Based on feedback we got from concerned Admins at some leading name domains who run other audit tools for different functionality we decided to review 3 of the better known tools (in our opinion) that claim to perform auditing, Brands A, B and C. We identify brand A as GAT
Moving data into and out of the domain undetected
Based on our tests (January 2013). The test domain assumption is the Admin runs the GAT’s ‘What’s hot, docs shared in or out changed in the last 24 hrs’ as a daily scheduled report or at anytime if s/he want’s to review the last 24 hour period.
Security Review
Based on our analysis of the Brands B and C production releases, January 2013, we had the following observations.
1) Detecting internal leakage (should be easy – right?)
The first job of an audit or security tool is to detect all users who read or access a file. On the audit tools we tested there is no reporting of file ‘visitor history’. This feature needs no explanation as to it’s security implications. We think internal visitor history is important to track internal leakage.
With GAT
Click on any of the numbers under Visitors. The top number shows the total number of visitors, the four numbers underneath show the visits in a 1, 3 and 7 day period and Total. Clicking on any part of the column heading sorts on that, so clicking on ‘3d’, ranks all the documents by popularity in the last 3 day period. This helps you see what’s trending in that period.
Click on the actual visitor number for that document and you see the history of the visitors, click on any visitor name in that list and it shows you what documents they opened in a 24 hour window around their visit, this helps you identify possible ‘cut and paste’ thefts.
2) Detecting leakage in existing external shares (Don’t take your eye off the cup with the dice under it)
Here using brands B and C we tried to create a policy or audit to report when existing documents which had previously been shared out or in, had been changed. Clearly a document that was shared out could be reviewed and deemed to be OK, then sometime later the user inadvertently reveals the company’s new sales strategy in the old shared document (perhaps not realizing it is still shared out). Not to have this flagged automatically with an alert could mean valuable information is being lost.
With GAT
The ‘One click’ report – ‘Docs shared in or out changed in the last 24 hours’, picks up every document shared in and every document shared out in the last 24 hours, AS well as any document previously shared in or out, but changed in the last 24 hours. This is also a ‘ready made’ scheduled job that we recommend Admin’s run daily.
3) Spotting new shares into the domain (easy when there are no shares in)
In this test we want to alert Admins about new documents shared into the domain. Given that documents that are shared in could be used equally well to get information out, identifying new documents shared in and alerting Admins is clearly important. Detecting new internal shares is not enough, in particular where there are many, or new shares are being added and old shares are being deleted. Admins must be alerted to the change via email at least.
With GAT
Same as in 2 above, with the report scheduled to run daily.
4) Destruction of evidence (Where did that go?)
It is easy quarantine the things you do see, but what happens to the things you don’t see?
On our test domain Brand’s B and C could not identify or keep track of ‘deleted’ files. These are files removed from the ‘trash’ can to try and hide their existence.
With GAT
Click on ‘Deleted’ in the Docs Audit. These are the files that users have removed from the trash can to make sure they are gone permanently, while we don’t keep the file, we do keep a record of it’s existence. In some cases Google can actually retrieve it. (Note, as part of our automatic ‘right to be forgotten’ policy, if the audit tool is not run for 30 days the metadata is destroyed. In this case the ‘deleted’ history for that domain is lost forever.)
Note 1
We only compare the tools in their core functional areas of audit, security and alerting. Most tools offer other rich resources to Admins.
Note 2
For security reasons this list is not complete, concerned Admins can contact us directly for further advice on protecting their Google Data. (Certain potential leaks not covered by other tools are not discussed because they may alert third parties to the exploit)
Note 3
For security reasons we have specifically avoided referring to any particular product but would advise Admins to carry out detailed testing in the specific areas outlined. We advise using all available products to check the others.
Audit Review – Performance metrics.
File detection
Based on our analysis of two other tools, Brand B and Brand C production release, January 2013
We created a small domain, uploaded and shared some documents to it. We gave it ‘light’ use over a period of time, adding, sharing internally, sharing in, sharing out and deleting a few files. No more than 30 files were changed and a couple of shared folders removed, outside of the initial file creation and file upload.
We tested the three products against this small domain and watched the count drift.
These tests were not exhaustive and we tried to test features where the products overlap (basic auditing). We think that looking at figure differences in these areas will help Admins identify files potentially at risk.
Only GAT detected all active files in all circumstances.
