Google Workspace Auditing – how to do it right?
There is no doubt. Auditing your domain is highly necessary, Google Admin.
Even if you have the latest software and devices, you still need to take a moment from time to time to audit (and secure) your entire Google Workspace environment. This way, you will detect possible vulnerabilities, optimize productivity, and ensure data integrity.
A regular check should contain, among other things, file-sharing collaboration, access control, user accounts, and third-party applications.
As the scope of the audit is quite wide, you can wonder when to start.
In this post, I’ll share a roadmap to effective data management and auditing of your Google Workspace domain so you don’t waste too much time along the way.
1. Security Audit
If you’ve followed the previous steps to properly audit the Google Workspace domain, you have already done some of the work. Cloud data security manifests itself in Drive file sharing, user permissions as well as in email settings.
However, these are internal reasons for security breaches, while the most common data leaks are caused by an outsider attack. Among these, phishing is the most popular cybercrime, so it’s extremely important to set up an anti-phishing policy for emails in your domain. Google admin can respond very quickly and effectively to these incidents using the tool which finds phishing emails and remove them in real time.
On the other hand, to identify security breaches on time, try automated real-time alert rules to detect suspicious files downloaded by users, browser searches, devices where a Google account is used, specific words in Google Docs, and so on. A Google admin can customize these for an entire organization, a specific group, or a user.
2. User Audit
Our next stop on the road to a successful Google Workspace audit is to take a closer look at your users. You’ve already seen their access permissions during the Google Drive audit in the previous step.
But beyond auditing user access, there is much more to check to call it a day, Google admin.
I’m talking about a point on our audit map you should never miss – updating user data anytime it’s needed.
If you need to edit user details, take a shortcut and use the GAT+ capability.
The tool gives you direct access to any user account and allows you to make many changes: adding to groups, setting user signatures, adding aliases, phones, and addresses, setting passwords, and email forwarding, among others. All modifications will be made from the same place – in the “Users” tab available on the left of the dashboard.
The good news is – to create a new user, we can remain in the same dashboard. In a few steps, Google admins can add a new user to the domain and fill the new account with the same kind of data they can add to the profiles of existing users.
Ideally, you should update user data in real time. For detailed information on auditing user data at any time with GAT Flow see our Knowledge Base.
If you prefer watching instead of reading, I recommend this short video. I assure you it covers all the basics you need to know about auditing Google users with GAT tools.
Finally, when auditing your users, don’t forget about checking their password activity: password changes, login attempts (including failed ones), and logins from unexpected areas.
Another important area to audit is user online activity. Read this post to see if you’ve applied the eight ways to secure your users in the Google Chrome browser.
3. Drive Audit & Drive Folder Treeview
Let’s continue our Google Workspace audit with an overview of your folder and file structure.
There is nothing like a treeview of all Drives in your domain – your Drives, shared Drives, and external folders.
It will help you identify some obstacles in our audit way, such as unnecessary folders, unknown files that should be deleted, or unwanted user permissions.
Google Drive Folder tree is easily accessible in GAT+. There you can see a detailed view of each folder’s metadata and a list of files. The admin (or delegated auditors) can furthermore simply navigate down the tree and individually export each file list and shared Drive content to Google Sheets.
Once you have a view of the Drive folder tree, you can realize what your next steps will be to audit your domain. You may have noticed the need of:
- Clearing out MyDrive clutter
- Restructuring shared Drives
- Copying Drive files and folders
- Changing the ownership of files or folders
- Removing access rights for a user
- Setting up alerts for sensitive information and locking files that contain it
- Securing Drive file external sharing
- Other points to improve on your Drive
If you want to dive deeper into auditing Drive for Google admins, read this blog post.
4. Email Audit
How is your audit journey going so far?
OK, now it’s time to analyze the emails in your Google domain.
We will stop at the “Email” tab which you can localize in the same left sidebar in GAT+ as the “User” tab. There, you will gain insight into content and statistics of all users’ emails.
Google admins can apply different filters to search emails for a specific period, user, email size, email subject, etc. User statistics will show all the user’s sent and received emails. The tool will also tell you, based on the emails, which users are external (outside your domain) and which are suspended.
It will let you review all email settings, detect potential phishing and spam and evaluate email communication in your domain.
To make your work easier and faster, schedule regular email audit reports on a weekly, monthly, or other basis.
5. Apps Audit
When auditing Google Workspace, don’t forget about third-party applications that your users may have installed on their devices.
By installing these apps, the users grant access to manage specific data. You can audit if they aren’t sharing any sensitive information and if this complies with your Google domain security policy with GAT+.
There are a few simple ways to do this regularly and seamlessly:
- Viewing the Applications audit section, which gives an overview of all third-party apps, the number of users who have installed them, the apps’ scope risk score, etc.
- Setting alerts for newly installed applications, which allows you to control them automatically
- Banning an application for a specific user, group, or OU in order to block access of the 3rd party app to your APIs
In addition, your users should be aware of controlling permissions they give to a new app. Sometimes during installation, they can choose the range of access they are sharing. By default, some apps receive too much user information that they need to work properly. An overprivileged app, requesting more access privileges than necessary, creates a risk of security breaches.
This is why it’s so important regularly check the permissions of applications.
Lastly, let’s add the icing on the cake: between every audit, you should regularly monitor and update your domain. No Google Workspace audit will guarantee you complete security if you don’t keep an eye on your domain daily.
Top-rated Google auditing and monitoring tools will help you with carrying out this task, automating and organizing your job to give you peace of mind.
Stay in the loop
Sign up to our newsletter to get notified whenever a freshly baked blog post is out of our content oven.