In this article
- What is Google Drive?
- Why do you need to secure your Google Drive?
- How Google Drive security is compromised?
- 3 ways to guarantee security for your Google Drive
- Conclusion
Blog Articles
Article at a glance
Configuring a Google Apps domain with default settings can expose organizations to significant security risks.
Failing to configure Organizational Units limits control over app access and mobile device management, increasing the risk of unauthorized access.
Not enabling Multi-Factor Authentication (MFA) leaves accounts vulnerable to breaches, especially for high-level users like managers.
Allowing offline Drive access without restrictions exposes data to theft from lost or stolen devices, increasing the chance of data breaches.
What is the solution?
SysCloud provides automated tools to configure organizational units, enforce MFA, and control Drive access, ensuring a secure and compliant Google Apps domain while reducing the risk of data breaches.
What is Google Drive?
Google Drive is used by millions of organizations worldwide. It is a online cloud based document collaboration and storage service. It is used by consumers and businesses worldwide. It is a very secure service with high availability.
Why do you need to secure your Google Drive?
The year 2017 has again showed us that even the best organizations with large IT teams could not protect against data breaches. Examples include :
- Google Drive Docs Phishing Attack : In May 2017, millions were attacked by an email asking users to “edit a Google drive document“ which, when clicked, took users to a Google drive app install page. Once installed the application gave the third party full access to the Google Drive contents.
- Equifax Breach: Attackers exploited a website vulnerability and stole 143 million records which included personnel information including social security numbers, credit card information, addresses.
- River City Media : email marketing firm data breach compromised 1.34 billion records.
- Hyatt Hotels Breach : 41 locations in 11 countries were affected with an attack compromising credit and debit cards.
The list of attacks is quite long and well covered in the media. Let me get straight to the point. Let’s just say that you have the best IT staff with security experts smarter than the world’s best hackers. Also, you have employed the best security hardware and software to protect your organization. Every time you read about an attack on another well–known brand and you still feel fear. Fear is natural, of course.
How Google Drive security is compromised?
Google encrypts static drive data and only authorized users can see it when they login to their Google account. However, your Google drive data, including documents and sheets with sensitive information (example financial , customer, sales or intellectual property) can be compromised in various ways including:
1. When a user installs a third party Google drive application (for example a drawing app or a game). This application gain access to the user Google drive contents. Your Google Drive security is now compromised.
2. When a user’s Google G suite account login credentials are compromised and are used by external attackers. Attackers may then encrypt your Google Drive documents and demand a ransom.
3. If a user within your organization accidentally or deliberately shares Google Drive data containing sensitive information.
4. When an authorized employee needs to share (drive files with sensitive data to an external organization (for example your accountant) but has no way to encrypt the Google Drive documents.
5. Successful phishing attacks including spear phishing may cause your users to send sensitive Google Drive documents links to attackers.
Google guarantees safety of your data but will not take responsibility for user error such as the examples listed above. Drive security is a shared responsibility between you as the customer, the customer and Google.
Is there a solution to absolutely making sure a data breach by an insider or outsider does not cause damage? I will give you the solution as it applies to Google G Suite Drive and Team Drive.
3 ways to guarantee security for your Google Drive
The solution consists of 3 parts, each of which can be independently implemented as G suite security checklist items by administrators:
Part 1: Google Drive encryption
Encrypt Google Drive files – at least the sensitive ones. Even in the worst case scenario, a data breach would result in attackers laying their hands on encrypted drive documents without the keys to open it; which amounts to meaningless data in the hands of attackers. The solution you deploy must encrypt Google drive including:
- Automatically encrypt files when they are not being edited.
- The solution must allow automatic Google drive folder level encryption allowing Google drive for teams within organizations to share and collaborate with password protected files.
- Protect files where ever they travel outside your organization. The solution must allow third party organizations outside your domain to open your files for legitimate use if you have shared the key/password with them.
- The solution must allow G suite administrators to reset keys and create policies to auto-encrypt sensitive information. This gives control if any employees leaves or new ones join.
Part 2: Google Drive backup
Backup your data in a different destination from a cloud-to-cloud backup vendor. With a separate backup copy, even if an attacker or insider completely destroys your data, you can restore it back. Backup is the ultimate insurance policy.
Part 3 : Google Drive apps firewall
Install a firewall app for your organization’ Google drive. This allows users to install white listed safe apps while automatically blocking access to suspicious unauthorized apps.
Conclusion
That’s it! Your Google Drive Security is assured. Encrypting your sensitive data protects you from insider accidental shares and external threats. Backup gives you an encrypted second copy of your data stored safely by backup vendor. Apps firewall ring fences your drive. This 1 – 2 – 3 punch is a great strategy heading into the holidays with a relaxed mind. SysCloud is a one stop solution for anyone looking to implement all 3 parts with ease with a single application.