Begin Scanning a Google Drive App

Add your Google Drive App to the Aperture service to begin scanning and monitoring assets for possible security risks.
To begin scanning a Google Drive app:
  1. Enable the privileges required for communication between the Aperture service and the Google Drive app.
    To establish communication between the Aperture service and a Google Drive app, confirm the following:
    • The Google Drive administrator account has administrative privileges to read, write, and relocate assets in the app.
    • The app is enabled for API access. API access provides visibility into the assets in Google Drive and allows the Aperture service to monitor the sharing of assets.
    • Ensure that the Google administrator email domain matches the existing domain in Aperture. For domain exceptions, contact customer support.
  2. Add the email address of the Google Drive administrator to the Aperture service.
    You must add the email address as an administrator and assign a super admin role, before you can connect the Google Drive app to the Aperture service, see Add Aperture Administrators.
  3. Add the Google Drive app.
    1. From the Aperture Dashboard, Add a Cloud App.
    2. Select Google.
      google-tile-frame.png
    3. Enter the email address for the Google account with administrative privileges and Connect to Google Account.
      google-drive-enter-email.png
      if you missed adding the email address of this administrator account to the Aperture service, an error message informs you that the email address is invalid. See Step 2 above.
    4. Select Install app on the Google apps marketplace page.
      google-drive-install-app.png
    5. Authenticate your account by entering the account password on the Google login page.
      After authentication, Cloud Apps lists your Google Drive app as Google n, for example Google 1. The n is the number of Google Drive app instances that you have connected to the Aperture service
      The Aperture Service validates that you have provided an administrator account and that the account has the right permissions to authenticate and access all the assets within Google Drive. If the account does not have adequate permissions, the onscreen status displays the error so that you can fix it.
    6. (Optional) Review and accept the changes that the Aperture service can perform on your assets in Google Drive.
      google_drive_waiver.PNG
  4. (Optional) Give a descriptive name to this app instance and specify an incident reviewer.
    google-ou.png
    1. Select the Google n link on the Cloud Apps list.
    2. Enter a descriptive Name to differentiate this instance of Google Drive from other instances you are managing.
    3. Specify an Incident Reviewer Account. Use this setting with caution. The account you provide becomes a collaborator on all risks — even private files.
    4. (Optional) Enter the Organizational Units to scan. You can enter multiple units separated by commas (for example, /var, /www). If you leave this field blank, all units are scanned.
    5. Click Done to save your changes.
  5. Set up a Google Remediation account.
    1. If you are not already on the Settings page for the Google Drive app you just added, select Settings, and click the link that corresponds to the app.
    2. Enter an email address to use for the Google Remediation Account. This account grants access to all assets (files and folders) in the corresponding Google Drive account.
    3. Click Done to save your changes.
  6. Define global scan settings.
  7. Add policy rules.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. As a best practice, consider the business use of your app to determine whether you want to Add a New Policy Rule for Content to look for risks unique to the new app.
  8. (Optional) Configure or edit a data pattern.
    When you add a new cloud app, the Aperture service automatically scans the app against the default data patterns and displays the match occurrences. You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.
  9. Start scanning the new Google Drive app for risks.
    1. Select SettingsCloud Apps & Scan Settings.
    2. In the Cloud Apps row that corresponds to the new Google Drive app, select ActionsStart Scanning.
  10. Monitor the results of the scan.
    As the Aperture service starts scanning files and matching them against enabled policy rules, Monitor Scan Results on the Dashboard to verify that your policy rules are effective.
    Monitoring the progress of the scan during the discovery phase allows you to Fine-Tune Policy to modify the match criteria and ensure better results.

Related Documentation