After the test we had the following table of results on the exact same set of data in the test Domain
These are the 5 or so basic audit items an Admin would want to know.
| GAT | Brand C | Brand B | |
| File Count | 3831 | 3824 | 3756 |
| Shared Internally | 25 | 0 | no data |
| Shared In | 4 | 4 | 4 |
| Shared Out | 13 | 10 | 6 |
| Google Document | 18 | 11 | 14 |
In all cases GAT returned the same or more files than other tools and found more data.
Speed Review
Speaks somewhat to the underlying efficiency of the code and basic design principles.
Speed becomes a significant factor in getting meaningful results at very high user or document counts. We calculate that for some of our larger customers Brand C could not complete a scan in under a day (in some cases many days)
| Doc Count | Initial Scan (secs) | Refresh Scan (secs) | |
| GAT | 3,762 | 90 | 9 |
| Brand B | 3,762 | 360 | 300 |
| Brand C | 3,762 | 2,610 | 660 |
Refresh times were an average, or in the case of C the fastest recorded.
We emphasise that all domains are different and we strongly encourage Admins to try all audit tools on their domain to see which reports best for them.
We also suggest they try some of the following Tech Tips for testing.
To Install GAT, look here Google Staff pick.
GAT now has it’s own page on Google+ and it’s own community which is well worth joining to stay up with the latest features which can really help make your work easier and safer.
Notes for testers : To refresh GAT you must logout and back in. GAT automatically runs a refresh on login.
It can sometimes take Google a few minutes to update the metadata of a changed file. You need to make allowances for this with all audit tools when testing for changes.
The largest Google Apps customers in the world trust GAT. It has become the gold standard for accuracy and the benchmark by which to judge other audit tools.
Posted in Google Apps Security by .
Auditing and Security Apps – What you need to ask.
Auditing and Security are two very different functions, however auditing is a very important part of the security process. Auditing and audit tools can not enforce security in the Google Apps environment, only Google can enforce security.
Therefore we believe there is no such thing as Data Loss Prevention, only data loss alerting. All audit tools alert you to potential data loss situations or should.
When selecting an audit tool there are some important questions you need to ask yourself.
What information does the audit tool require from your domain? Metadata or metadata and file contents?
GAT only requires metadata. We build our exposure profile based purely on the metadata. GAT never retrieves file contents for auditing. We believe the risk in extracting file contents from the secure ‘shredded’ environment of Google’s servers to any third party software is too great for companies serious about security, so we don’t do it. Some of the most security sensitive government customers in the US and the UK use GAT precisely because we don’t extract file contents.
If an audit tool extracts metadata or other data how does it handle it? Does it encrypt it?
GAT encrypts all the metadata it extracts and generates a single unique key. With GAT your data is never in plain-text form while at rest. Furthermore we place the only key in a file in your Google Apps account. If you delete that file the key is lost for everyone, forever.
If your are looking at other audit tools you should find out if your data is encrypted at rest?, if so how? and where is the key held?
Does the audit tool allow admins to change file permissions or ownership?
We think allowing third parties to change permissions to files even where those changes are logged could be very dangerous. There are many generic Admin accounts, who gets the blame for looking in the HR files? You finish your relationship with the audit company, the logs are lost forever, who knows what happened? The only permission changes GAT allows is the reduction of access by third parties to a file. This allows Admins to act quickly if they are concerned, but also keeps them above suspicion of any wrongdoing. In effect we protect both the Admins and the users. We believe large enterprises already have proper procedures and processes in place to address issues of concern in the area of file contents.
Does the audit tool keep your data?
What happens when you finish using an audit tool? With GAT we operate the European directive on ‘right to be forgotten’. This is operated automatically with GAT, each time you use GAT your metadata file begins an automatic countdown to be deleted. Unless you use GAT again within 30 days, your data is automatically removed. If you use GAT again after that period we automatically build the metadata audit from scratch again. You will lose some historical information, but the clock is always ticking in your favor with respect to privacy and erasure for your data.
Summary
The largest Google domains in the world use GAT both for it’s speed and detail of reports. However the most important reason we hear back on why big domains use it, is because of security. We simply do not compromise on security, even where the feature looked useful or interesting.
Before implementing any of our many features we ask one simple question, will this increase or decrease security for the customer? If the answer is it will decrease your data security, we do not implement the feature. We believe that is why we are the most popular (and secure) Google Apps audit tool in the marketplace.
Posted in Google Apps Security by .
A domain Admin with a domain called Largetestninja.com kindly tried to put our auditing servers under pressure over a couple of days.
