Earlier this year, Google announced a security update to Google Drive to make file sharing more secure. In 2018, Google updated its address-generation scheme making documents less prone to URL-guessing attacks. That update did not address file links created before the new scheme existed. The current Drive sharing update addresses files created with the legacy address-generation, those created before 2018. By adding a resource key to the URL, shared files you don’t want to be exposed to the public will be harder for malicious actors to find.
Drive link sharing deadline
Google has added a new setting to the Admin console to control whether the security update to Drive is applied and if so, whether users can override the update on specific files.
Setting Location: Apps > Google Workspace > Drive and Docs > Sharing settings > Security update for files
If a value is not set, the security update is applied with no option for users to remove/apply for their files.
Note: Both Google and Amplified IT recommend not using the Remove Security update from all impacted files option.
The update has a 3 phase rollout:
-
Phase 1: Admin chooses how to apply the update—Prior to July 23, 2021
-
Phase 2: User is notified & chooses how to apply the update—From July 26 to August 25, 2021
-
Phase 3: Drive enforces update—Beginning September 13, 2021
The September 13 deadline for applying the update is fast approaching. Beginning on that date impacted files will have the resource key added to their URL. Effectively changing the link. URLs will be updated in batches with the update set to finish by the end of September 2021.
Which files are Impacted
While it is not possible to generate a list of the file links that will be updated and where those are shared, you can narrow down your volume by considering the following.
Files not impacted
-
Google Docs, Sheets, Slides, and Forms
-
Files shared by inviting others via email
Files impacted
-
Files shared by creating and sending a Google Drive link prior to 2018
-
Users who accessed a file using the old Google Drive link before this update can still access the file post update
-
Users who did not access a file using the old Google Drive link before the update can still use the link, but will receive a request access message
Communicating the change to staff
It is important to let staff know that beginning September 13th, they may see the Request access message when accessing a Google Drive link. They may also start receiving requests to share emails if they are the owner of a file with an updated file link.
Visit this link to learn more about deciding how to apply the link-sharing security update to Drive.
-
Lorrie McConnell
Technical Writer -
About the Author:
Lorrie was born and raised near Pittsburgh, PA. She is a proud graduate of Slippery Rock and Chatham Universities. She holds degrees in Business and Professional Writing. In her role as Technical Writer, Lorrie adds clarity to all things Amplified IT. She continually looks for better ways to explain the ‘how’ and ‘why’ for our products and services. Being a Pittsburgh native, Lorrie loves all things black and gold. When she does get downtime, she enjoys family, baking, walking, and archery. A fun fact: Lorrie participated in the largest wedding cookie table which earned a Guinness World Record with 88,425 cookies!
