Begin Scanning a Google Chat App
Focus
Focus
SaaS Security

Begin Scanning a Google Chat App

Table of Contents

Begin Scanning a Google Chat App

Add your Google Chat app to Data Security to begin scanning and monitoring assets for possible security risks.
Where Can I Use This?What Do I Need?
  • Strata Cloud Manager
  • Data Security license
Or any of the following licenses that include the Data Security license:
  • CASB-X
  • CASB-PA
To connect a Google Chat app to Data Security and begin scanning assets, you need to:
  • Ensure that you have a Google Chat admin account with Super admin role.
  • Add the Google Chat admin account to Data Security and assign a Super admin role.
  • Ensure that you have authorized the provided OAuth scopes via Domain Wide Delegation in the Google Admin Console.
Ensure that the Super Admin account added to the Strata Cloud Manager for onboarding Google Chat app has logged in at least once into the Strata Cloud Manager. Only then will the account be enabled. Onboarding will fail if this account has never logged into the Strata Cloud Manager.

Supported Content

The following table lists the supported content for the Google Chat app.
Support For
Details
Scan Content
Messages, Files uploaded from device
Backward Scan
Yes
Forward Scan
Yes
Selective Scan
No
Exposure
Internal, External
Remediation Actions
  • User Quarantine—No
  • Admin Quarantine—No
  • Change Sharing—No
  • Delete Message—Yes
Notifications
  • Notify File Owner—Yes
  • Notify Via Slack—Yes (applicable only if you have onboarded Slack Enterprise or Slack Pro and Business)
Post-Remediation Actions (Actions after Admin Quarantine):
No
User Activities
  • Activity Monitoring—No
  • Activity Alerting—No
  • Folder Monitoring—No
Snippet Support
Yes
Known License and Version restrictions
Supported Versions
  • All
Caveats and Notes
Due to Google Chat app constraints, remediation for Direct Messages with external users isn’t supported.

Prepare to Add Google Chat App

Google’s default Super admin role provides the necessary communication between Data Security and the Google Chat app.
  • Read, write, delete (for remediation) messages in the app.
  • API access. API access provides visibility into the assets in Google Chat and enables Data Security to monitor the sharing of assets.
  1. Verify that your Google Chat administrator account is assigned a Super admin role.
  2. Ensure that the Google Chat administrator account’s domain matches the existing domain on Data Security.
  3. (Recommended) Add your Google Chat domain as an internal domain.
  4. Select SecurityAccess and data controlAPI controls.
  5. Select MANAGE DOMAIN WIDE DELEGATION and add the required scopes and service account mentioned in Step 2 of the Google Chat app onboarding Configuration wizard.
  6. Add the same email address of the Google Chat administrator to Data Security and assign a Superuser role.
  7. Next step: Proceed to Add Google Chat App.

Add Google Chat App

For Data Security to scan assets, you must consent to specific permissions when adding the Google Chat app.
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationSaaS SecurityData SecurityApplicationsAdd ApplicationGoogle Chat .
  3. As indicated in the onscreen Configuration wizard (screenshot above), Prepare to Add Google Chat App.
  4. To onboard your Google Chat app, follow steps 4 to 6 to set up your Domain Wide Delegation mentioned in the Prepare to Add Google Chat App section.
  5. Follow the final step in the onscreen Configuration wizard: Enter Admin email to connect and Connect.
    After you enter the Google Chat admin email, the Google Chat app is installed.

Identify Risks

When you add a new cloud app and enable scanning, Data Security automatically scans the cloud app against the default data patterns and displays the match occurrences. You can take action now to improve your scan results and identify risks.
  1. To start scanning the new Google Chat app for risks, select ManageConfigurationSaaS SecurityData SecurityApplicationsGoogle ChatView Settings...Start Scanning.
  2. Monitor the scan results.
    During the discovery phase, Data Security scans files and matches them against enabled default policy rules.
    Verify that your default policy rules are effective. If the results don’t capture all the risks or you see false positives, proceed to the next step.
  3. (Optional) Modify match criteria for existing policy rules.
  4. (Optional) Add new policy rules.
    Consider the business use of your app, then identify risks unique to your enterprise. As necessary, add new:
  5. (Optional) Configure or edit a data pattern.
    You can Configure Data Patterns to identify specific strings of text, characters, words, or patterns to make it possible to find all instances of text that match a data pattern you specify.