Data Loss Prevention

Hello,

Can anyone provide a documentation on how DLP can discovery and prevent any misused of confidential data in google drive?

Do I use DLP for Cloud or DLP endpoint is already enough to protect my confidential files in the cloud?

What settings and considerations should be taken to successfully implement it?

Thanks

Hi,

If you want to protect the files in the cloud, the best way is to not let them in the cloud at all... it entirely depends if you have control of the data once it's been transferred to Google Drive. In most cases, you'll have very little and the best method of preventing it is with the DLP Agent.

You can add the Google Drive Sync executable to Application File Access Control (AFAC) in the Agent Configuration to monitor/blocking it accessing data as per configured policies. Make sure if the googledrivesync app created the directory that is being sync'd to the cloud, it's got security permissions for SYSTEM on the folder - as the application doesn't grant access natively.

You can also monitor/prevent uploads to Google Drive via Browsers, however you'll want to upgrade to the latest version with recent maintenance pack (v14.5 MP1), as this has fixed a bug recently to do with these uploads.

Hi Dean, 

Thank you for the response. So if I use DLP endpoint discover and prevent all it can do is to monitor and prevent access to google drive?

What if the files are already in the cloud (google drive)? How does DLP helps? Read an article about DLP cloud which can help me monitor and prevent confidential files in gmail. Do i still need to have the DLP cloud if i already have DLP endpoint?

THanks

Hello,

Your understanding is right. If the files are already in google drive or gmail  you can't prevent from being disclosed.

DLP Symantec offers more "protection" to Box Cloud Storage (discovery capabilities for enterprise accounts).

Check more details here:

https://www.symantec.com/content/dam/symantec/docs/data-sheets/data-loss-prevention-cloud-en.pdf

BR,

Morgado

pfernando,

For files already in Google Drive, the only way (currently) you can discover/scan them is if they are sync'd locally using Google Drive Sync and then you run an Endpoint Discover scan on that folder (by default "C:\Users\Google Drive" - make sure SYSTEM has permissions to read it as it doesn't automatically). There is no DLP Cloud Service for Discovery support for Google Drive at the present time.

For monitoring/preventing files that are yet to be uploaded to Google Drive, the DLP Endpoint Agent can provide visibility/blocking.

Hope this clears it up.

Hi Morgado,

Thanks for the response. Im just a bit confused on what DLP function will I use on this scenario.

I want to limit the end users to upload a confidential file to gmail account, or share it using google drive. Users are allowed to use gmail and to store on company's google drive but I want to prevent them from sharing it to their personal google drive.

Will I be needing DLP endpoint, network and cloud at the same time? 

THanks

Here is how I would break it down per vector for version 14.5.

Endpoint - Select the “Application Monitoring” channel for monitor since it includes Google Drive. This will allow you to prevent sensitive file uploads and it covers the following applications; Box, Dropbox, Google Drive, HighTail, iCloud, Microsoft OneDrive, Microsoft Skydrive. I would also suggest monitoring all web browsers and HTTPS traffic so you can see uploaded via a web browser.

Network - In order to see Google Drive HTTPS traffic you would have to be integrated with a web proxy to see HTTPS traffic via Web Prevent. The issue here is that some proxies have issues intercepting Google’s HTTPS traffic and if a user is off the corporate network the traffic may bypass the proxy.

Discover - This is a feature that hasn’t been released yet but once it is available you will be able to scan Google Drive for sensate files. The would require you to have an admin account for Google Drive so would only work for a corporate Google Drive deployment and not personal accounts. Now there is a work around if you run an Endpoint Discover scan and the Google Drive application is installed then you could scan the synced file to find sensitive files.

Overall your best approach is going to be Endpoint monitoring and stopping all new uploads to Google Drive. Also the Endpoint Discover scan may provide you with some insight into what users have synced via the Google Drive application. 

Thanks Hileman8.

I think that would not suit in our environment. Since we have gmail for email and google drive for a common repository of files. 

We can use endpoint monitoring but what if the employee is outside the network(let's say at home), employee can still access the confidential files that's already in the google drive and send it using gmail.

Would there be a solution for this? 

Hello pfernando,

Part of the protection that you are looking for already exists but for other cloud solution (Box.com) Recently, Symantec also announced that Dropbox.com will be also added. DLP Symantec didn’t integrate yet their solution with Gmail/Goole Drive. In future we will see more development at that level.

As it has been said before, for the time being you can only prevent documents to be synchronized or upload to Gmail/Google drive. You would need to configure the Cloud Storage in Application File Access and also the HTTP/HTTPs monitoring channels.

Concerning you problem, I believe you might get better luck investigating the native DLP solution for Gmaill and Google Apps. Check this Google whitepaper below.

http://services.google.com/fh/files/misc/gmail_dlp_whitepaper.pdf