Provision a service account for Google Drive to allow Cloud App Security to scan files stored in Google Drive. Cloud App Security uses the service account to run advanced threat protection and data loss prevention scanning on files in Google Drive.
Cloud App Security scans files in users' My Drive, except the shared drives.
The steps outlined below detail how to provision a service account for Google Drive from Dashboard.
The Provision Service Account for Google Drive screen appears.
A new window appears for you to sign in to Google.
An authorization screen appears.
The application is successfully installed.
Cloud App Security then synchronizes your Google Drive user and organization unit information, including the user ID, user name, user email address, organization unit ID, and organization unit name. The time required depends on how many users and organization units you have in Google Drive.
Cloud App Security generates a quarantine folder (trendmicro_cas_quarantine__dont_change_or_delete) and a temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the Google Drive administrator's root directory. The quarantine folder can be accessed only by the administrator, while the temporary folder can be edited by all users.
Cloud App Security renames the files in the quarantine folder. Each file is prefixed with RANDOM_UUID, which is a unique string randomly generated by Cloud App Security. For example, some_file.doc will be renamed ecdd6cc3-58d4-42a4-831a-e39bcbc1c8d5_some_file.doc.
The temporary folder stores quarantined files before they are moved to the quarantine folder and restored files before they are moved back to their original locations.
If the message "Google Drive protected." appears on the Notifications screen, the provisioning is successful.
To avoid unnecessary notifications, all users must exclude the temporary folder (trendmicro_cas_temp__dont_change_or_delete) from the synchronization list. Perform the following steps as a user:
Locate and click the Google Drive tray icon on your desktop.
Click Settings and choose Preferences.
Click the Sync options tab and click Sync only these folders.
Clear the check box of the temporary folder (trendmicro_cas_temp__dont_change_or_delete) in the box below.