The domain had over 30,000 users, just about 1 million documents and about 4,000 groups. While it is only a test domain and probably not reflecting the changes that you would see in a real life domain, you can see from our stats over a two day period that despite competing with hundreds of other real domains, we were able to finish complete domain wide refresh scans for the most part in under 30 mins. We are sure largetestninja.com were pleased with the results.
Posted in Uncategorized by .
Google Docs Security – a brief white paper.
Based on many conversations with General Audit Tool customers about Google Docs security, we decided to do a brief white paper to give an overview of the current situation.
What Google is good at.
Google do a really good job of basic data security. In fact we believe because of the environment they are kept in, e-documents are safer with Google than in any corporate or organisational server. This on its own is a significant reason to move to Google.
Google have very good security processes, a highly regulated approach, strong firewalling and monitoring systems and an operational environment that is not standard and unlikely to be well understood by those outside the organisation.
They also have strong physical security around the data.
What Google is not so good at.
Google allows document sharing by the document owners. This is a powerful collaboration and productivity feature. It has benefits that are well enumerated by Google.
Unfortunately the security and controls around sharing are weak to the point of disaster.
Google allow the following controls at domain level.
As we can see, basically they allow sharing out or not and if not, they allow sharing in or not.
This is way too broad and unrefined.
What Google need to do is allow the following Domain wide or Organizational Unit options which become the maximum allowed for all users, each user can of course be more restrictive.
Allow sharing out Y/N
If Y, what domains? All
Whitelist
Blacklist
For All or each member of the Whitelist, we need the following options
Edit – Y/N
Read – Y/N
Comment - Y/N
Reshare – Y/N
Allow sharing in Y/N
If Y, what domains? All
Whitelist
Blacklist
For All or each member of the Whitelist, we need the following options
Edit – Y/N
Read – Y/N
Comment - Y/N
Reshare – Y/N
Google then need to allow an exception list to the above based on username, group membership, organisational membership or sub-domain.
The exception list should be set by the Admins, presumably on the instructions of the compliance officer.
When a user creates a document the ACL is automatically checked against the policy set above to see that it is complaint. Non-compliant settings can not be made by any user.
What happens today.
In the absence of real sharing security by Google, a number of third party companies have sprung up offering ‘security’. These are essentially round-robin programs that check each document to see if it fits a policy similar to the above. If it does not, they set the rights as per policy. However they fail in 3 main areas, 1) they are after the event, meaning the violation has occurred before they detect it, 2) they have no enforcement, meaning the user can unset their changes until the next time they come around and 3) they are at best half useful because they can’t enforce any policy on documents shared in as they have no access rights to the ACLs on documents on another domain.
Why this must change.
The solution today is analogous to having bottles sitting on a long wall and a strong wind blowing. The goal is to keep the bottles on the wall and the solution is to have someone run along the base of the wall putting the bottles back up as they fall down. What’s worse they can’t even run to a falling bottle, they have to run in a line back and forth along the wall.
This is weak from a security perspective (in fact so weak, you could not call it security)
This is highly inefficient from a programming perspective.
At best it is a stop-gap.
What needs to happen.
Google need to put brackets on the wall. The bottle should not move until the bracket is released.
Security has to be enforced from the inside, not the outside.
What we recommend.
For now organisations with genuine security concerns we recommend they operate a Docs DMZ. The core domain has sharing in and out turned off.
Documents that need external collaboration are created in the DMZ domain.
Both domains run auditing.
This sounds drastic, inefficient and far from user-friendly. It is, but if you want real security we think it is the minimum standard until Google change their security policy.
Posted in Google Docs Security by .
The Google Docs DMZ.
Recently Steve A Arsov, from MEDALLION HEALTH in Santa Fe, a General Audit Tool (GAT) Admin who works for a health care provider approached us on the subject of HIPAA compliance for Google Apps. He wanted to know if our tool could guarantee HIPAA compliance? The answer is no third party marketplace tool can guarantee HIPAA compliance. The best they can do is show that you remain vigilant in seeking to remain compliant. I also pointed out that the only way to ensure there was no accidental public exposure of patient data from Google Apps was to use the Google Control panel to turn off all public sharing. (Admin Panel – Settings). This would come close to guaranteeing HIPAA compliance in the area of accidental sharing
This was fine, except he needed to have outsiders fill in forms for gathering data. A quick test showed that if he selected ‘Users cannot share documents outside this organisation’, no forms could be filled in (even with ‘Let users receive documents from outside this organization’ set).
