Next Generation API Data Protection for Google Drive

Next Generation API Data Protection for Google Drive

Using API Data Protection involves configuring the API connection for your Google Drive app.

To use the Next Generation API Data Protection for Google Drive, you need to log in to your Google admin console, enter the Client ID and OAuth scopes, and authorize it. The following sections explain how to client ID and OAuth scopes and how to configure the connection.

Why you should move to Next Generation API Data Protection?

  • Dramatically simplified policy definition and management: Multi-app/all app policies and multiple DLP profiles in a single policy.

  • Ability to define threat protection policies.

  • Unified inventory page, for threat hunting and forensic analysis.

  • Ultra-low time to detect and remediate to non-compliant activities.

  • Support for Google Drive badged labels as a policy condition.

Capability Differences Between Classic & Next Generation API Data Protection

Here is a list of feature parity for Google Drive between classic and Next Generation API Data Protection.

FeatureSub-categoryClassicNext Generation
Instance Selection-YesYes (multiple)
User SelectionTarget all Teams Drive with ExceptionYesYes (manual process using Scan Options)
Subset of Team DrivesYesYes (manual process using Scan Options)
User ProfilesYesYes
AD User GroupsYesYes
Exclude UsersYesYes
Exclude User ProfilesYesYes
File SharingAll Sharing OptionsYesYes
Specific Sharing OptionsYesYes
Private Sharing Options (Specific Sharing Options)YesYes
Public Sharing Options (Specific Sharing Options)YesYes
In Next Gen, public sharing is called Anonymous.
Share Content Internally (Specific Sharing Options)YesYes
Sharing Content to More than X Internal Collaborator (Specific Sharing Options)YesYes
Sharing Content Externally (Specific Sharing Options)YesYes
Sharing with All External Domains (Specific Sharing Options)YesYes
Sharing with Specific External Domains (Specific Sharing Options)YesYes
Sharing Content to More than X External Collaborator (Specific Sharing Options)YesNo
Sharing Across Enterprise Organization (Specific Sharing Options)YesYes
Sharing Enterprise shared with Everyone (Specific Sharing Options)YesYes
Sharing Enterprise shared with Everyone Except External Users (Specific Sharing Options)YesYes
Sharing Content with a Selected set of User Groups (Specific Sharing Options)YesYes
File Type to ScanAll File TypeYesYes
(Netskope cannot scan Google Doc or Sheet greater than 10 MB. This is a limitation enforced by Google.)
Specific File TypeYesYes, file type list is similar to DLP file type list.
DLPDLP ProfilesYesYes (multiple)
DLP IncidentsYesYes
DLP QuarantineYesYes
Manual Remediation Action (Restrict Access) from IncidentsYesYes
QuarantineQuarantine RestoreYesYes
Threat ProtectionThreat Protection Feature in Instance ConfigurationYesYes
Severity Based Action - QuarantineYesYes
Severity Based Action - RemediationYesYes
ForensicsGoogle Drive as Forensic StoreYesYes (see Next Gen Forensics)
InventoryInventory DashboardYesYes (with unified Inventory page)
Inventory Details Panel (File Details, Sharing, Links, Recent Activities)YesYes
Manual Actions for Remediation (Restrict Access)YesYes
ActionAlertYesYes
DeleteYesYes
Legal HoldYesYes
EncryptYesNo
IRM ProtectYesNo
QuarantineYesYes
Disable Print & DownloadYesYes
Change OwnershipYes (to admin)Yes (to any specific email)
Restrict AccessYesYes
Restrict Access Owner SelectedYesYes
Restrict access - remove public linksYesYes
Restrict Access Internal User SelectedYesYes
Restrict Access to Remove Public LinksYesYes
Restrict Access to Remove Individual UsersYesYes
Restrict Access to Remove Organization Wide LinksYesYes
REST API SupportYesNo
NotificationsEmail NotificationsYesYes
Detection & RemediationMTTD & MTTR (Mean time to detect/resolve)FastUltra-fast
Google Badged Label Support-NoYes
Share this Doc

Next Generation API Data Protection for Google Drive

Or copy link

In this topic ...