This is the fourth installment of the From Arthur’s Desk series discussing such topics as data loss prevention, compliance and governance and more.
One of the great qualities of Google Apps is that users can do a lot of useful things very easily with it. For example, in Google Drive it is incredibly simple to create a file, share it with a collaborator, and jointly edit it. All without attaching it to an email, sending it back and forth, saving to a shared drive, tracking versions, or moving it to a file-sharing app.
Another is that it is source of very useful data. Google Apps metrics, when processed in the CloudLock application, help encourage and optimize usage. And they ensure that the usage is secure. This is a big deal and it is only practical in the cloud. These metrics give IT exceptional insight into business processes and provide Security with precise analytics for risk-based controls.
Here are some examples, taken from our experience at CloudLock.
The dashboard below shows an inventory of the files and the sharing profile for a company using Google Drive. The numbers of files tell a story about whether employees are realizing the full potential of Drive or not. In this case, the ratio of native to non-native files shows us they are not. At 80% non-native (that is MS Office and PDF’s) and 20% native (Google Docs) it is evident that users of over-utilizing Drive as a storage device and under-utilizing it for collaboration. We know this because CloudLock’s aggregated statistics tell us that the average for users of Google Drive is 70% non-native, 30% native: there is a 10% delta that represents a measurable gain in collaboration. For mature users of Google Apps, the ratio of native to non-native is even higher, reflecting the migration of collaboration behavior to the cloud.
This is further confirmed by the external sharing number. Only 5% of files are shared externally, even though the average is around 10% across our customer base. This component of the collaboration index is low; users are missing out on the collaboration potential of Google Drive. In fact, when this figure is low, it sometimes indicates that risky behavior is taking place outside the Google Apps environment. This company is revisiting its training and change management, to let users know they have collaboration options available to them that they are not utilizing…options that will simplify their work and make them more productive. This will help the enterprise capture more of the ROI from Google Apps, with a sound balance of risk and reward.
In the second example, you can see that 11% of files have been shared with all employees of the domain. That is, every single employee of this company now has access to 11% of the company’s files, irrespective of the sensitivity of the file or the employee’s need to know.
This sharing profile is a striking example of sprawl, since large companies tend to manage the number of files shared with all employees to less than 3%: outside of training documents, there are few files that should be shared this widely. And risk, which is a function of behavior and numbers, rises with sprawl, since more data is closer to more externalization pathways. Note that these employees still have access to all the traditional (mail, USB,BYOC) means of externalizing data, so in effect the volume of data they can compromise has gone up with no corresponding reduction in the ways they can compromise it.
The solution in the case of this company was simple and effective. File owners were automatically notified by CloudLock of which files violated a sprawl policy and asked to change the sharing permissions. Compliance was quickly restored, without disruption of business processes or IT intervention, and it was sustained. Similar examples of measurements of this kind supporting risk-based decision making and remedial actions also apply for other sharing activities, such as public, outbound and inbound. This is the beauty of coupling the cloud with a cloud data protection sensor: the centralization and simple policies lead to rapid and meaningful security wins.
Google Apps is rich with metrics for analysis, decision-making, and security that is not available in the on-premise data center. The architecture of Google Drive, augmented by CloudLock, gives you metrics that are associated directly with usage and risk. They can be acquired quickly and comprehensively, without abstraction, from users and collaboration activity. This means they provide straightforward support for assessing whether: utilization is optimal, for productivity and ROI purposes; and safe, for compliance, data protection, and governance purposes. Once the assessment is done, controls on CloudLock help you encourage adoption and remediate risks in accordance with the metrics in your dashboard.
Read more of the “From Arthur’s Desk” blog series:
- From Arthur’s Desk: A Data Breach Prevented in Time (August 8, 2013)
- From Arthur’s Desk: The Moving Target of Compliance and Governance (August 19, 2013)
- From Arthur’s Desk: Metrics and Rick-Based Data Security (September 18, 2013)