We can't be the only ones out there fighting these limitations with Google and Netskope.
Google has Badge Labels (like most collaboration services) but they are pretty much focused around doing DLP inspection. Essentially, assign a label of "Confidential" and specific DLP detections are done (i.e. Credit Card).
What we would love to do is use labels as a way to enforce access control. With the new R107 release of Google Badge Label support, there isn't really any meaningful actions that can be used (that Google doesn't natively do already). We would love to detect if a label is detected to enforce access control to that document. For example, if we assign a label called "Important People Only" (which is made up of a handful of internal people and some external people) and someone assigned the label to a document Netskope will perform an action to update the people it is shared with to the people in the group called "Important People Only".
Currently, the only actions are to restrict to owner only and to allow only certain domains to access the document.
We would love to know how other Google Enterprise customers are solving this. We think its a pretty simple access control ask.
I've asked our netskope team to file a feature request already.