Auditing Google Drive

Debasish Pramanik | March 29th, 2016 | Articles

With adoption of Google For Work by organisation of all sizes the business users are getting used to the notion of cloud office. The cloud office ensures that the user’s data is not limited to the physical perimeter of the organisation and can be made available irrespective of location, device or timezone. It also ensure business continuity even in case of disaster.

The user’s is not only using cloud office for messaging but also using the capabilities of collaboration through cool features of Google Drive for business documents purpose. More and more users are getting transitioned to the Google Drive because of its user experience and capabilities. The biggest advantage being availability of these documents from anywhere and another being sharing of the document no longer means attaching the file in email or uploading to FTP site. Sharing of document has become simple through a single click.

Security Risk

As business users is using more and more Google Drive for their collaboration of documents it become imperative for the IT team of the organisation to ensure regulatory compliance is taken care.

Content Compliance

Organisations based on their business need categorize documents either as important or confidential or internal etc-etc. The IT team based on the categorization details would like to identify such documents. The criteria could be document having

  1. Financial details
  2. Product Roadmap
  3. Personal Information
  4. Health Information
  5. Business Plan
  6. Proposal
  7. Customer List
  8. Prospect list
  9. Product internal details
  10. Acquisition & Merger details

The IT could further categorize into a granular control such as Personal Information can be categorized as credit card, social security number etc-etc.


Google Drive allows the users to share the document to other users within and outside the organisation. It is important for the IT team to ensure documents are shared with right individuals whether inside or outside the organisation. The various information that IT team would like to know from security point of view

  1. Document shared by user
  2. Document shared by user with users across different organisation unit
  3. Document shared by user with users outside the organisation
  4. Document shared by users with outside users on their consumer gmail

This information is very important as this can help the IT team of identifying or determining occurrence of data leakage from the organisation.