Go back

New in Material: Automated File Detection & Response for Google Drive

Material customers can now fully automate enforcement actions across Google Drive to continuously protect against unwanted external sharing and excessive permissions.

Product
July 30, 2024
7m read
7m read
7m listen
7m watch
7m watch
Automated File Detection & Response for Google DriveAutomated File Detection & Response for Google Drive
speakers
speakers
speakers
authors
Material Team
participants
No items found.
share

Material customers can now fully automate enforcement actions across Google Drive to continuously protect against unwanted external sharing and excessive permissions.

Material customers can now fully automate enforcement actions across Google Drive to continuously protect against unwanted external sharing and excessive permissions.

When we first launched Data Protection for Google Drive back in February, we received overwhelmingly positive feedback from both our customers and the market. Security teams at companies of all kinds and sizes have difficulty managing the inevitable sprawl of confidential data spread across their Google Drive footprint – building custom tooling atop Google Workspace is too cumbersome, while generic Data Security and SaaS Security solutions don’t get to the depth required to illuminate blind spots effectively.

Material customers appreciate the level of depth we’re capable of getting within Google Drive through a historical sync process, exposed as an intuitive search and discovery interface. Finding confidential data in file contents, sensitive files shared externally, or internal files with excessive permissions can be done swiftly with more precision than alternatives. 

Since we've rolled out our Google Drive protections with Material, the user offboarding process has been much easier. I'm able to go to Material’s Google Drive interface and search for that user and look at past Google Drive activity. I plan to build out some detections based on the new features that Material just rolled out to flag in real time. - Daniel Elice, Cybersecurity Engineer at Rebellion Defense

Expanding on our search and discovery capabilities, we are now introducing new features aimed at automating remediation workflows through file detection and response. Working with our initial set of customers over the past few months, we honed in on a number of high-value use cases where automation would close the loop atop search and discovery in terms of risk mitigation. Sensitive data protection isn’t just a data governance issue performed periodically on a compliance-led timeline, it’s an incident response issue given the dynamic nature of file creation and sharing across Google Drive. 

There’s endless possibilities that are now unlocked. A few scenarios that can be fully automated include:

  • Revoking external access for files owned by a user who is being offboarded
  • Sending a Slack notification when shared files match a sensitive content classification
  • Emailing a file owner when they moved a shared file into a private shared Drive

Data Protection for Google Drive has been a huge help in doing audits as well. I’m able to just see any sensitive files shared externally in a single pane, and either export those results or simply revoke external access with a single click. I’m able to do everything from the Material console, which saves me a lot of time and heartache. -Daniel Elice, Cybersecurity Engineer at Rebellion Defense

Creating and saving file detections

Material’s file search interface guides you through your total Google Drive footprint to quickly identify toxic combinations of sensitive data, external sharing, and excessive permissions. Now you can save searches as a “Detection”, which when enabled, will run every time a new sync event occurs. Material is continuously updating our underlying data model of your Drive footprint based on any net new activity, including file CRUD, metadata changes, and sharing settings.

Automating response workflows

File Detections that match create an “Issue” in Material, which brings in all surrounding file context with a flexible remediation workflow builder. Customers that leverage Material for phishing triage are used to a seamless case management experience, with a number of options for how to respond to cases. We’re bringing much of that experience to files with Issues, where you can configure how you want to respond. Options include sending an email, sending a Slack notification, firing off a webhook, or revoking external access to matched files. Remediations are built in sequence, and you can also insert a grade period in between steps to encourage self remediation. For instance, if a file detection matches a sensitive content category, you can first send an email to the owner suggesting they restrict external access, then wait 1 day, and then revoke access. 

Built-in Okta integration and native support for Google Labels

Also included in this update are two integrations that further extend the capabilities of the product: Built-in Okta Suspended User Detection and Google Labels Support.

Cleaning up sharing settings and permissions for files owned by users about to be offboarded is a common use case Material customers are using the product for. Currently, you would need to build a step workflow to get notified of an Okta user being placed in a suspended state. While technically feasible, it requires an intermediate integration step. To make this seamless, we built a native integration with Okta that automatically detects when a user is placed in a suspended state. From there, you can build remediation workflows such as automatically revoking external access.

Material built a comprehensive data classification engine that scans file contents and metadata for sensitive customer, financial, health, and company data. For customers who have already invested in data classification using native Google tools, we now offer the ability to view and search against Google Labels directly within the product. This means you can be extra precise in your data classification, and build remediation workflows based on either or both of Material and Google’s data classification.

What’s Next in Data Protection for Google Drive

Complementing our initial search and discovery capabilities on product launch with these new detection and response capabilities make Data Protection for Google Drive a powerful toolkit to combat such a large attack surface with precision and speed.

As we’ve worked so closely with our customers using the product over the past few months, we’ve uncovered a number of key areas to further expand the roadmap. A few key themes we’re working towards include incorporating user activity into detections, adding a quarantine option, and introducing grade periods for remediation workflows. Stay tuned for more updates.

Data Protection for Google Drive is a complete solution in itself, and fits within our complete product offering that addresses the larger attack surface of Google Workspace as your primary productivity suite. Our detections cover inbound email attacks, user behaviors, risky settings, and sensitive data access – typically you would have to stitch together a number of different tools to cover this much ground. Not only does Material offer all in one, we also have the advantage of being able to correlate risk areas that would otherwise be disjointed. Imagine being able to answer questions like, “of these 100 users targeted in an email campaign, which had access to confidential data stored in Drive?” 

Your productivity suite isn’t just another application, it’s critical infrastructure to the business, and deserves focused protections that understand the total attack surface. That’s the Material advantage.

To see these new features for yourself, schedule a demo with our team.

Related posts

Our blog is your destination for expert insights, practical tips, and the latest news in technology. Stay informed with our regular updates and in-depth articles. Join the conversation and enhance your understanding of the tech landscape.

blog post

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

Josh Donelson
5
m read
Read post
Podcast

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Listen to episode
Video

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m watch
Watch video
Downloads

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Watch video
Webinar

Identifying Risk in Google Workspace with Material & SADA, An Insight Company

Partnering with SADA, An Insight company, companies big and small can get deep insights into the types of risk that live inside of Google Workspace, powered by a data-driven analysis of user behaviors, sensitive data in email and files, and posture settings by the Material Security platform.

5
m listen
Listen episode
blog post

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Material Team
10
m read
Read post
Podcast

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Listen to episode
Video

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m watch
Watch video
Downloads

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Watch video
Webinar

Risky Biz Podcast Interview with Rajan & Dan

Dan Ayala, Chief Security & Trust Officer from Dotmatics joins Rajan Kapoor, Field CISO from Material on Risky Business to discuss how to wrangle securing data that ends up in corporate cloud email and file stores.

Rajan Kapoor
10
m listen
Listen episode
blog post

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Material Team
35
m read
Read post
Podcast

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Listen to episode
Video

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m watch
Watch video
Downloads

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Watch video
Webinar

Material Product Demo: Securing Google Workspace & M365

Abhishek Agrawal gives an in-depth product demo walkthrough on Risky Business

Abhishek Agrawal
35
m listen
Listen episode
blog post

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

Rajan Kapoor
7
m read
Read post
Podcast

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Listen to episode
Video

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m watch
Watch video
Downloads

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Watch video
Webinar

The Evolution of Email Security: Piecing Together a Fragmented Landscape

It’s time the security industry moves beyond traditional email security. The way we protect ourselves going forward must evolve with email and productivity platforms themselves and the threats they face.

7
m listen
Listen episode
Privacy Preference Center

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.