Google Drive offers easy-to-use file sharing and storage, but it lies beyond ITs direct control and raises corporate data security concerns.
Because it's primarily a consumer service, there aren't many Google Drive security controls that IT can take advantage of, especially if employees use Google Drive on their personal mobile devices. IT can exert some control over Google Drive on managed devices or in Google Apps environments, and although these controls aren't very granular, they're better than nothing.
Understanding Google Drive security
Google Drive is a
Google Drive uses Secure Sockets Layer/Transport Layer Security-encrypted sessions to protect files as they're uploaded or downloaded, and Google's cloud servers have passed SSAE 16 and ISAE 3402 audits. Google, however, does not store files in an encrypted format (unless the user has encrypted them prior to upload).
How users can improve security in Google Drive
As with any file-sharing service, responsibility for Google Drive security starts with the end user. Users must safeguard their Google account usernames and passwords, and for extra protection against password theft, take advantage of Google's two-factor authentication option.
More on Google Drive security
Learn more about Google's cloud storage and file-sharing service
Headaches ahead for IT with Google Drive's cloud storage?
A rival for iCloud: Google launches cloud storage service Drive
Additional precautions may be necessary when accessing Google Drive from an untrusted or shared device. Users should never allow a browser to save their Google account passwords, and they should log out of Google Drive when finished with a session.
Encourage users to exercise common sense when using Google Drive to share folders and files with others. Users shouldn't make Google Drive contents public unless that is really what they intend. It's also important to choose an appropriate access level, limit the users who are allowed to view, update and download sensitive files, and be aware of access rule inheritance when placing a file in an existing shared folder.
How IT can address Google Drive security
An administrator's ability to control Google Drive depends on how employees use the service.
If workers use Google Drive with personal Google accounts outside the enterprise network or from a personal device, IT has no visibility into this behavior or ability to control it. If employees use Google Drive on the enterprise network or from an IT-managed device, IT can detect and selectively permit or deny the activity.
For example, IT can use a firewall to block Google Drive traffic for some or all users. Google offers a complete list of the destinations and ports that Google Drive uses. Blacklisting software can detect the presence of Google Drive apps installed on managed devices, although they cannot stop users from accessing the service through Web browsers.
If employees use Google Drive with a Google Apps for Business account, IT can exert more direct control. Google also has a detailed FAQ for administrators that outlines the Google Apps settings IT can use to curtail or block Google Drive use in the enterprise:
- IT can disable Google Drive and Docs services.
- IT can prevent users from installing Google Drive for Mac/PC.
- IT can prevent users from viewing Google Drive files in Web browsers.
Ultimately, companies may prefer to start with Google Drive traffic monitoring, getting a handle on how employees use this cloud storage service (if at all). Monitoring and understanding Google Drive use can help IT assess business needs and risks before applying any measures that restrict or block Google Drive use in the workplace.
This was first published in November 2012