ThreatMate Google Workspace Integration
ThreatMate's Google Workspace integration is used to provide cloud security analysis of customer's accounts. Using this analysis ThreatMate provides recommendations for improving user's security. The analysis includes:
- User account security. This includes flagging users with no 2FA enabled, super admin users, deleted and suspended users, last user login and account creation time.
- Failed logins. This includes providing the count of failed logins grouped by day for each user.
- Authorized SaaS applications. This includes a list of all authorized SaaS applications that have access to user data.
- Externally shared documents. This includes all externally shared documents for the user.
ThreatMate stores this data in order to provide the analysis offline and send alerts. The acquired user access token is encrypted using envelop encryption where the master encryption key is provided by Google Cloud KMS.