Are Your Users Letting Data Thieves in Through the Front Door?
When most organizations think about protecting files in Google Drive, they focus on Google’s security certifications, whether or not to allow external sharing, and setting up groups to make assigning permissions easier. Too often, they fail to consider the bigger risks to data: users and apps.
Users typically have the ability to share Drive content within your domain and externally. A simple user error (and the occasional intentional act) can expose sensitive data, creating headaches and potential liabilities.
Apps, whether browser extensions or on smart phones, can be installed by your users without your knowledge. These apps often request broad access to data ranging from contact lists to Drive content and can expose data before you know the apps even exist. Human nature tells us that if person wants an app, they “Allow” and “Accept” without necessary reading or understanding the permissions being granted.
Critical to securing data in Drive, organizations should monitor and manage both user permissions based on policies and content and third-party apps with access to data. An understanding of the access granted each App and whether others have deemed the App trustworthy, gives you the power to allow Apps that help your team work efficiently while blocking Apps that pose too much risk.
The First Step to closing user sharing and Apps permission risks is to audit and assess your environment. Audit user assigned permissions and third-party Apps with access and review the results for potential data security issues.
With an understanding of the scope of your risk, you can best decide if you should further investment in your Google Apps ecosystem.
In partnership with CloudLock, we are offering great discounts on our Google Apps Risk Assessment service. Normally a $1,000 per audit service, we will examine collaboration and permission settings as well as the 3rd party Apps that already have access to your domain for $300 or less.
Contact us for more information or to request a formal quote.