QUESTION - Security update for Google Drive | C2C Community
Solved

QUESTION - Security update for Google Drive

  • 24 June 2021
  • 6 replies
  • 118 views

Userlevel 2

Hello Everyone,

Just going through the following update received today. 

 

https://workspaceupdates.googleblog.com/2021/06/drive-file-link-updates.html

 

Google is making files more secure by adding resource key in shared items and sending alerts to almost all orgs with the count of affected files, users, etc.

But we need to know the affected files and their owners, is there any way to get affected files and owners with respect to the alert?  Also if this would have any impact on existing Google App Script, 3rd party apps, etc.

I am not sure if we can get these files using GAM/GAMADVX using some kind of filters.

Any recommendations would be beneficial.

icon

Best answer by hjkimbrian 24 June 2021, 23:23

View original

6 replies

Userlevel 7
Badge +26

@andy.yates @dominikkugelmann would you know anything about how this new update will affect 3rd party apps?

Userlevel 2

It does feel as if this has come out of the blue today. We are looking at it in two ways.

  1. As a Cloud Partner we have customers that will ask questions, and we use Google Workspace ourselves of course. As it stands, I’m leaning towards leaving the default setting and allowing users to opt out (but I don’t know why they would choose to do that, and I’ve not yet read anything that clarifies it). It’s not helpful that Google don’t seem to provide information on the affected users. In my admin panel I can see the number of users, folders and files impacted but no further details.
  2. As an app developer we will need to assess whether the update will impact our product, Overdrive. It’s built on top of Drive and uses content to create websites - so we really need to know asap what the impact will be. The team are working on it, and if the update is September, we probably have enough time. I’d say most 3rd party developers are having the same discussions that we have had with the development team this morning. Most should be on top of things and get a product update out before September.

I will follow this thread with interest.

Userlevel 3
Badge +1

as i understand it, the files affected are files that are shared with domain or anyone, which you should be able to scan using Drive API (GAMADV-XTD3, etc.). However, as for actual impact.. nobody really knows. What’s unclear at this time is if files shared with target audience is affected, as they are actually files shared with domain which Google creates for you. 

 

Userlevel 4
Badge +3

As others have already said - it’s pretty unclear at this point. All we have heard is what is linked above, plus the email notification. As our admin said ‘looks like this is going to be fun’: 

 

:sweat:

Userlevel 2

This community is really helpful. We got to know details from experts with just small posts and healthy way to share knowledge.

 

Thank you all for your responses. After seeing replies it gave me more confidence on my thought that Google had really not shared more details about the security update.

 

Let's see how it goes.

Userlevel 3
Badge +1

sharing GAM command that I’ve been working on.

GAMADV-XTD3 6.04.16 or higher required.

gam config csv_output_row_filter "'linkShareMetadata.securityUpdateEligible:boolean:true'" auto_batch_min 1 redirect csv - multiprocess todrive all users print filelist fields id,title,permissions,owners.emailaddress,resourcekey,linksharemetadata,mimetype query "visibility='anyoneWithLink'"

Still working on Shared Drives just so I can verify the information that Google provided with output from GAM.

Reply