Traditionally, IT audits are performed to identify risks, provide assurance of controls, meet internal governance policies, and ensure regulatory compliance. As data created and stored in Google Docs faces the same regulatory scrutiny and data protection challenges as on-premise data, being able to audit Google Docs is a necessary process for companies using the Google Apps collaboration suite. The following guide details how to reduce risk and strengthen IT controls with the auditing features in CloudLock Security for Google Docs.

This guide is organized into three sections:

1. End-user auditing: Auditing changes in permissions done by end users
2. Privileged user change auditing: Auditing changes made by CloudLock users
3. Privileged user search auditing: Auditing searches performed by CloudLock users

Focused on security and compliance, CloudLock Security for Google Docs provides a proactive and automated approach to auditing, automatically performing a full audit of all actions performed through its interface. All actions are recorded chronologically with all the relevant details associated with each activity. Every audit entry includes:

• User performing the operation
• Type of operation performed
• Date and time
• Status

The audit log is tamper proof and can be exported for further processing and analysis.

In this guide we will review in detail all the actions audited via CloudLock. In general, CloudLock provides auditing for all actions performed via the CloudLock application as well as permission changes performed natively in Google Docs by document owners and collaborators.

End-user auditing

Auditing changes made to sharing permissions by end-users is a critical function for both securing sensitive information and compliance with regulatory requirements. For more information on how CloudLock addresses regulatory requirements, see “Compliance and Governance for Google Docs.”

With CloudLock, each time an end-user changes permissions on a document, the change is recorded in the audit log. Changes that affect risk and exposure are also highlighted in a periodic alerting feature. These alerts summarize any changes to:

• Public Exposure – Documents that are exposed to everyone on the Internet
• External Exposure – Documents that are exposed outside the domain
• Internal Exposure – Documents that are shared with everyone in the domain

Example audit log entry for document permission changes:

Example audit log entry for exposure alerts:

Privileged user change auditing

In addition to auditing permissions changes by end-users, CloudLock also maintains an audit trail for CloudLock users. The following CloudLock user types are available:

• Administrator – Has full control to view and perform all actions available via CloudLock. CloudLock administrators are not required to be Google Apps domain administrators.
• User – Can view all the meta data in CloudLock but are restricted from performing actions.
• Help Desk – Can view all the meta data in CloudLock and can only perform transfer of Ownership tasks

Each role can be allowed or restricted from performing domain wide searches.

CloudLock domain administrators can perform the following actions, and are automatically recorded in the audit log:

1. View documents - This feature allows inspection of documents for compliance and verification of content. Since CloudLock allows administrators to view all documents (even those that they are not shared on), this action is recorded in the audit log.

View document action:

Example audit log entry for view document action:

2. Copy Documents - This is used to change ownership of externally owned Google Documents to protect and secure IP and sensitive data

Copy documents:

Example audit log entry for copy documents:

3. Access and permission management – CloudLock allows changes to permissions on a single document or in bulk, and all changes are recorded in the audit log. These changes include:

• Permissions Changes
• Add/ Remove Collaborators
• Remove Public Sharing
• Remove Everyone Sharing

Access and permission changes functions:

Example audit log entry for removing “Everyone” sharing on selected documents:

Example audit log entry for transfer document ownership:

5. User role changes – CloudLock’s Role Based Access Control (RBAC) creates a flexible framework to assign CloudLock users that should not have full domain administrator access. Monitoring these role changes ensures alignment with governance and best practices.

CloudLock’s Role Based Access Control:

Example audit log entry for user role change:

Privileged user search auditing

Domain wide searches – Allows designated users to perform a keyword search to find all relevant documents. CloudLock’s advanced search capability searches the entire domain for documents by any attribute (names, owners, shared with, type, exposure etc.).

An example of an audit entry for search:

Conclusion:

Companies using Google Docs need the ability to assess risks, meet regulatory and governance requirements that CloudLock’s auditing capabilities provide. With CloudLock’s proactive and automatic approach to auditing, companies using Google Docs get a comprehensive record of all business-critical actions performed by both end-users and CloudLock users.