Mythbusters: Is Google Drive Secure?May 20, 2021
Google Drive is well-known for being both a collaborative and convenient workspace. Used by over one billion users, it has revolutionised the way we work on a daily basis.
Yet, as with everything that is accessible online, it begs the question: is Google Drive secure? This week, Fintan Murphy busts some of the biggest misconceptions about the popular cloud-based storage solution.
So, is Google Drive Safe?
Now that many more businesses are utilising Google Workspace, this raises more questions around Google Drive’s security. In short: the answer is yes, Google Drive is very safe. But let’s go through some of the myths that we often hear about Google Drive, and uncover whether they are true or false.
Myth #1: The Cloud is Not Secure
The idea that your data is less secure in the cloud compared to an at-home server is not as much of a concern as it used to be. This is because people have now become more familiar with the cloud for both business and personal data storing. You now have companies of all sizes and types, including government agencies, using cloud-based solutions like Google to store their data.
Nowadays, the security vulnerabilities that we see (such as ransomware attacks) very often happen on traditional servers that become compromised. Whereas the cloud-based solutions are automatically kept up-to-date and protected from these risks.
Google itself has almost 1,000 security engineers that are solely focused on keeping data safe and removing possible threats. This means it would be extremely difficult for even a large organisation to rival this level of security. Therefore, Google Drive is one of the safest options for your data.
Essentially, with Google, you are outsourcing the security of your data. This is the exact same way you outsource the security of your money to a bank.
Additionally, Google encrypts your data within Google Drive both at-rest and in-transit. This ensures that your information remains secure when it is moving between your computer and Google Drive.
Myth #2: Google Employees Have Access to My Data
Another common myth is that Google employees can read emails, documents and data to enable advertising.
Google’s own statement on this is: “The data that companies, schools, and government agencies put into Google Workspace does not belong to Google. Whether it’s corporate intellectual property, personal information, or a homework assignment - Google does not own that data and Google does not sell that data to third parties.”
Google leads with a security-first mindset, and is fully compliant with ISO, SOC, PCI, GDPR, HIPPA and the EU Model Contract Clause. It even has its own Access Transparency Report for customers on Enterprise plans. This is very valuable for large enterprise-level businesses that require this transparency of access.
Myth #3: Someone Can Easily Hack into My Google Account
This myth is both true and false, the answer is it's up to YOU! Google gives you the information and tools you need to ensure the highest level of security for your Google Drive account. However it is up to you to put these security controls in place to keep your accounts secure. Below we go through 5 ways to make your Google Drive secure.
5 Ways to Make Your Google Drive Secure
Here are the steps we highly recommend you take in order to make sure your data is protected. These include:
1. Ensure You Have a Secure Password
Make sure you have a really strong password that is different to what you use for other accounts such as Facebook. If one of those accounts becomes compromised, then someone will more than likely gain access to your Google Drive too.
2. Set Up Two-Factor Authentication (2FA)
Basically, two-factor authentication (2FA) requires two pieces of information to verify your identity. This happens before you are given access to your account. 2FA provides that second level of security where you login with your password, but are then prompted to complete a second stage of authentication.
You have maybe done this before by getting a text message to your phone, or you may have a security fob for accessing your online banking. For Google, we would recommend you use the Google’s Authenticator app or security prompt on your mobile device.
We also recommend a security key which is a physical key that you have to connect to your device to verify who you are. However, we wouldn’t recommend using your mobile device as that can be compromised more easily now.
Additionally, Google offers pin code sharing in Google Drive, which acts as another form of 2FA. It allows you to securely share files or folders with someone who doesn’t have a Google account. Once you send them an invite, they can verify using their email address.
3. Share Wisely
While Google Drive makes it easy to share your information with others, you must consider who you share your files with.
For example, you might inadvertently share a file via a link and make it available online. Or, you may share it with a group of people or a person that you didn’t intend to. Always ensure your Google Drive is organised, and that you are sharing it with the right people.
If you are a business, we would highly recommend that you use Google Shared Drives. It is the most secure way to share and control files as people join and leave your organisation, whether they be staff or clients.
We’ve also got great tips for organising your files in Google Drive to ensure they are secure and easily accessible for you.
4. Device Security
People can go through a huge amount of effort to secure their cloud-based accounts. Yet, if you leave your Google account active on an unsecured device, this can cause huge security risks. For example, if your device is unattended or lost, then you are potentially giving away access to that data if the phone or laptop does not have a strong password and encryption on it.
You can strengthen your device security by making it possible to remotely wipe your phone or laptop if it is lost. Or, if you have a strong password, this will make it harder to access the content on the device. On your laptop or phone, ensure you encrypt the data so if someone does attempt to compromise the device, the data is encrypted. This way, the thief will need a specific decryption key or password to access your device data.
5. Use Google Admin Tools
For Google Workspace Administrators, there are a huge amount of tools for Google that provide an additional layer of security, including:
- Google Workspace Security Centre which provides advanced security analytics, visibility and control regarding security issues that affect your domain.
- Endpoint management for devices which allows you to make your business’s data more secure across your users' devices including mobiles, desktops, laptops, and other endpoints.
- Context Aware Access which gives you control over the apps a user can access based on attributes like user identity, location, device security status, and IP address.
- Data Loss Prevention which enables you to implement workflows and security policies to stop data being lost outside of the business.
- Drive sync restrictions which stops end users from syncing data onto their own devices.
- Google Vault eDiscovery which lets you retain, hold, search, and export users’ Google Workspace data.
No matter what cloud-based solution you use, we always advise that you backup your data regularly. By doing this, you avoid any type of hacker attempt. This is especially important with the recent ransomware incidents reported on the news.
One backup solution that we highly recommend is AFI, which is a fully-automated cloud solution that requires minimal supervision, no maintenance and is immune to malware/disasters compared to other solutions.
To bust the myth: is Google Drive secure? It is very safe, but can be made even more secure by using the right tools to keep your business’s data protected.
For more advice, check out our blog on how you can setup a secure Shared Drive.
As a longstanding member of the Google Cloud Partner Program, Damson Cloud specialises in bringing people and ideas together through new ways of working. We champion change management and digital transformation using some of the internet’s most trusted solutions, including Google Workspace, Happeo and Jamboard. To find out more about our services, check out our library of tutorial videos or our blog.