Are there any GCP recommendations that can be utilized to identify internal employees sharing a Google Doc, Sheet, etc. with people outside our organization?
- Cloud Storage
While a GCP project can be leveraged to auto-create/edit Google docs/sheets/etc, those assets are created in GSuite (Google Workplace), not the GCP project itself.
For GCP Cloud Storage related recommendations, the following can be leveraged in the Storage section of the GCP Compliance Report for additional visibility:
- GCP_CIS_5_1 : Ensure that Cloud Storage bucket is not anonymously or publicly accessible.
- GCP_CIS_5_2 : Ensure that there are no publicly accessible objects in storage buckets.
- GCP_CIS_5_3 : Ensure that logging is enabled for Cloud storage buckets.