How important is it to audit your organization’s Google Drive?
January 11, 2018 | Adya
Auditing is a critical activity which most organizations take up as a regular security practice. It helps in ensuring that there is no breach in the security of the data and that conventions are in place for how data is shared and accessed. Like auditing of accounts, it is very important for you to audit access to your critical data – especially that which is saved in the cloud. Your data may be vulnerable and you might not know who has the access to your data and how exposed you may be.
A very common practice that may also be in place at your organization is the sharing of files/ presentations/ documents with other members of your organization as well as with your clients and partners. But note that when you choose to share those Google drive links to folks outside your organization, you may be sharing your data with up to 800 million eyeballs!
This raises the oft-repeated question, which has been asked ever since the introduction of cloud-based file storage services like Google Drive, – “How secure is my data?”. From large multi-million dollar corporations to smaller startups, organizations are now concerned with the safety of their data. Fortunately, there are tools in the market to audit your drive and help you evaluate your data exposure? These tools are not just limited to one-time auditing and highlighting exposed data but also helps you protect your data from theft, alert you from malicious attempts and even provides you governance over the visibility of the data.
Before we dive in deeper to the many ways of protecting your sensitive data, here are some common questions on Google Drive Auditing:
- When should you perform an Audit?: There are two recommended models organizations follow, one is Schematic fixed interval audits and the other is Ad-hoc audits. The Schematic fixed interval audits are planned in predefined intervals, based on the size of the organization as well as the volume of data, for small sized organizations these audits should be done once every 120 days or so, but for large sized corporate setups these audits should be carried out as frequently as once every month. While the number of files that are share outside the organisation is critical, the volume of data shared is the driving factor for threats. In contrast to Schematic audits, Ad-hoc audits should be carried out as random security scans/checks by the organization.
- Who is a threat to your data?: Threats can come from anywhere. It might be from your competitor attempting phishing, your employees to steal confidential information, or might be your trusted employee/ ex-employee. Read more about different security threats in our recent article.
- Who should perform these audits: Ideally these audits should be carried out by trusted IT managers or G-Suite Admins of the organizations. The report should be carefully examined and the corresponding actions should be taken. In addition to this, the audits should be logged and maintained for future references.
- What if your data is exposed to strangers: In such cases, the access to the unwanted guests should immediately be terminated and reported to the concerned team. With specially crafted Google Drive auditing tools from Adya, you can not just audit your Google Drive, but also control permissions. Adya helps you assess who can access and who is accessing your data. Adya also helps you in surveillance of your data to notify you in cases of malicious attempts of thefts and attacks.
While the newer cloud file storage solutions are very easy to use, they make it too easy to share data widely and sometimes indiscriminately. , Companies need to take the governance and auditing of data is in their own hands and one should be wise in choosing the correct auditing platform to ensure access to sensitive data is protected.