A simple solution came from borrowing a model used in network Firewalling, why not introduce a Google Docs DMZ?
We could set up two zones domain-public.com and domain-private.com. In the public domain the user could create a spreadsheet, build his form and publish it to the web. In this domain public file sharing would be allowed. That same spreadsheet would then be shared to a user in the private domain.
In the private domain, the control panel would be set to ‘No sharing outside the organisation’, however users users could ‘receive documents from outside this organisation’. This would allow for the forms spreadsheet to be shared in.
Notes: What this does not prevent is the malicious theft of information. Here someone shares a Google Doc from a third party Google account on the outside into the private domain and a rogue operator on the inside dumps data into this file, which the external third party then unshares. One of course can’t prevent screen shots of patient data been taken with mobile phones either! If someone wants to steal patient data, they can.
Uniquely, our product helps mitigate against this by tracking not only edits to files but also visits (in most circumstances), thus leaving the strongest audit trail of any audit tool.
If you are someone who deals with Electronic Health Records in the Google Apps Environment then the General Audit Tool is a key tool to help you meet your HIPAA requirements under Core Measure 15.
A very helpful and readable guide is given here.
http://www.beinetworks.com/newsletter/HealthcareIT_Update_10_2011.html
Posted in Uncategorized by .
Jul 12
9
Back Up Sites
From time to time we get requests from Admins to tweak our product just a little bit to suit their needs. Where possible, we are very happy to do that as it makes for a great product all around.
Here is a nice example I’d like to share with you.
One of our ‘Scheduled’ reports is ‘Sites shared out, new or changed in the last 24 hours’. This Admin works for a company that had a large number of large Google Apps sites. He was backing them up nightly, but the backups were getting larger and larger and he was running into time problems. We produced a perfect solution – a list of sites in CSV format that only contained ones changed in the last 24 hours, that list would be ideal input for the backup tool. We had one small problem though, we wrote the list in a date changed subdirectory and using a constant name file name – the Admin had two requests – could we the file in the ‘root’ directory for google drive and could with put a date-stamp in the file CSV file name?
The result, within 48 hours we had a tick box that gave every user this feature.
The Admin has kindly provided the scripts he used in case this might be of use to others.
(Please don’t ask us any questions about these scripts are we are not in a position to support them)
I got my solution working on Friday. It worked great!
I use a DOS batch script to run the show:
@ECHO OFF
REM this should compiled to an EXE and stored on \\tqdmsupwrks1\scripts
REM mount the truecrypt volume
“c:\program files\truecrypt\truecrypt.exe ” /v \\tqdmsan1ctl1\backup\GoogleSites\sites.trc /lt /a /p password /s /h n /q background
REM run the backup program
c:\scripts\backup_sites_ver2.exe
REM delete all files and folders in our backup folder older than 40 days
c:\scripts\delete_old_files.exe T:\ 40
REM dismount the Truecrypt volume
“c:\program files\truecrypt\truecrypt.exe ” /q background /dt /s /w /h n /f
The use of the free Truecrypt encryption product allows me to keep the Sites backup data secure on our file server since Google Sites allows security for specific sites. It is mounted to a drive letter, the backup takes place, a cleanup job delete files older than a month, and then the encrypted volume is unmounted. The process of only backing up changed Sites took less than 2 minutes.
