Categories: Blog

How to Monitor Google Drive Uploads from Corporate Endpoints

Insider theft and misuse are a major area of concern when it comes to protecting information and complying with security standards and legal requirements. Cloud-based file storage services are very popular especially for consumers who use them to store their personal files. In many cases, employees use cloud synchronization services at work as well. This creates the premises for potential incidents that may lead to data loss: disgruntled employees using such services to steal information, or employees who just want to take some work at home. Google Drive is one of the cloud-based file storage services widely used in corporate environments.

The ability to monitor uploads going out from corporate environments is critical for any data security strategy.

In this article, we demonstrate how to monitor Google Drive uploads using some of the exciting features included in the upcoming version of TEMASOFT FileMonitor.

There are two main ways to upload files to Google Drive: one by using the Google Drive client, installed on the machine, and the other by using Google Drive’s web interface.

1. Monitoring uploads by the Google Drive client

Each client uses a synchronization folder, meaning any file in the folder gets uploaded if it does not exist in the cloud sync folder already. So, we are interested in any file being copied or created there. For this, we configure TEMASOFT FileMonitor to watch the folder for “file create” and “file copy” operations, using an “event reaction policy.” In addition to this, we are also going to watch the file read operations carried out by the Google Synchronization Service irrespective of file origin, in case users configure different paths for the default sync folder.

As a side note, there is no straightforward way to enforce usage of a particular sync path for the Google Drive client, as users log onto their Google Drive accounts, and therefore can configure any folder as sync folder if they have enough rights.

In the last step, we exclude the file reads from paths like the Google Drive installation directory and associated temporary folders to reduce noise.

These configurations go into the filter of the rule. The rule in the screenshot tags as “Google Drive Upload” all such operations but it can also be configured to send email alerts for any such event, or threshold-based when a certain number of matching operations occur within the given period.

2. Monitoring direct uploads by the browser (accessing drive.google.com)

Users can perform uploads using the browser, without installing the Google Drive client. While TEMASOFT FileMonitor 2016 is already able to detect file uploads via the browser, the next version will also be able to retrieve the URL of the destination server.

This new feature lets users track Google Drive uploads using browsers in a very easy manner, by filtering the data views and reports or create “Event Reaction Rules” to tag or alert.

3. Presenting the data

The Google Drive uploads can be monitored using the product’s Data Viewer, or by running reports.

In the Data Viewer, with tagging rules configured, only add the “Tag” column and filter its contents to include the Google Drive Upload tag. The columns of the view can be configured as needed (excluded, included or filtered). The views can be saved for later use.

Viewing uploads by browser to drive.google.com:

Viewing Google Drive client uploads

 

Similarly, a report can be created that includes all this information, and it can be executed on demand, or scheduled on a regular basis with results emailed to the configured mailbox.

Conclusion

The new version of TEMASOFT FileMonitor offers critical details to understand how Google Drive is used by companies, hence it helps reduce the risk of data leakage by keeping IT administrators informed and also helps consolidate data security strategies.

For more information about the next version of TEMASOFT FileMonitor and how it can also track other file sharing services like Dropbox or One Cloud, follow us on LinkedIn or subscribe to our newsletter.

This post was last modified on August 21, 2023 7:27 am

Calin Ghibu

Technical background: over 15 years experience in testing, developing, researching and managing network security solutions. Currently focusing on information security and IT management. Specialties: Network audit, information security, web security, endpoint security, perimeter security SIEM, legal compliance, competitive intelligence.

Share
Published by
Calin Ghibu
Tags: filemonitor

Recent Posts

The Role of File Monitoring Solutions in Maintaining File Integrity

In the digital world, information is often stored and transferred through files. From the most…

May 12, 2023

Guide to Conducting an Efficient File Access Permissions Audit for Admins and Technology Managers

Introduction Data security is more important than ever in today's fast-paced digital world. One critical…

April 9, 2023

File Integrity Monitoring: What It Is and Why It Matters

Introduction: Cyber threats are a growing concern for businesses and individuals alike. With the increasing…

March 5, 2023

Monitoring Essential Microsoft IIS Server Configuration Files for Enhanced Security

Microsoft Internet Information Services (IIS) is a popular web server that is widely used to…

February 25, 2023

Tracking file changes helps admins solve server configuration problems

File tracking is an important aspect of server administration, and it can help administrators detect…

February 1, 2023

Three reasons why admins should use file monitoring solutions

File monitoring solutions are essential tools for administrators to manage and protect their organizations' data…

January 6, 2023