Google Drive security: What IT can and can't do

Google Drive offers easy-to-use file sharing and storage, but it lies beyond ITs direct control and raises corporate data security concerns.

Because it's primarily a consumer service, there aren't many Google Drive security controls that IT can take advantage of, especially if employees use Google Drive on their personal mobile devices. IT can exert some control over Google Drive on managed devices or in Google Apps environments, and although these controls aren't very granular, they're better than nothing.

Understanding Google Drive security

Google Drive is a

    Requires Free Membership to View

free cloud storage service that lets any user with a Google account upload files -- documents, photos and videos -- to the cloud. Any user with the necessary credentials or permissions can access uploaded files from any location. Users may configure folders and files uploaded to Google Drive as private (available to no one) or public (available to everyone), or they may choose to share them with a specific list of users.

Google Drive uses Secure Sockets Layer/Transport Layer Security-encrypted sessions to protect files as they're uploaded or downloaded, and Google's cloud servers have passed SSAE 16 and ISAE 3402 audits. Google, however, does not store files in an encrypted format (unless the user has encrypted them prior to upload).

How users can improve security in Google Drive

As with any file-sharing service, responsibility for Google Drive security starts with the end user. Users must safeguard their Google account usernames and passwords, and for extra protection against password theft, take advantage of Google's two-factor authentication option.

More on Google Drive security

Learn more about Google's cloud storage and file-sharing service

Headaches ahead for IT with Google Drive's cloud storage?

A rival for iCloud: Google launches cloud storage service Drive 

Additional precautions may be necessary when accessing Google Drive from an untrusted or shared device. Users should never allow a browser to save their Google account passwords, and they should log out of Google Drive when finished with a session.

Encourage users to exercise common sense when using Google Drive to share folders and files with others. Users shouldn't make Google Drive contents public unless that is really what they intend. It's also important to choose an appropriate access level, limit the users who are allowed to view, update and download sensitive files, and be aware of access rule inheritance when placing a file in an existing shared folder.

How IT can address Google Drive security

An administrator's ability to control Google Drive depends on how employees use the service.

If workers use Google Drive with personal Google accounts outside the enterprise network or from a personal device, IT has no visibility into this behavior or ability to control it. If employees use Google Drive on the enterprise network or from an IT-managed device, IT can detect and selectively permit or deny the activity.

For example, IT can use a firewall to block Google Drive traffic for some or all users. Google offers a complete list of the destinations and ports that Google Drive uses. Blacklisting software can detect the presence of Google Drive apps installed on managed devices, although they cannot stop users from accessing the service through Web browsers.

If employees use Google Drive with a Google Apps for Business account, IT can exert more direct control. Google also has a detailed FAQ for administrators that outlines the Google Apps settings IT can use to curtail or block Google Drive use in the enterprise:

  1. IT can disable Google Drive and Docs services.
  2. IT can prevent users from installing Google Drive for Mac/PC.
  3. IT can prevent users from viewing Google Drive files in Web browsers.

Ultimately, companies may prefer to start with Google Drive traffic monitoring, getting a handle on how employees use this cloud storage service (if at all). Monitoring and understanding Google Drive use can help IT assess business needs and risks before applying any measures that restrict or block Google Drive use in the workplace.

This was first published in November 2012

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.