Netskope Global Technical Success (GTS)

A Detailed Overview: Understanding ChatGPT’s Integration with Google Drive and Microsoft OneDrive

Netskope Cloud Version - 121

Objective

In-Depth Analysis of ChatGPT’s Integration with Google Drive and Microsoft OneDrive (work and Personal)

Prerequisite

Netskope Inline CASB and SWG license is required

Details

• Netskope identifies ChatGPT as a cloud application within the "Generative AI" web category. Additionally, Netskope offers a pre-configured Cloud App Connector for ChatGPT, which provides the following controls:

• With the current product design, Netskope enables Data Loss Prevention (DLP) controls for the following activities: Download, Upload, Edit, and Post.
• In May 2024, ChatGPT introduced a new feature allowing integration with both Google Drive and Microsoft OneDrive (for work and personal accounts). This feature is available to ChatGPT Plus, Team, and Enterprise users.

Following the release of this feature, some security concerns have emerged. Key points include:

1. End users can integrate their corporate Google Drive and Microsoft O365 OneDrive accounts with ChatGPT.
2. This integration operates via an API, granting ChatGPT access to corporate instances of Google Drive and Microsoft O365 OneDrive.
3. With the current design of the Netskope product, if an end user uploads a file directly from their device, the activity "Upload" is detected. However, with this new integration, if an end user uploads a file from Google Drive or Microsoft O365 OneDrive, the activity "Attach" will be detected instead.

4. DLP (Data Loss Prevention) controls are not available for the "Attach" activity, creating a potential gray area for customers who have categorized ChatGPT as an unsanctioned cloud application. This limitation may expose risks, as files uploaded through integrated services like Google Drive or Microsoft O365 OneDrive are not subject to the same level of monitoring and protection as those uploaded directly from a user’s device.

From this point, the conversation can take two directions:

1. Create a Real-Time Protection Policy to Block the "Attach" Activity

Verification

Note - User Notification format used above Link

2. Prevent Users from Integrating Google Drive or Microsoft O365 OneDrive with ChatGPT

This solution appears more promising. To move forward, let's first understand the workflow. Following that, I will outline the necessary real-time policies to regulate the integration between Google Drive or Microsoft O365 OneDrive and ChatGPT in the next section, Configuration.

For testing, I am logged in using my Google Gmail account.

Test 1 - Google Drive

Connect to Google Drive

Traffic is being redirected to account.google.com, so we need to take appropriate action for this transaction effectively.

Test 2 - Microsoft O365 OneDrive

Connect to Microsoft OneDrive (work/school)

Traffic is being redirected to login.microsoftonline.com, so we need to take appropriate action for this transaction effectively.

Configuration

Solution for Test 1 - Google Drive

• Create a custom URL category 

Path: Netskope Tenant UI >>> Policies >>> Profile - - - URL List

Path: Netskope Tenant UI >>> Policies >>> Profile - - - Custom Categories

• Real-time protection policy

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy

• Verification

a. Try to integrate Google Drive with ChatGPT

b. Result

Note - User Notification format used above Link

Solution for Test 2 - Microsoft O365 OneDrive

• Create a custom URL category 

Path: Netskope Tenant UI >>> Policies >>> Profile - - - URL List

Path: Netskope Tenant UI >>> Policies >>> Profile - - - Custom Categories

• Real-time protection policy

Path: Netskope Tenant UI >>> Policies >>> Real-time Protection >>> New Policy

• Verification

a. Try to integrate Microsoft O365 with ChatGPT

b. Result

Note - User Notification format used above Link

Author Notes

• It is important to note that users do not need to log in with corporate credentials to integrate personal accounts with corporate resources such as Google Drive or Microsoft OneDrive. This underscores the need for robust governance to prevent the misuse of corporate data.
• Visibility is the foundation of cybersecurity. The more you understand your network traffic, the better you can secure internet access for your end-users.
• With Netskope, organizations can apply granular controls over applications like ChatGPT:

1. Block ChatGPT completely if necessary.
2. Restrict access to ChatGPT using corporate credentials if it is an unsanctioned application.
3. Only allow ChatGPT login with corporate credentials if it is a sanctioned application.
4. Allow interactions with ChatGPT, such as posting messages, while blocking activities like uploads and downloads.
5. Apply DLP policies for activities such as download, upload, edit, and post to ensure data security.
6. Customize controls to align with organizational policies and mitigate emerging risks.

• Netskope enables organizations to maintain visibility and control while ensuring secure and compliant usage of AI-driven tools like ChatGPT.

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, If any such platform changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.