Google Drive Auditor

This is the project page for:
Our Google Drive Auditor (part of G-Suite), as of summer 2017, is looking for beta test partners. It is focused on finding things in Google G-Suite that breach GDPR regulations and enabling you to report this within the 72 hours available.
What is Google Drive: Google Drive is a file storage and synchronization service created by Google. It allows users to store files in the cloud, share files, and edit documents, spreadsheets, and presentations with collaborators.
https://en.wikipedia.org/wiki/Google_Drive
Why run this? This software is designed for risk owners, or senior information risk owners (SIRO). They can quickly look at and understand the level of risk associated with the document share capabilities within Google Drive.
How often does this test?  All the time, it continuously updates and checks what sharing is going on, and makes a drill down report page available whenever you log in.
What do I get?  From the main web page you can see the following clearly:
  • Items shared on the web and searchable by anyone. Now, this may be a good thing when sharing invitations, event data, or product FAQ’s, but it may not!
  • Items shared on the web which can only be located with a URL/link. Do you know what is “out there” from your domain, either in a good way, accidentally or perhaps shared on purpose?
  • Items shared with everyone in your domain, much the same as above,
  • Items shared into your domain. The issues here are a breach of IPR (Intellectual property rights) and much more. This is what we report on with GD Audit.
With GD Audit you can filter out the domains and email addresses of suppliers and others you are content to share with, making it the perfect baseline Google Drive share audit tool.
FYI Stuff:
  • This is not a free service, however, it is in test and we are happy to work out a mutually acceptable payment. In short, this is hosted in Google’s app’s developer’s system and we incur charges for running and indexing your domain to run this project. This server is hosted in the UK.
  • We only collect Metadata – not the content of documents. However, this will include the document names, these are not shared beyond our report back to you.
Code builds from Sept 2014 and ongoing, running on Google, using PHP and HTML5, works by Ben H & @cryptomoose
1ucr1-long

 

SaveSave