Today, an intriguing question was posed to me: “How can I prevent users from uploading files to Google Drive while still allowing them to view and edit existing files?”
Although uploading and editing may seem like distinct actions, both rely on the HTTP POST method for communication. Consequently, blocking file uploads also hinders the same communication required for file editing. Determining a solution required careful consideration. Ultimately, I discovered a powerful combination of tools: leveraging a Cloud App Control policy in conjunction with Cloud Browser Isolation within Zscaler. By applying this approach, we can effectively block file uploads while simultaneously redirecting access to Google Drive and its associated files to a Cloud Browser Isolation session. This innovative approach enables users to seamlessly interact with the site and files, while preventing any upload or content copying. In this post, I’ll guide you through the step-by-step process of implementing this solution and demonstrate the remarkable capabilities of this technology in action!
The first step in this process is to configure a Cloud Browser Isolation profile that allows users to interact with a page accessed via an isolated session while restricting the ability to copy, paste, and upload files.
To configure a Cloud Browser Isolation profile, navigate to the ZIA Admin Interface and access the Secure Browsing menu under Administration. Once in the Browser Isolation menu, click “Add Profile”.
Configure the Isolation Profile by providing a meaningful name and appropriate description. For this demonstration, I have named it “GDrive Isolation”. Keep in mind that the specific configuration options may vary depending on your organization’s policies and requirements.
In the “Security” settings menu, leave all the toggles set to off to prevent file transfers, copy/pasting, and other actions between the local computer and the isolated session.
In the “Regions” settings menu, select the appropriate Isolation location based on your organization’s needs. The available isolation locations may vary depending on the Zscaler cloud used by your organization.
In the “Isolation Experience” settings menu, select the “Native Browser Experience” for a seamless user interface. Note that customization options for the Isolation Banner may vary depending on your organization’s branding requirements.
After clicking “Save,” you will have successfully configured a Cloud Browser Isolation profile. Remember that this profile can be reused for different purposes as needed. For the next component of our solution we will need to configure the Cloud App Control Policy for Google Drive.
To configure a Cloud App Control policy, navigate to the Policy menu in the ZIA Admin interface and click URL & Cloud App Control under the Access Control heading. Select the “Cloud App Control Policy” tab and click the “Add” dropdown to begin configuring a new policy.
For this demonstration, we’ll choose the “File Sharing” category as the policy type. Provide a meaningful name and set appropriate rule labels for your organization.
