Material customers can now fully automate enforcement actions across Google Drive to continuously protect against unwanted external sharing and excessive permissions.
Material customers can now fully automate enforcement actions across Google Drive to continuously protect against unwanted external sharing and excessive permissions.
When we first launched Data Protection for Google Drive back in February, we received overwhelmingly positive feedback from both our customers and the market. Security teams at companies of all kinds and sizes have difficulty managing the inevitable sprawl of confidential data spread across their Google Drive footprint – building custom tooling atop Google Workspace is too cumbersome, while generic Data Security and SaaS Security solutions don’t get to the depth required to illuminate blind spots effectively.
Material customers appreciate the level of depth we’re capable of getting within Google Drive through a historical sync process, exposed as an intuitive search and discovery interface. Finding confidential data in file contents, sensitive files shared externally, or internal files with excessive permissions can be done swiftly with more precision than alternatives.
Since we've rolled out our Google Drive protections with Material, the user offboarding process has been much easier. I'm able to go to Material’s Google Drive interface and search for that user and look at past Google Drive activity. I plan to build out some detections based on the new features that Material just rolled out to flag in real time. - Daniel Elice, Cybersecurity Engineer at Rebellion Defense
Expanding on our search and discovery capabilities, we are now introducing new features aimed at automating remediation workflows through file detection and response. Working with our initial set of customers over the past few months, we honed in on a number of high-value use cases where automation would close the loop atop search and discovery in terms of risk mitigation. Sensitive data protection isn’t just a data governance issue performed periodically on a compliance-led timeline, it’s an incident response issue given the dynamic nature of file creation and sharing across Google Drive.
There’s endless possibilities that are now unlocked. A few scenarios that can be fully automated include:
- Revoking external access for files owned by a user who is being offboarded
- Sending a Slack notification when shared files match a sensitive content classification
- Emailing a file owner when they moved a shared file into a private shared Drive
Data Protection for Google Drive has been a huge help in doing audits as well. I’m able to just see any sensitive files shared externally in a single pane, and either export those results or simply revoke external access with a single click. I’m able to do everything from the Material console, which saves me a lot of time and heartache. -Daniel Elice, Cybersecurity Engineer at Rebellion Defense
Creating and saving file detections
Material’s file search interface guides you through your total Google Drive footprint to quickly identify toxic combinations of sensitive data, external sharing, and excessive permissions. Now you can save searches as a “Detection”, which when enabled, will run every time a new sync event occurs. Material is continuously updating our underlying data model of your Drive footprint based on any net new activity, including file CRUD, metadata changes, and sharing settings.
Automating response workflows
File Detections that match create an “Issue” in Material, which brings in all surrounding file context with a flexible remediation workflow builder. Customers that leverage Material for phishing triage are used to a seamless case management experience, with a number of options for how to respond to cases. We’re bringing much of that experience to files with Issues, where you can configure how you want to respond. Options include sending an email, sending a Slack notification, firing off a webhook, or revoking external access to matched files. Remediations are built in sequence, and you can also insert a grade period in between steps to encourage self remediation. For instance, if a file detection matches a sensitive content category, you can first send an email to the owner suggesting they restrict external access, then wait 1 day, and then revoke access.
Built-in Okta integration and native support for Google Labels
Also included in this update are two integrations that further extend the capabilities of the product: Built-in Okta Suspended User Detection and Google Labels Support.
Cleaning up sharing settings and permissions for files owned by users about to be offboarded is a common use case Material customers are using the product for. Currently, you would need to build a step workflow to get notified of an Okta user being placed in a suspended state. While technically feasible, it requires an intermediate integration step. To make this seamless, we built a native integration with Okta that automatically detects when a user is placed in a suspended state. From there, you can build remediation workflows such as automatically revoking external access.
Material built a comprehensive data classification engine that scans file contents and metadata for sensitive customer, financial, health, and company data. For customers who have already invested in data classification using native Google tools, we now offer the ability to view and search against Google Labels directly within the product. This means you can be extra precise in your data classification, and build remediation workflows based on either or both of Material and Google’s data classification.
What’s Next in Data Protection for Google Drive
Complementing our initial search and discovery capabilities on product launch with these new detection and response capabilities make Data Protection for Google Drive a powerful toolkit to combat such a large attack surface with precision and speed.
As we’ve worked so closely with our customers using the product over the past few months, we’ve uncovered a number of key areas to further expand the roadmap. A few key themes we’re working towards include incorporating user activity into detections, adding a quarantine option, and introducing grade periods for remediation workflows. Stay tuned for more updates.
Data Protection for Google Drive is a complete solution in itself, and fits within our complete product offering that addresses the larger attack surface of Google Workspace as your primary productivity suite. Our detections cover inbound email attacks, user behaviors, risky settings, and sensitive data access – typically you would have to stitch together a number of different tools to cover this much ground. Not only does Material offer all in one, we also have the advantage of being able to correlate risk areas that would otherwise be disjointed. Imagine being able to answer questions like, “of these 100 users targeted in an email campaign, which had access to confidential data stored in Drive?”
Your productivity suite isn’t just another application, it’s critical infrastructure to the business, and deserves focused protections that understand the total attack surface. That’s the Material advantage.
To see these new features for yourself, schedule a demo with our team.