Netskope Global Technical Success (GTS)
How to Allow Access to Specific Google Drive Shared Files Only
Netskope Cloud Version - 121
Objective
Allow access to specific Google Drive shared files only while blocking access to Cloud Storage Category.
Prerequisite
Netskope CASB/SWG license is required.
Context
Many of our customers choose to block the Cloud Storage category as part of their data security strategy, primarily to reduce the risk of unauthorized data storage and prevent sensitive information from being uploaded to unapproved cloud services. By blocking the Cloud Storage category, organizations can ensure that their employees are not inadvertently storing business-critical or sensitive data in unsecured or non-compliant cloud platforms, mitigating the potential for data breaches or leaks.
However, in certain cases, customers also need to allow access to specific cloud services, such as Google Drive, for business operations. Google Drive is widely used for collaboration and file sharing, and many organizations want to allow access to specific files within their Google Drive environment while blocking access to other, potentially unapproved or insecure cloud storage services.
With Netskope, customers can implement granular policies that block the broader Cloud Storage category but allow selective access to specific Google Drive files.
Configuration
Step 1- Identify the File you want to allow access to
After the file has been identified, open it on the browser and paste the URL in the notepad as shown below.
URL:
https://docs.google.com/spreadsheets/d/1cwyzRPS69jPT7tGd6dRfhyqJwswf2sUqf3kQqlvVixU
Step 2 : Create a Custom Application
Path: Netskope Tenant UI >>> Settings >>> Security Cloud Platform >>> Traffic Steering >>> App Definition >>> New App Definition Rule >>> Cloud App
Using the above URL example, fill up the “Domain” and “Path” fields as follows:
Application: Test File 1 - Spreadsheet (Use the original file name)
Connector: From Predefined App > Google Drive
Domain: docs.google.com
Path: /spreadsheets/d/1cwyzRPS69jPT7tGd6dRfhyqJwswf2sUqf3kQqlvVixU
Click on then click on SAVE.
Ref.-
Step 3 : Create the Real Time Policies
Path: Netskope Tenant UI >>> Real-Time Protection >>> New Policy >>> Cloud App Access
This Use Case is intended to allow specific Google Drive Files when the Cloud Storage Category is being blocked. So in this case, a Policy to allow the file should be placed above the blocking policy.
Source: User/User Group
Destination: Application created in the step 2
Profile & Action: Allow
Policy Name: yWEB] Allow Test File 1 - Spreadsheet Google Drive (Use a name easy to understand)
Verification
If the user tries to access Google Drive or any File that has not been allowed it should get a Block.
However, users can access to the file it was allowed on the policy in step 3.
Terms and Conditions
- All documented information undergoes testing and verification to ensure accuracy.
- In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.
Notes
- This article is authored by Netskope Global Technical Success (GTS).
- For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.