by a specific external email address or target. Searching for a domain will return a list of all email addresses belonging to that domain with access to files and/or drives.

✍️ Program Notes ✍️

Have a wonderful Thanksgiving 🦃!​

November 10, 2023

As we approach Veterans Day this Saturday, we'd like to take a moment to express our gratitude to all those who have served, as well as their families, for their dedicated service.

Our update this week focuses on rules, violations, and remediations. Thank you again for your partnership. Let's dig in.

💡 Did You Know? 💡

Google Workspace DLP apparently doesn't perform Luhn checks on credit card numbers to validate findings, resulting in many false positives.

What is a Luhn check? We wrote about it in our blog post Achieving Complete and Accurate Data Scans Using Validator Functions. When performing a complete scan of terabytes or petabytes of data, even a very low false positive rate can produce large numbers of spurious findings. This is why it is crucial to ensure a high degree of accuracy.

Credit card numbers include a check digit computed using a method called the Luhn Algorithm, which can then be verified against the other digits of the credit card number. Based on our experiments, a random 16-digit number will match the pattern of a card number about 50% of the time. Simply verifying the check digit with a validator function reduces this percentage by a factor of ten. When combined with other methods, such as keyword matching, the Luhn check enables us to find card numbers with a high level of confidence — and eliminate false positives.

✨ Design Status ✨

Rules & Violations

  • Based on design partner feedback, our initial rules focus on identifying file-based and user-based conditions that reflect high-priority indicators of potential risk and will trigger violations. We're currently testing rules in a few partner environments.The initial set of file-based conditions are:
  • General access set to Anyone with the link and contains sensitive data
  • General access set to Anyone with the link and contains 10+ findings of the same type of PII
  • General access set to Anyone with the link and contains Developer Secrets
  • General access set to Anyone with the link and contains Financial Data
  • General access set to Anyone with the link and role set to Editor
  • Shared externally and contains 10+ findings of the same type of PII
  • Shared to an external user and contains sensitive data
  • Shared to more than 3 different external domains
  • Shared to more than 15 individual users

If you are wondering why two of the rules have a minimum number of similar data findings, our intention here is to detect files that contain a dataset. Testing shows that ten or more findings of the same data class in the same file strongly indicate this condition.

Our goal for testing these rules is to ensure a high signal-to-noise ratio and validate we've identified high-risk issues in real-world environments.

Remediations

For remediations, we are currently developing two initial capabilities. The first is the ability to remove external sharing permissions from individual files. For example, when offboarding an employee, remove external sharing permissions from files where the employee is the owner.

The second is the ability to move a file from a shared folder into a "quarantine" folder. This capability addresses files with an offending external sharing permission inherited from its parent folder, allowing for individual file remediation rather than broad action at the folder level.

⚡ Things You Can Do Now ⚡

The functionality within the SaaS DLP dashboards largely remains the same as communicated last week, which focuses on visibility, answering questions, and conducting investigations. Here again are several of the scenarios addressed:

  • "Show me all of the files available externally to anyone with the link."
  • "Which files and how many have been shared to gmail accounts and do they have sensitive data?"
  • How much sensitive data is shared externally?
  • Can we see external sharing activity for specific employees?

November 3, 2023

Ah-ha moments. It's that instance where we've delivered a valuable insight or exposed a significant and unknown risk. It's what we aim for, and we had plenty of them last week as we previewed our new dashboards. Let's dive into this week's updates.

✨ Design Status ✨

  • Work continues on rules, automations, remediations, and connecting them to Slack and email alerts. We plan on rolling out an initial set of rules in the coming days.
  • Thank you for all of your feedback about the dashboards. See the section below for updates on their progress.

⚡ Things You Can Do Now ⚡

We kicked the tires on our newly launched SaaS DLP dashboards with a few partners last week and experienced several ah-ha moments. Each click and query revealed more and more insights and inspired deeper investigation. To illustrate what you can do now, here are a few questions that emerged, shown with sample results from our demo environment.

