About Skyhigh CASB for Google Drive
Skyhigh CASB for Google Drive provides a way for organizations to use existing enterprise data loss prevention (DLP) policies and extend them to G Suite, reinforcing compliance and security requirements by providing another layer of control for data stored in Google Drive.
Skyhigh CASB continuously monitors an organization’s Google Drive accounts for file activity and processes those documents using the Skyhigh CASB DLP policy engine, an on-premises Enterprise DLP policy, or a combination of both. This is triggered by file activity and generally occurs within 10–15 seconds depending on bandwidth constraints, network latency, and file size.
API-based Activity Monitoring and Threat Protection for Google Drive is based on logging event name activities (found in https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names).
How it Works
Skyhigh CASB monitors Google Drive for content changes. As employees add/modify new files in Google Drive, Skyhigh CASB scans the files against DLP policies.
If a document contains information that violates a DLP policy, Skyhigh CASB quarantines or tombstones that documents (depending on the DLP policy). Quarantined files can be released or deleted directly from the dashboard.
If Skyhigh Cloud Connector has been installed, a list of Google Drive files that need more examination by the on-premises DLP solution is sent to the on-premises Cloud Connector. Cloud Connector downloads the documents directly from Google Drive, and forwards them to an Enterprise DLP policy engine using an ICAP protocol.
Admin-Level Activity Monitoring
In addition to activities users perform, G Suite Admin activities are also monitored and added to Threat Protection. The following Admin activities are included:
|Activity Name||Activity Category||Threat Categories|
|login_success||Login Success||Compromised Accounts|
|login_failure||Login Failure||Compromised Accounts|
|login_challenge||Service Usage||Compromised Accounts|
|logout||Service Usage||Compromised Accounts|
|All Admin Activities||Administration||Privileged Access|
Learn more about these activities in Google documentation: