Skip to main content

AD_4nXfvOa3XOR1NQBddV2LpMCp3sYg09AFOpJ4dtXBsOBuySacHRjs0GkaRjZ9PEFlvAgGNB13v2gtGNMQBs1NBktm5-97MQFGGd2NskIYIWowbdlM7xqX6a5uKte82Gl5ivhsqERATig?key=xYs88QkM3fjyRdAhynJVzsgg

Netskope Global Technical Success (GTS)

How to Allow Access to Specific Google Drive Shared Files Only 

 

Netskope Cloud Version - 121

 

Objective

Allow access to specific Google Drive shared files only while blocking access to Cloud Storage Category.

 

Prerequisite

Netskope CASB/SWG license is required.

 

Context

Many of our customers choose to block the Cloud Storage category as part of their data security strategy, primarily to reduce the risk of unauthorized data storage and prevent sensitive information from being uploaded to unapproved cloud services. By blocking the Cloud Storage category, organizations can ensure that their employees are not inadvertently storing business-critical or sensitive data in unsecured or non-compliant cloud platforms, mitigating the potential for data breaches or leaks.

However, in certain cases, customers also need to allow access to specific cloud services, such as Google Drive, for business operations. Google Drive is widely used for collaboration and file sharing, and many organizations want to allow access to specific files within their Google Drive environment while blocking access to other, potentially unapproved or insecure cloud storage services.

With Netskope, customers can implement granular policies that block the broader Cloud Storage category but allow selective access to specific Google Drive files.

 

Configuration

Step 1- Identify the File you want to allow access to

After the file has been identified, open it on the browser and paste the URL in the notepad as shown below.

AD_4nXdj3Bi1EV8sAROSfjHB7CNM6fYLiDYHjgBDT5Vk0w89mKcT_XL7wiN0HpvrvIjqBDOyx7_UD2xzCEKUvXjrbjR6HxkVxjt2B78Dsp2myYH2AjGyJwh3VNNMarrbyx5Kd1bIaIQouw?key=xYs88QkM3fjyRdAhynJVzsgg

 

URL: 

https://docs.google.com/spreadsheets/d/1cwyzRPS69jPT7tGd6dRfhyqJwswf2sUqf3kQqlvVixU


 

Step 2 : Create a Custom Application
Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> Traffic Steering >>> App Definition >>> New App Definition Rule >>> Cloud App

 

Using the above URL example, fill up the “Domain” and “Path” fields as follows:

Application: Test File 1 - Spreadsheet (Use the original file name)

Connector: From Predefined App > Google Drive

Domain: docs.google.com

Path: /spreadsheets/d/1cwyzRPS69jPT7tGd6dRfhyqJwswf2sUqf3kQqlvVixU


AD_4nXe6EpRuFv5_q1CsYB9TBgVCIxbStAVsQ8hoIcuQvUuvMpX-SzHTndkvGzMAEofwtlhxOi0FmehNrQ-7j3rjeVarsxC5tRwBd2gdSMtkIlHnLdgWfK2GH3Qsd1O8FdC533g9P8eTHw?key=xYs88QkM3fjyRdAhynJVzsgg

Click on then click on SAVE.


Ref.-

AD_4nXe-vJHp7epVTaHBiXgQNChyJCefEtU6CgIV9fk_grsaJPbr_Xr7rBpVxO1tcukRVr8fJm2VOJRTfZI2iJjnpXO6MHaTeBz863n_kGWfjjozH1SjEFDZsL8JyoHfkzRAqIzQ4LL5qA?key=xYs88QkM3fjyRdAhynJVzsgg

 

Step 3 : Create the Real Time Policies
Path: Netskope Tenant UI >>> Real-Time Protection >>> New Policy >>> Cloud App Access

 

This Use Case is intended to allow specific Google Drive Files when the Cloud Storage Category is being blocked. So in this case, a Policy to allow the file should be placed above the blocking policy.

 

Source: User/User Group

Destination: Application created in the step 2

Profile & Action: Allow

Policy Name: yWEB] Allow Test File 1 - Spreadsheet Google Drive (Use a name easy to understand)

AD_4nXfjirtZyL71tCLcv4ctByhlVXhNHv-S3TEsAifckToLCNyr710OpaeygKu4HISKlVAMwptx_XjlulcPLZ1HWiboH2VPMYO475RHE0MDSKRdLE79ms_HmYc-pazzP4djn-TCbpYM5g?key=xYs88QkM3fjyRdAhynJVzsgg

 

AD_4nXepIs5oupMMU3yxj0wfd7aa9SPdinoHqxs1ewtOhwwtKSU4Tnel_IcePVEJe1qttSCArb79oIFSO8uHqwGDGvoleTWnutOjVDcBA48qBXEbGFtJ0EK3yPbnmWnUjF2wt9mf0tLCwQ?key=xYs88QkM3fjyRdAhynJVzsgg

 

Verification

If the user tries to access Google Drive or any File that has not been allowed it should get a Block.

AD_4nXeJiwZzj8i-kc7A-dg3EjnVukGhWeYLExOgwO4O0EYVvTZAhgsAomiN7urX8GnNYyhjWT7FRWjv-ju9Qn8ufAnN_Bz4hNPxrwhhUaL37b4i2BbH8SIT9B1zdpjhFbEDdJeEWY6nTQ?key=xYs88QkM3fjyRdAhynJVzsgg

 

AD_4nXevNx_S0-ZEQ-HcmtPYlE_Ix7Ktx7sT3wNBtyD7bqj90sT-j292rvvMwOVdg5-K7wciO9Dv9giu6OoI_tCP1ldclgajZb8p8pZY5tOZPxmSgsaod33UOiHcoV0iNs3J8IUWmjY9aw?key=xYs88QkM3fjyRdAhynJVzsgg


 

However, users can access to the file it was allowed on the policy in step 3.

AD_4nXf3_kgQbeo4XubXaw3xDPS6-ZxKsB2-0-0BoUVVDUJuQvsGJkE7TDKjegytHb5w4bPldjoZpOUG8Bc-LGJIWBw-nutgW7KrVF_eGLQToUzecd_TdDvNQYfZNFGViiIbll0LqKw-XQ?key=xYs88QkM3fjyRdAhynJVzsgg

 

Terms and Conditions

  • All documented information undergoes testing and verification to ensure accuracy.
  • In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

 

Notes

  • This article is authored by Netskope Global Technical Success (GTS).
  • For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.
Be the first to reply!

Reply