Re: Is anyone successfully restricting data downlo...

stephdewar · 03-29-2023 09:27 AM

We currently allow access to personal/BYOD devices to our google workspace; ideally due to access needs we require this to continue. However to protect our data we would like to restrict the ability to download documents from google drive when accessing from a personal computer. We are aware we can restrict access to google workspace to non corporate devices but this isnt something we wish to do due to contract staff and frontline workers requiring access and not having access to corporate devices.

We have been unable to find a solution to this either through our support partner or researching online so wanted to check if anyone has succesfully managed this or has an alternative solution?

Thanks in advance

Steph

icrew

Sounds like maybe you’re looking for context aware access? https://support.google.com/a/answer/9275380?hl=en

Hope that helps,

Ian

stephdewar

Hi Ian,

Thank you for your speedy reply; I think ( although may have missed it)
that context aware will only let us either restrict access to specific
devices or restrict access to an app. I don't believe you can allow access
to drive but restrict the ability to download when in it?

We will keep researching though as maybe have missed this feature.

Thanks

Steph

--

This email and any attachments are confidential and intended solely for
the persons addressed. If it has come to you in error please send it back
to us, and immediately and permanently delete it. Do not use, copy or
disclose the information contained in this message or in any attachment.
Whilst every care has been taken to check this e-mail for viruses, it is
your responsibility to carry out checks upon receipt.

newman

You can only prevent downloading on the individual file level, which cannot depend on the device. The only option to prevent downloads is BeyondCorp but it won't solve your issue as it does not look at the device attributes it only blocks downloads based on the content of the download.

You are correct CAA prevents access to apps, but once granted access, it does not enforce any other settings. CAA would be a good option if you only want company-owned devices to access Workspace. The users wouldn't be able to download bc they can't access the workspace. This doesn't work for every company, but this is what my company does.

stephdewar

Thats really helpful thank you !
--

Stephanie Dewar
Service Delivery Manager, Digital
01903 221197
Adur & Worthing Councils
Town Hall, Chapel Road, Worthing, BN11 1HA
www.adur-worthing.gov.uk
<>
<>
<>

--

This email and any attachments are confidential and intended solely for
the persons addressed. If it has come to you in error please send it back
to us, and immediately and permanently delete it. Do not use, copy or
disclose the information contained in this message or in any attachment.
Whilst every care has been taken to check this e-mail for viruses, it is
your responsibility to carry out checks upon receipt.

cryptochrome

What you are looking for is a solid DLP/CASB solution that will allow checking device posture before permitting certain operations (like downloads from Drive). Those solutions allow you to create a ruleset denying downloads when not signed into a corporate device but still allow other operations like viewing/reading.

Look at vendors like Netskope (they meet your requirements 100%).

While those solutions aren't super cheap, they have the added benefit of increasing your security posture overall (your use case is just a tiny portion of the feature set).

stephdewar

Thats really helpful thank you; I'll check that out !

Is anyone successfully restricting data download from Google drive onto personal devices?