"Show me all of the files available externally to anyone with the link."

File Sharing Dashboard->External Domains With Most Shares = “Shared by Link”

"Which files and how many have been shared to gmail accounts and do they have sensitive data?"

File Sharing Dashboard->External Domain = gmail.com

How much sensitive data is shared externally?

File Sharing Dashboard->Select data classes

Can we see external sharing activity for specific employees?

There are two ways to answer this question. Using the File Sharing dashboard, you can see which internal users have shared the greatest number of files.

File Sharing Dashboard -> Internal Users With Most Externally Shared Files (select a specific user)

You can also use the File Explorer dashboard and enter the email address of an internal user and see all of their sharing activity.

💡 Did You Know? 💡

According to Google, Shared Drives are only visible to the first 1,000 members of a Google Group or the first 2,500 members of multiple groups. While every group member can access the shared drive and its contents through a URL or a search result, there is currently no way to "unhide" them. It's also unclear how Google Drive determines which users are within the 1,000 or 2,500 user limits. When working with groups of this size, send the link to the Shared Drive to members and ask them to create a starred shortcut.

💻 Product Updates 💻

New data classes:

  • Australia Address
  • Australia Address - keywordless
  • Australia Bank Account Number
  • Australia Bank Account Number - keywordless
  • Japan Driver's License Number
  • Japan National ID
  • Japan Passport Number
  • Japan Phone Number
  • New Zealand Address
  • New Zealand Address - keywordless
  • New Zealand Bank Account Number
  • New Zealand Bank Account Number - keywordless

October 27, 2023

Happy Friday. We thought we'd start this week by taking a minute to discuss where we are in the program.

Last month, we said to think about the program as having two parts - delivering the core capabilities in October followed by full productization - and that's precisely where we are. We're heading into the last week in October, having delivered several core capabilities, including drive enumeration and analysis, metadata and content scanning, and summary and investigative dashboards. As we push forward toward full productization, we expect to deliver over the following several weeks violations, remediation actions, and a beautiful UI.

Thank you again for your partnership. Now, let's dive into this week's updates.

💡 Did You Know? 💡

You may have invisible shared drives with sensitive data.

When the final Manager leaves a Shared Drive, all of the content within that Shared Drive remains accessible to users with access. However, the drive and its contents are invisible to those without access, including administrators.

The solution? Using the Google Workspace Admin Console, administrators should navigate to Apps>Google Workspace>Drive and Docs>Manage shared drives and filter for shared drives without a manager to discover invisible drives. From there, they can set themselves as managers and then see its contents.

✨ Design Status ✨

We continue to generate meaningful insights from partner conversations around scan results, which inform violations and remediation actions design. For example, we learned we need to provide more context around why someone shared a file before users can suggest a remediation action. As a result, we’ve shifted our focus to gathering more environmental data, specifically:

  • File names - Scanning file names for sensitive data or identifying names of files that indicate it may contain sensitive data such as "Board Deck", "salary_list",  or "Customer Contacts".
  • Workspace user, OU, and group data - When paired with shared email domains context can be ascertained such as the Business Development group sharing a file called "Joint Customer List" with a domain belonging to a reseller partner.
  • File and folder sharing permissions - Comparing sharing permissions of files with sensitive data and those of its parent folder indicates when remediation must occur at the folder level rather than the file level. For example, if a file is accessible to “Anyone with the link” and its parent folder has the same setting, the file inherited that setting, indicating the remediation action should be taken on the folder instead of the file.

⚡ Things You Can Do Now ⚡

In addition to the Summary and Investigative dashboards, we've produced two more: Overview and File Sharing.

Overview

The Overview page provides top statistics to identify areas for further investigation. You can start your analysis by viewing what is being shared (data classes or extensions), who or what is doing the most sharing (drives or internal users), and where (domains or external users).You can click on elements and filter down for more details. For example, if you want to see data for just the files being shared to “gmail.com”, clicking on that row in the chart and clicking on “Submit” will refresh the dashboard with all of the content specific to files being shared to any “gmail.com” email.

