Create, Build, Engineer

Risk assess your organisation’s Google Apps

Risk assess your organisation’s Google Apps

So lucky you, someone (maybe you) has realised third parties at your organisation are an important consideration for information security. Maybe you were one of those happy organisations that were even doing this sort of risk assessment BEFORE GDPR? Maybe you thought you were fine on 3rd party assessments, until someone finally had the “but what about our web apps!!!” nightmare. Either way you find yourself investigation how to risk assess your G Suite connected apps. Turns out, there’s a script for that!

As a starting point allow me to direct you to

https://github.com/slackhq/gsuite-oauth-third-party-app-report/blob/master/third-party-app-report.gs

which walks you thorough how to generate the necessary GAM report of all OAuth (yes, just OAuth) Gsuite connected apps in use in your organisation and how to generate a risk report from than data.

Most small/mid size organisations will probably have few enough results that this script (run from inside google sheets) will probably run for you without crashing. If that’s the case, you can stop reading here. You have your report. Off you go and enjoy a drink, smug in the knowledge that you have a manageable number of apps to deal with. Go.. I can’t look at you on my live google analytics Real-Time feed anymore.

My variation is for the case where your organisation has so many users (with so many apps) **shudder** that running the script from within Google just crashes/times out.

Where GAM returns too many records for the third-party-app-report.gs to be able to process via the Google Sheets App script editor I’ve munged together a quick and dirty PHP command line script to produce a similar report.

https://bitbucket.org/SinOB/gsuite3rdparty/src/master/

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.