Is Google Drive Secure? How To Protect Your Files
Is Google Drive Secure? – Cloud storage services are popular and here to stay. A lot of users and businesses have gotten comfortable using them. Many internet companies offer free and premium cloud storage services. Google Drive is one of them. It’s a cloud-based file storage and synchronization service developed by Google in 2012.
Google Drive is quickly becoming the most popular storage service around. And with more than a billion users and over 2 trillion files saved, it needs to be secure.
But Google users have been victims of hacks before – in 2014, approximately 5 million Gmail usernames and passwords were stolen and leaked online.
Why would a for-profit company like Google want to give 15GB of free cloud storage to its approximately 2 billion users? Is it just an act of generosity, or do they have something to gain in return that we don’t know about? This is where the question of trust comes to play. Cloud services are based on trust, and reputation is a big part of it. Can we trust large corporations such as Google with our data?
COPYRIGHT_NOVA: Published on https://www.novabach.com/is-google-drive-secure/ by Daniel Barrett on 2022-05-21T16:14:35.000Z
For most users, the benefits of cloud storage solutions such as Google Drive far outweigh the risks. Notwithstanding, there are inherent privacy issues. Firstly, you risk the provider spying on and monetizing your content. Google has, over the years, perfected the art of surveillance capitalism—where your data is mined and sold to advertisers, which is then used to manipulate or influence your buying behavior.
Secondly, you accept the risk of the provider denying you access to your data for any reason. Moving your data into Google Drive means that Google is ultimately controlling that data. Most users aren’t bothered as long as Google does a good job, but the story is different if they don’t. That means you want to make sure you truly own your data in Google Drive and be able to download it at any time. You want assurances that your data will not disappear if the cloud provider discontinues your service. Finally, you want guarantees that your data will not fall into the hands of third parties—government, advertisers, or hackers.
Thirdly, Google Drive sharing capabilities can lead to undesirable security and privacy issues if your files are unintentionally shared inappropriately. Besides, your browsing activities and the sites you visit (including your Google Drive file URL) can be easily logged by your browser, third-party trackers, or your ISP (in some countries). Therefore, knowing how to leverage file visibility or sharing settings correctly is key to protecting your digital assets.
Regardless of previous hacks, the risk of using Google Drive is low. This is because Google uses the strong 256-bit Advanced Encryption Standard (AES) encryption on all its Google Drive servers (except a small number of storage devices prior to 2015 – those use AES128 encryption instead).
Likewise, when the data is in transit between users and Google Drive servers, Google uses the Transport Layer Security (TLS) protocol to protect the data and prevent interception.
In short: your data is largely secure.
Some security experts don’t love that Google keeps encryption keys for all the files on Google Drive. Encryption keys are tools that let Google (or whoever has the keys) decrypt files, bypassing all their security.
“Because they are in control of these encryption keys, it can lead to vulnerabilities for its users,” said Kristen Bolig, founder at SecurityNerd. “They have the power to decrypt files which can make them easier for hackers.”
This is in contrast to apps like Signal, where not even the company that runs the app can access your data.
Moreover, Google is subject to governments and law enforcement. “If your files are subpoenaed, depending on what Google decides, it might not take a security breach to forfeit your privacy,” said Monica Eaton-Cardone, chief operating officer of Chargebacks911.
And as is often the case with cloud services, the most significant risks aren’t related to the encrypted infrastructure. Still, the user and Google Drive have a number of user-related vulnerabilities.
Google Drive lacks cohesive organizational permissions, for example. Nick Santora, CEO of Curricula, said, “The way Dropbox uses folders allows us to segment data by department and only give employees in that department access to those folders. Google makes this extremely difficult to do. Everything you do is a one-off. In addition, the permissions system is ad hoc, which leads to mistakes.”
Google no doubt has put in a lot of effort towards securing your files in Google Drive. However, if you still have concerns about the security and privacy of your files, there are additional steps you can take to improve them.
Firstly, organize your files in folders and store all your shared documents in a designated folder. This enables you to have better oversight and control of all the items you’ve shared with others. A good security practice for Google Drive sharing is to periodically review the documents you’ve shared with other people and unshare old documents and folders or revoke access for users who are no longer on your projects or teams.
If you share a computer, sign out of your Google account when you’re done. It’s also recommended you don’t install Backup & Sync or Drive File Stream on a shared or public computer. Otherwise, anyone who uses the computer could access your files. Avoid using public Wi-Fi to access your Google Drive, or use a reliable VPN if you must.
Secondly, Consider encrypting your data before transmitting them to Google Drive. This is called client-side encryption. Client-side encryption ensures that files stored in Google Drive can only be viewed on the client-side of the exchange and eliminates the potential for your data to be viewed by your service provider or third parties that demand access. With client-side encryption, only you can unlock your cloud data. Data that you encrypt on the client-side arrives at Google Drive in an encrypted state, and Google has zero knowledge of the keys you used to encrypt the data. This further protects the confidentiality of your data by rendering it unreadable to anyone that gains access to it. There are many free and premium third-party client-side encryption tools such as encrypted Cloud, Cryptomator, Encrypto, or Boxcryptor that can plug directly into your Google Drive account and encrypt your files.
Finally, Google Drive security protects your Google account from unauthorized access and ensures that your sharing settings are correct. If you’re a high-risk user such as a journalist or activist, consider enrolling in Google’s Advanced Protection Program, which uses security keys and locking mechanisms to provide a higher level of security. If Google Drive doesn’t meet your security and regulatory requirements, you may consider other Google Drive alternatives—especially those that support client-side encryption or take up private offline storage.