MVISION Cloud for Google provides a way for organizations to use existing enterprise data loss prevention (DLP) policies and extend them to G Suite, reinforcing compliance and security requirements by providing another layer of control for data stored in Google Drive.
MVISION Cloud continuously monitors an organization’s Google Drive accounts for file activity and processes those documents using the MVISION Cloud DLP policy engine, an on-premise Enterprise DLP policy, or a combination of both. This is triggered by file activity and generally occurs within 10–15 seconds depending on bandwidth constraints, network latency, and file size.
API-based Activity Monitoring and Threat Protection for Google Drive is based on logging event name activities (found in https://developers.google.com/admin-sdk/reports/v1/reference/activity-ref-appendix-a/drive-event-names).
How it Works
MVISION Cloud monitors Google Drive for content changes. As employees add/modify new files in Google Drive, MVISION Cloud scans the files against DLP policies.
If a document contains information that violates a DLP policy, MVISION Cloud quarantines or tombstones that documents (depending on the DLP policy). Quarantined files can be released or deleted directly from the dashboard.
If MVISION Cloud Connector has been installed, a list of Google Drive files that need more examination by the on-premise DLP solution is sent to the on-premise Cloud Connector. Cloud Connector downloads the documents directly from Google Drive, and forwards them to an Enterprise DLP policy engine using an ICAP protocol.
Admin-Level Activity Monitoring
In addition to activities users perform, G Suite Admin activities are also monitored and added to Threat Protection. The following Admin activities are included:
|Activity Name||Activity Category||Threat Categories|
|login_success||Login Success||Compromised Accounts|
|login_failure||Login Failure||Compromised Accounts|
|login_challenge||Service Usage||Compromised Accounts|
|logout||Service Usage||Compromised Accounts|
|All Admin Activities||Administration||Privileged Access|
Learn more about these activities in Google documentation: