With the adoption of Google For Work (Gmail, Google Drive, etc.) by the organization of all sizes, the business users are getting used to the notion of cloud office. The cloud office ensures that the user’s data is not limited to the physical perimeter of the organization and can be made available irrespective of location, device, or time zone. It also ensures business continuity even in case of disaster.
Google Drive
The users are not only using cloud office for messaging but also using the capabilities of collaboration through cool features of Google Drive for business documents purpose. More and more users are getting transitioned to Google Drive because of its user experience and capabilities. The most significant advantage being the availability of these documents from anywhere, and another being sharing of the document no longer means attaching the file in email or uploading to the FTP site. The sharing of the document has become simple through a single click.
Security Risk with Google Drive
As business users are using more and more Google Drive for their collaboration of documents, it becomes imperative for the IT team of the organization to ensure DLP regulatory compliance is taken care of.
Content Compliance
Organizations based on their business need to categorize documents either as essential or confidential or internal etc. The IT team based on the categorization details would like to identify such documents. The criteria could be documented having:
- Financial details
- Product Roadmap
- Personal Information
- Health Information
- Business Plan
- Proposal
- Customer List
- Prospect list
- Product internal details
- Acquisition & Merger details
The IT could further categorize into a granular control such as Personal Information that can be classified as the credit card, social security number, etc.
Sharing
Google Drive allows users to share the document with other users within and outside the organization. The IT team needs to ensure documents are shared with the right individuals, whether inside or outside the organization. The various information that the IT team would like to know from the security point of view.
- Document shared by user
- Document shared by the user with users across different organization unit
- Document shared by the user with users outside the organization
- Document shared by users with outside users on their consumer Gmail
This information is essential as this can help the IT team of identifying or determining the occurrence of data leakage from the organization.