Get a Handle on OneDrive Data Leakage with CoreView
Office 365 provides users with a powerful collaboration platform for sharing content and information. With that power comes the risk of someone in your organization intentionally or unintentionally sharing OneDrive content anonymously, creating a risk of unauthorized data access.
In this blog, we’ll review how you can leverage CoreView’s powerful auditing features to both identify anonymously shared OneDrive content and how to drill into and identify who has accessed the content.
HOW TO IDENTIFY ANONYMOUS ONEDRIVE INVITATIONS
CoreView offers you several different ways to identify anonymously shared OneDrive content. In this blog, we’ll look at one such method.
- Log into your organization’s CoreView portal (https://portal.4ward365.com).
- From the CoreView landing page, click on the Audit tab, as in the example below
- From the Audit tab, navigate over to the left side navigation menu, and locate the topic titled OneDrive Reports.
- From this selection, you then want to select the report titled Audit Events, as in the example below.
At this point, you will see a report of OneDrive activity. A sample of this view can be seen below.
Sample OneDrive Audit Report view.
You can quickly and easily identify anonymous access to OneDrive content by performing the following steps.
- Change the filter for the Operation column to AnonymousLinkUsed. This will reduce the scope of the report to only where the link to OneDrive content was used.
- Next, you can examine the data found in the ClientIp column to look for suspect IP addresses. Internet domain tools, such as ARIN, can help you narrow down on IP ownership.
- As needed, you can add or remove columns by clicking on the Columns button to adjust the report’s content.
By clicking on the “hamburg” icon to the right of the Columns button, you will have the option to Save, Schedule, Print or Export the report’s content.
SOME FINAL THOUGHTS
CoreView’s Audit capabilities are extremely powerful and would be of interest to an organization’s Chief Security Officer, Chief Compliance Office, Data Loss Prevention Specialist or other individuals in your organization who are responsible for content management or content security.
If you are interested in finding out more about our CoreView solution and how you can leverage its powerful reporting and analytics features for your organization, please visit us at https://www.coreview.com, or sign-up for a free demo at https://www.coreview.com/request-a-demo/.