File Sharing

The File Sharing Dashboard provides tools to analyze sharing permissions and data findings within specific files and determine if further triage is needed.


🛠️ What's Coming 🛠️

  • Additional dashboard iterations and improvements based upon feedback.
  • Linking between the various dashboards and investigative pages.

💻 Product Updates 💻

  • Support for GCP CloudSQL and BigTable.

October 20, 2023

Fun fact. Our testing shows Google Drive file and folder names have a max length of at least 10,000 characters. Not just text characters but any Unicode characters. If that's not enough to get your security-gears working, there's more. In Google Docs, if a user does not input a document title, Docs will auto-populate the title using characters starting on the first line of text and up until the first line break or 10,000 characters. Interesting, right? We are starting to see the data security implications of these two oddities as we continue to process scans and findings. In the meantime, Happy Halloween!

✨ Design Status ✨

While we have several engineering initiatives in progress, our primary focus this past week has been producing meaningful findings based on scan results, exploring findings with partners, and discussing how to visualize information and take action. Additional updates:

  • Data classification works at scale across millions of files, generating meaningful and actionable insights. E.g., external sharing by data class or collection and domain.
  • We continue to roll out dashboards in Analytics to individual partners.
  • Partners can run scans using Google functions. We brought this feature forward based on demand.

⚡ Things You Can Do Now ⚡

While Google Drive assets and findings are visible in much of the UI — Assets, Asset Details, Data Catalog — much of the new functionality resides in two new dashboards in Analytics.

Google Drive Summary Dashboard
Google Drive Investigative Dashboard

🛠️ What's Coming 🛠️

  • Additional drive and user metadata
  • Remediation actions
  • More dashboards

💻 Product Updates 💻

  • Support for AWS DynamoDB
  • New scan experience/UI
  • New data classes:
    Healthcare diagnostic codes (ICD9 and ICD10)
    Swedish bank account numbers

October 13, 2023

For those of you who are tuning in or following the MLB playoffs, you'll agree that there's a different level of intensity and focus in October versus the regular season. It's a compelling parallel to where we are in our design journey. It's mid-October, our intensity is high, and our focus remains laser-sharp on finalizing core capability development while laying the groundwork for what's to come - specifically, the UI and productization phases. Let's dive into this week's update.

✨ Design Status ✨

  • We successfully generated native and non-native data findings at scale for several design partners. One partner said our Google Drive sensitive data findings provide critical context for incident response.
  • Our immediate focus is on analyzing data findings across several dimensions (data class, access, age) and determining with design partner feedback which actions to take.
  • Initial data shows that scan costs are minimal even when scanning millions of objects, suggesting highly efficient scan performance.
  • Work continues on the violations engine and remediations. Both are still in the internal design and testing phases.

We will deploy these capabilities in a few days as a batch update to the Google Drive Summary dashboard to minimize disruption.

⚡ Things You Can Do Now ⚡

  • Google Drive Summary Dashboard functionality remains relatively the same as last week. View several statistics regarding drives, files, access, permissions, and usage data. Produce custom insights into externally shared files using different filters.
  • View My Drive and Shared Drive asset details with data findings, view data findings in the Data Catalog and validate findings using data previews.

🛠️ What's Coming 🛠️

  • Continued scanning deployment across all partner environments, along with requests for meeting times to review findings and discuss remediation actions.
  • We expect to roll out later next week planned dashboard updates with sensitive data findings, violations, external sharing insights, stale data insights, statistics on file inventory, user-centric access, and program metrics.

✍️ Program Notes ✍️

Have general feedback? Drop us a note here.

