Simulating Walled Gardens with G Suite Sharing and Directory Settings

As I mentioned in a post several months ago, the school district I work for recently underwent an audit specifically focused towards G Suite domain configuration in a K-12 setting.  I would like to give a quick shout out to Amplified IT, it was a great experience to work with a company so familiar with the unique needs of an educational institution.

As with the results and recommendations of any audit, there is a process for evaluating and prioritizing the remediation response.  A significant consideration in any school district is the ability to maintain safety for kids with the least possible adverse impact on the educational environment.  Below I will detail a couple specific changes made to our G Suite domain as part of our effort to simulate "walled gardens" for our younger students.  Please keep in mind, this is by NO MEANS an exhaustive list.

Specific service sharing settings for our primary and intermediate student organizational units (Pre-K through 6th grade) were verified and/or adjusted for several applications.
  • Calendar Sharing Settings 
    • External sharing defaults set to a maximum highest level of "Only free/busy information".
    • Internal sharing defaults set to "No sharing."
  • Drive Sharing Settings
    • Sharing outside the school district domain restricted to "whitelisted domains."
    • "Allow users in OU to receive files from users outside of whitelisted domains" checkbox de-selected.
    • Access Checker set to "Recipients only."
    • Distributing content outside set to "No one."
  • Google Takeout
    • Turned off in additional services for both primary and intermediate student OUs. 
Additional changes were also made to Directory settings to implement and configure custom directories.  Google groups were created based on OU membership, effectively creating groups of students based on grade level.*  Custom directories were created and applied to limit auto-population when sending emails or sharing files.

There is no way to eliminate all risk in any internet connected environment.  Instead, we must attempt to ensure the safety of students while still providing a technologically relevant learning experience.  Always remember who you are working with, and who you are working for, when determining your priorities.


*If you would like read up on the automation processes used to keep these groups current, check out the GAM project on GitHub.

Comments

Popular posts from this blog

Synthetics monitoring with New Relic for PowerSchool products

No, You Don't Need That Highlighter App (A discourse on Google for Education and FERPA)

I taught myself a thing today