How to Monitor Google Drive Uploads from Corporate Endpoints

Insider theft and misuse are a major area of concern when it comes to protecting information and complying with security standards and legal requirements. Cloud-based file storage services are very popular especially for consumers who use them to store their personal files. In many cases, employees use cloud synchronization services at work as well. This creates the premises for potential incidents that may lead to data loss: disgruntled employees using such services to steal information, or employees who just want to take some work at home. Google Drive is one of the cloud-based file storage services widely used in corporate environments.

The ability to monitor uploads going out from corporate environments is critical for any data security strategy.

In this article, we demonstrate how to monitor Google Drive uploads using some of the exciting features included in the upcoming version of TEMASOFT FileMonitor.

There are two main ways to upload files to Google Drive: one by using the Google Drive client, installed on the machine, and the other by using Google Drive’s web interface.

1. Monitoring uploads by the Google Drive client

Each client uses a synchronization folder, meaning any file in the folder gets uploaded if it does not exist in the cloud sync folder already. So, we are interested in any file being copied or created there. For this, we configure TEMASOFT FileMonitor to watch the folder for “file create” and “file copy” operations, using an “event reaction policy.” In addition to this, we are also going to watch the file read operations carried out by the Google Synchronization Service irrespective of file origin, in case users configure different paths for the default sync folder.

As a side note, there is no straightforward way to enforce usage of a particular sync path for the Google Drive client, as users log onto their Google Drive accounts, and therefore can configure any folder as sync folder if they have enough rights.

In the last step, we exclude the file reads from paths like the Google Drive installation directory and associated temporary folders to reduce noise.

These configurations go into the filter of the rule. The rule in the screenshot tags as “Google Drive Upload” all such operations but it can also be configured to send email alerts for any such event, or threshold-based when a certain number of matching operations occur within the given period.

2. Monitoring direct uploads by the browser (accessing drive.google.com)

Users can perform uploads using the browser, without installing the Google Drive client. While TEMASOFT FileMonitor 2016 is already able to detect file uploads via the browser, the next version will also be able to retrieve the URL of the destination server.

This new feature lets users track Google Drive uploads using browsers in a very easy manner, by filtering the data views and reports or create “Event Reaction Rules” to tag or alert.

3. Presenting the data

The Google Drive uploads can be monitored using the product’s Data Viewer, or by running reports.

In the Data Viewer, with tagging rules configured, only add the “Tag” column and filter its contents to include the Google Drive Upload tag. The columns of the view can be configured as needed (excluded, included or filtered). The views can be saved for later use.

Viewing uploads by browser to drive.google.com:

Viewing Google Drive client uploads

Similarly, a report can be created that includes all this information, and it can be executed on demand, or scheduled on a regular basis with results emailed to the configured mailbox.

Conclusion

The new version of TEMASOFT FileMonitor offers critical details to understand how Google Drive is used by companies, hence it helps reduce the risk of data leakage by keeping IT administrators informed and also helps consolidate data security strategies.

For more information about the next version of TEMASOFT FileMonitor and how it can also track other file sharing services like Dropbox or One Cloud, follow us on LinkedIn or subscribe to our newsletter.