💻 Product Updates 💻

New data classes:

  • Australia: Passport Number, Phone Number
  • New Zealand: Passport Number, Phone Number, Driver's License Number, Tax ID (IRD)

October 6, 2023

We thought we would kick off this week's update with a quote from Albert Einstein: "In the middle of every difficulty lies opportunity." Hey, this stuff is hard and sometimes we need inspiration. Well, Einstein could not have been more correct. This past week we moved past several challenges around classification, violations, and remediations, identified opportunities for elegant solutions and began generating meaningful results.

✨ Design Status ✨

  • We can now identify sensitive data in the contents of both Google Drive native files (Docs, Sheets, Slides) as well as non-native files (Office docs, CSVs, PDFs, etc.). Thank you to those of you who worked with us during our initial testing.
  • The violations engine is functioning as expected. While deploying this service, we found and fixed an issue further upstream in the pipeline that was preventing data from reaching the violations engine. We are re-processing the backlog which will take time.
  • Remediations passed our internal tests. We successfully removed sharing permissions and deleted documents altogether.
  • We improved the load time of the Google Drive Summary dashboard by restructuring database tables which reduced the number of joins needed to present the data.

We will deploy these capabilities in a few days as a batch update to the Google Drive Summary dashboard to minimize disruption.

⚡ Things You Can Do Now ⚡

Functionality within the Google Drive Summary dashboard remains relatively the same as last week, aside from load time improvements and minor layout changes. As a reminder, existing functionality includes...Viewing:

  • #of Shared Drives
  • #of My Drives
  • # of files set to allow access to "Anyone with a Link"
  • # of files shared outside the company domain
  • Files with the greatest number of people with access
  • External domains with the greatest number of shared files
  • External emails with the greatest amount of file access
  • All Shared Drive restrictions
  • Permission and usage data by user and My Drive

Generating custom views of all externally shared files using a combination of filters including:

  • Public (General access set to "Anyone with the link")
  • Located in a specific Shared Drive or a My Drive
  • File name
  • Shared with a specific email address
  • Drive name

🛠️ What's Coming 🛠️

  • Native and non-native file scanning for those who haven't tested it.
  • Remediation actions -  removing sharing permissions, deleting a file.
  • New dashboard widgets featuring sensitive data findings, violations, external sharing insights, stale data insights, and statistics on file inventory, user-centric access, and program metrics.

✍️ Program Notes ✍️

​​​​​​No big news here other than we will continue to reach out regarding how best to initiate data scanning. Scheduling time is easy. You can view our calendar here.

💻 Product Updates 💻

Mostly backend updates and minor UI fixes.

September 22, 2023

Welcome to the inaugural edition of our Design Partner Program update! We're thrilled to embark on this collaborative journey with you as we build on our current strength in core AWS and GCP data services, and expand the platform to cover Google Drive.

In this weekly update, we will provide you with insights into our latest and upcoming releases, ensuring you can stay informed about our continuous progress. Additionally, we will seek your design input and present opportunities for active participation in shaping our solution.

✨ Design Status ✨

We've primarily concentrated our early efforts on two key areas: drive discovery and access analysis. For drive discovery, we've developed an initial catalog encompassing various drive and folder types, along with detailed information on sharing permissions and the sizes of individual personal drives. As for access analysis, we've built the functionality needed to identify files shared with email addresses beyond our company domains, files accessible via public-facing links, and files shared with group email addresses. These valuable insights will play a pivotal role in our forthcoming design meetings as we seek to better grasp the requirements and requests for harnessing these capabilities.

🛠️ What's Coming 🛠️

  • We're designing a "file sharing" dashboard focused on risks associated with externally shared files with metrics on external users that files are shared with, external domains associated with shared files, and more.  
  • A core use case for this program is determining file age and providing insights into stale data. We are targeting to have the initial data set available for design meetings in 1-2 weeks.
  • The next major milestone, performing data classification on an initial set of Google Drive content and presenting a catalog of the findings, is in process.

✍️ Program Notes ✍️

  • We are planning on scheduling design sessions in the coming weeks. Please contact Latimer Luis if you are interested.  
  • Have general feedback? Drop us a note here.