Next Generation API Data Protection for Google Drive

Next Generation API Data Protection for Google Drive

Using API Data Protection involves configuring the API connection for your Google Drive app.

To use the Next Generation API Data Protection for Google Drive, you need to log in to your Google admin console, enter the Client ID and OAuth scopes, and authorize it. The following sections explain how to client ID and OAuth scopes and how to configure the connection.

Why you should move to Next Generation API Data Protection?

  • Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.

  • Ability to define threat protection policies.

  • Unified inventory page, for threat hunting and forensic analysis.

  • Ultra-low time to detect and remediate to non-compliant activities.

  • Support for Google Drive badged labels as a policy condition.

Capability Differences Between Classic & Next Generation API Data Protection

Here is a list of feature parity for Google Drive between classic and Next Generation API Data Protection.

FeatureSub-categoryClassicNext Generation
Instance Selection-YesYes (multiple)
User SelectionTarget all Teams Drive with ExceptionYesYes (manual process using Scan Options)
Subset of Team DrivesYesYes (manual process using Scan Options)
User ProfilesYesYes
AD User GroupsYesYes
Exclude UsersYesYes
Exclude User ProfilesYesYes
File SharingAll Sharing OptionsYesYes
Specific Sharing OptionsYesYes
Private Sharing Options (Specific Sharing Options)YesYes
Public Sharing Options (Specific Sharing Options)YesYes
In Next Gen, public sharing is called Anonymous.
Share Content Internally (Specific Sharing Options)YesYes
Sharing Content to More than X Internal Collaborator (Specific Sharing Options)YesYes
Sharing Content Externally (Specific Sharing Options)YesYes
Sharing with All External Domains (Specific Sharing Options)YesYes
Sharing with Specific External Domains (Specific Sharing Options)YesYes
Sharing Content to More than X External Collaborator (Specific Sharing Options)YesNo
Sharing Across Enterprise Organization (Specific Sharing Options)YesYes
Sharing Enterprise shared with Everyone (Specific Sharing Options)YesYes
Sharing Enterprise shared with Everyone Except External Users (Specific Sharing Options)YesYes
Sharing Content with a Selected set of User Groups (Specific Sharing Options)YesNo
File Type to ScanAll File TypeYesYes
Specific File TypeYesYes, file type list is similar to DLP file type list.
DLPDLP ProfilesYesYes (multiple)
DLP IncidentsYesYes
DLP QuarantineYesNo
Manual Remediation Action (Restrict Access) from IncidentsYesYes
QuarantineQuarantine RestoreYesNo
Threat ProtectionThreat Protection Feature in Instance ConfigurationYesYes
Severity Based Action - QuarantineYesNo
Severity Based Action - RemediationYesNo
ForensicsGoogle Drive as Forensic StoreYesYes (classic API Data Protection instance as a forensic destination)
InventoryInventory DashboardYesYes (with unified Inventory page)
Inventory Details Panel (File Details, Sharing, Links, Recent Activities)YesPartially available (File Details, Recent Activities, DLP Violation)
Manual Actions for Remediation (Restrict Access)YesYes
ActionAlertYesYes
DeleteYesYes
Legal HoldYesNo
EncryptYesNo
IRM ProtectYesNo
QuarantineYesNo
Disable Print & DownloadYesNo
Change OwnershipYes (to admin)Yes (to any specific email)
Restrict AccessYesYes
Restrict Access Owner SelectedYesYes
Restrict access - remove public linksYesYes
Restrict Access Internal User SelectedYesYes
Restrict Access to Remove Public LinksYesYes
Restrict Access to Remove Individual UsersYesYes
Restrict Access to Remove Organization Wide LinksYesYes
REST API SupportYesNo
NotificationsEmail NotificationsYesYes
Detection & RemediationMTTD & MTTR (Mean time to detect/resolve)FastUltra-fast
Google Badged Label Support-NoYes
Share this Doc

Next Generation API Data Protection for Google Drive

Or copy link

In this topic ...