The VBScript uses the free GoogleCL utility to download the GAT Sites spreadsheet using the current date as part of the search with this snippet:
‘ This report is generated around 1:30 PM each day From GAT
‘ ******************************************************************
yyyy = CStr(Year(Now))
mm = CStr(Month(Now))
If Len(m) < 2 Then mm = “0″ & mm
dd = CStr(Day(Now))
If Len(dd) < 2 Then dd = “0″ & dd
‘ let’s build the command to download the file from Google if it is there
convert = Chr(34) & “c:\scripts\googlecl\googlecl-win32-0.9.13\google.exe ” & Chr(34) & ” docs get ” & Chr(34) & “GAT_teamquest_com_Sites_” & yyyy & “_” & mm & “_” & dd & Chr(34) & ” ” & Chr(34) & “c:\scripts\google_sites.csv” & Chr(34)
Set objoutputFile = objfso.CreateTextFile(“c:\scripts\Google_sites_audit_download.bat”, True)
‘write the line to batch file
objoutputFile.WriteLine convert
objoutputFile.Close
‘ execute the single line batch file
‘WshShell.Run “c:\scripts\Google_sites_audit_download.bat”,0,True
wshShell.Run “%COMSPEC% /c c:\scripts\Google_sites_audit_download.bat”, 1, True
‘ if file does not exist, there was no download and we cannot continue
wscript.echo “checking”
If (objfso.FileExists(“c:\scripts\Google_sites.csv”)) Then
Else
sendmail “itops@teamquest.com”,”No Google Sites Backup Audit File Downloaded For ” & yyyy & “_” & mm & “_” & dd,”NO Google Audit Tool file For ” & yyyy & “_” & mm & “_” & dd & ” was found To download. Google Sites Backup Not executed. Last successful backup was ” & last_backup_cycle,”",”",”randal.schmidt@teamquest.com”
wscript.quit
End If
Set objFile = objFSO.GetFile(“c:\scripts\Google_sites.csv”)
‘ if file is created but has no data in it…
If objFile.Size > 0 Then
Else
sendmail “itops@teamquest.com”,”No Google Sites Backup Audit File Downloaded For ” & yyyy & “_” & mm & “_” & dd,”NO Google Audit Tool file For ” & yyyy & “_” & mm & “_” & dd & ” was found To download. Google Sites Backup Not executed. Last successful backup was ” & last_backup_cycle,”",”",”randal.schmidt@teamquest.com”
wscript.quit
End If
————————————————————————————————————————————–
If no file is returned or the file size is zero, then your spreadsheet was not found. NO cause for alarm because I keep a time stamp of the last successful backup on file so it picks up where it left off on the next cycle. NO loss of backup data will creep in just because a day’s file did not get downloaded. But an email let’s me know that has happened so I can investigate.
Once I have the file in Windows format, I simply read it in a loop and use the free Sites Liberation tool to do the actual export of data in a specially named series of folders. Here is the snippet that does that process:
‘ Read the GAT spreadsheet as a Windows csv file
‘ if the site is not deleted, keep going (arrSiteList contains the columns for a row)
If LCase(arrSiteList(18)) <> “yes” Then
‘ if the site changed since our last backup, keep going
If DateValue(arrSiteList(16)) > DateValue(last_backup_cycle) Then
‘ there may be more than one owner, just get the first for the file name
ownerlist = Split(arrSiteList(1),”,”)
owner = ownerlist(0)
‘ create our unique output directory with site name, backup date and owner name
cmd = “cmd /c md ” & Chr(34) & “t:\” & arrsitelist(0) & “_” & CStr(Year(Now)) & CStr(Month(Now)) & CStr(Day(Now)) & “_” & owner & Chr(34)
return = wShshell.Run(cmd, 1 , True)
‘ perform the actual site export to our custom created and named folder
cmd = Chr(34) & “C:\Program Files\Java\jre6\bin\java.exe” & Chr(34) & ” -cp ” & Chr(34) & “c:\scripts\google-sites-liberation-1.0.4.jar” & Chr(34) & ” com.google.sites.liberation.export.Main -d ” & Chr(34) & “teamquest.com” & Chr(34) & ” -w ” & Chr(34) & Trim(arrsitelist(0)) & Chr(34) & ” -u admin -p ” & Chr(34) & admin_password & Chr(34) & ” -f ” & Chr(34) & “t:\” & arrsitelist(0) & “_” & CStr(Year(Now)) & CStr(Month(Now)) & CStr(Day(Now)) & “_” & owner & Chr(34) & ” -r”
wscript.echo Trim(arrsitelist(0))
site_backup = site_backup & Trim(arrsitelist(0)) & vbnewline
return = wShshell.Run(cmd, 1 , True)
ctr = ctr + 1
End If
End If
——————————————————————————————————————–
So the entire Google Sites backup process is done using existing, free tools. And having it on our own file servers gives us control and security over the data. Your free GAT tool allows us to backup only what we need to and gives us an audit of what changed in Sites as a byproduct.
Pretty cool! Thank you for working with me to maximize the benefit of GAT to our operation.
You can feel free to publish the above text and snippets
Update!
