Audit Google Drive

Debasish Pramanik | December 5th, 2017 | Audit

With the adoption of Google For Work (Gmail, Google Drive, etc) by the organization of all sizes, the business users are getting used to the notion of cloud office. The cloud office ensures that the user’s data is not limited to the physical perimeter of the organization and can be made available irrespective of location, device or time zone. It also ensures business continuity even in case of disaster.

The users are not only using cloud office for messaging but also using the capabilities of collaboration through cool features of Google Drive for business documents purpose. More and more users are getting transitioned to the Google Drive because of its user experience and capabilities. The biggest advantage being the availability of these documents from anywhere and another being sharing of the document no longer means attaching the file in email or uploading to the FTP site. Sharing of the document has become simple through a single click.

Security Risk

As business users are using more and more Google Drive for their collaboration of documents it becomes imperative for the IT team of the organization to ensure regulatory compliance is taken care.

Content Compliance

Organisations based on their business need to categorize documents either as important or confidential or internal etc. The IT team based on the categorization details would like to identify such documents. The criteria could be the documented having:

  1. Financial details
  2. Product Roadmap
  3. Personal Information
  4. Health Information
  5. Business Plan
  6. Proposal
  7. Customer List
  8. Prospect list
  9. Product internal details
  10. Acquisition & Merger details

The IT could further categorize into a granular control such as Personal Information can be categorized as the credit card, social security number etc.

Sharing

Google Drive allows the users to share the document to other users within and outside the organization. It is important for the IT team to ensure documents are shared with right individuals whether inside or outside the organization. The various information that IT team would like to know from the security point of view.

  1. Document shared by user
  2. Document shared by user with users across different organization unit
  3. Document shared by user with users outside the organization
  4. Document shared by users with outside users on their consumer Gmail

This information is very important as this can help the IT team of identifying or determining the occurrence of data leakage from the organization.