đź“– 2 mins read

Install GAT (Google Staff pick) and a variety of other audit tools of your choice.

Many Admins test audit tools by looking from a domain-centric view only.

For example, they check for files shared out but perhaps overlook that a file shared in with edit rights in could be a bigger potential leak point.

When testing we advise Admins to look at the following scenarios…

Create three test accounts, two internal to the domain, one external. An ordinary Gmail account is good for external.

Create a variety of docs and folders in each account.

From the domain, accounts share out some files, some public, some public with a link, some directly to the Gmail account, and in different ways, by repeating the shares as read-only files and edit enabled files. Also, make some internal shares.

Next, repeat the steps from the Gmail side.

Pick up the public and the direct shares from Gmail and open the files.

Run your audit to ensure all tools should pick up the file shares. Most audit tools pick these up.

Now start to make changes to the file contents.

Rerun the audit, see how many changed files you can detect with the audit tool.

Why is this important? Because a file shared in, that when first detected contained a soup recipe can be changed later to contain a secret sauce formula – you need to know about this.

Also, remember a file shared into a domain with edit enabled to the internal users of the domain is like a stranger coming up and plugging in a network cable to your main network switch and you don’t know where it’s going, except it is out the window.  External edit enabled files are as dangerous as files shared out – you need to know when these files change. IF you allow files to be shared into your domain you have NO control over the sharing rights!

Now start deleting the shared files and/or delete links.

Delete some of the files shared into the domain from the Gmail side.

Also, delete a different set of files shared in from Gmail the domain side (but leave on Gmail).

Delete folders of docs, or folders of shared files, both from the sharer and the shared to perspective.

Track the changes in the audit tools.  You want to make sure each tool can follow the changes accurately.

While doing this measure the time it takes each tool to perform the audit refresh.

If you try these few tests out we would love to hear how the tools performed and in particular how our tool performed in your environment and if there is anything you think we need to fix or improve.

Notes for testers: To refresh GAT you must log out and back in. GAT automatically runs a refresh on login.

It can sometimes take Google a few minutes to update the metadata of a changed file. You need to make allowances when testing for changes.

Thanks for sharing and spreading the word!