The first column in your csv is NOT the real site name. It is the “text” name of the site. I was using that in the Sites Liberation java program. The real site name is in the URL which is the 14th column. So I just changed the code to parse for that and it now works perfectly. Most of our sites had the same for both so I did not notice it. Here is the modified read routine to find the real site name for the Sites Liberation backup program:
Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.ReadLine
‘ Comma delimited line could have with quoted strings
‘ and embedded quotes and commas.
index = 0
For Each strItem In CSVParse(strnextline)
arrSiteList(index) = strItem
index = index + 1
Next
‘ if the site is not deleted, keep going
If LCase(arrSiteList(18)) <> “yes” Then
‘ if the site changed since our last backup, keep going
If DateValue(arrSiteList(16)) > DateValue(last_backup_cycle) Then
‘ there may be more than one owner, just get the first for the file name
ownerlist = Split(arrSiteList(1),”,”)
owner = ownerlist(0)
sitename_array = split(arrSitelist(14),”/”)
‘ get the last element in the URL name because that is the real site name
site_name = sitename_array(ubound(sitename_array))
‘ create our unique output directory with site name, backup date and owner name
cmd = “cmd /c md ” & Chr(34) & “t:\” & site_name & “_” & CStr(Year(Now)) & CStr(Month(Now)) & CStr(Day(Now)) & “_” & owner & Chr(34)
return = wShshell.Run(cmd, 1 , True)
‘ perform the actual site export to our custom created and named folder
cmd = Chr(34) & “C:\Program Files\Java\jre6\bin\java.exe” & Chr(34) & ” -cp ” & Chr(34) & “c:\scripts\google-sites-liberation-1.0.4.jar” & Chr(34) & ” com.google.sites.liberation.export.Main -d ” & Chr(34) & “teamquest.com” & Chr(34) & ” -w ” & Chr(34) & site_name & Chr(34) & ” -u admin -p ” & Chr(34) & admin_password & Chr(34) & ” -f ” & Chr(34) & “t:\” & site_name & “_” & CStr(Year(Now)) & CStr(Month(Now)) & CStr(Day(Now)) & “_” & owner & Chr(34) & ” -r”
wscript.echo Trim(arrsitelist(0))
site_backup = site_backup & site_name & vbnewline
wscript.echo “Command is:” & cmd
return = wShshell.Run(cmd, 1 , True)
ctr = ctr + 1
End If
End If
Loop
Posted in GAT Development by .
Apr 12
10
GAT4.0
This tool is a powerful upgrade to GAT, enhanced and extended based on the feedback of our users, it now offers far deeper and more powerful reports. It offers a wider range of search criteria, involving searches based on names, groups, organizations, domains and across date ranges. The Documents Audit and the Sites Audit have been greatly enriched with far more search options and history based on the audit material being securely stored. The tool itself has had a major performance improvement with many of the algorithms being fine tuned. Once the database is built audit refreshes are the fastest out there and searches and variations of searches happen instantly.
‘What’s Hot’ has been replaced by giving you the ability to create any type of ‘Whats Hot’ report for both Sites and Documents
The scheduler has been extended with extra reports.
Security: Fully HTTPS encrypted sessions. Reports are generated and stored in an encrypted file. Each domain database has a unique key. This key is never stored on our domain, but only ever stored in a special key file in your account on your domain. (This means should our severs ever be hacked there are no local keys on the server). It also means that you can tell when our tool is used, because the key file will have been accessed.
If you delete this key, we lose all access to the metadata and scans have to start again from fresh if the tool is used again. One reason we make sure we never have your key is to give ourselves legal protection, even if asked by a court to open meta-data we can honestly reply we are not in a position to do so. In addition if you revoke authorisation for our tool, then the key file can not be accessed and it becomes technically impossible to see your domain meta-data
All servers are based on Amazon Cloud Services and protected by Amazon.
Mar 12
29
Constant Innovation
The General Audit Tool for Google Apps has evolved through several versions over the last 2 years. We are constantly developing the tool to meet your needs and create new ways for you to look at your information. We have thousands of domains and millions of users including the very biggest Google Apps domains.
Our current version is GAT 4.0. It greatly extends audits and reports and we have completed a lot of background work to make it the deepest and fastest auditing tool in the marketplace. In fact with this release, no other audit tool comes close to delivering you so much information and delivering it with such speed.
We are an engineering company, so for now marketing will remain down the list of our priorities.
Features Include
Deeper audits than any other tool. Reader History. Checking revision history of docs. Generating PDF reports for Auditors
Compliance, for HIPAA
Sabanes Oxley, FERPA, and PCI DSS
Security
No data retention between sessions. Fully HTTPS encrypted sessions. Reports are generated from scratch each time you login, ensuring the accuracy of the data
