In a few years almost all of us have become accustomed to the benefits of the cloud, without realizing that every day we use a technological milestone which was science fiction until not so long ago. You drag a file to your personal space and forget, thinking that security is more than guaranteed. After all, we are talking about the great Google, right?
The reality is a bit more complicated, especially if we use Google Drive to store sensitive information from a personal or professional point of view. Google Drive, like other similar services, allows you to save your data in the cloud. But where is that cloud?. Neither you nor I can know, the data is stored on thousands of servers around the world.
Thus, from the moment you upload something to your cloud, data security does not depend on you, but on the company that provides the service. Google is a leader in cloud technology, invests billions of euros in security and infrastructure and has an unbeatable technical team, so it is obvious that the benefits outweigh the risks, but nonetheless, We must not fall into the temptation of thinking that it is invulnerable.
Google, precisely because of its size and the enormous amount of data it hosts, is a priority target for hackers and cybercriminals. Obviously a frontal attack would not make much sense, but with millions of users using it with their Google account it is a very interesting temptation for browser-side intrusions, extensions or spyware.
The web is full of comments with phishing, fake sites that imitate Google Drive or attractive movie or ebook downloads that hide malware under the apparent security of Google storage.
Another important variable enters here: the Privacy. The history of what Google does with the data we store in Drive has been changing over time and with the pressure of users and regulations. The current terms make it clear that personal information is not shared without users’ consent, but at the same time warns that they scan all your files and may delete anything that violates their policies. Be careful, we are not talking here only about illegal content, but about that which a third party (in this case Google) considers “inappropriate”.
In its terms and conditions, Google indicates that «we may review content to determine if it is legal or violates our Program Policiesand we may remove it or refuse to post it if we reasonably believe it violates our policies or the law.”.
How is this “content review” done? According to Google, an automated system scans and detects suspicious files, which are then reviewed by human experts. Once valued, it is taken to leave them where they are, restrict access to third parties, eliminate them, expel the user from all Google services or inform the authorities.
Finally, it should be remembered that Google in Europe submits to the legislation of the European Union in terms of privacy and data protection, with all that this implies personally but even more professionally. At this point I recommend you consult information about the GDPR and the storage of professional files in the cloud.
How Google Drive protects your files
Google Drive uses encryption 256-bit SSL/TSL for files in transit and encryption keys 128-bit AES for files in rhusband. Simplifying, Google uses the highest security when you upload, download or navigate between the files you have stored in Drive. When you don’t touch them, they’re kept with 128-bit encryption.
It should be noted that data is never 100% secure, not on Drive, much less on your PC or on the old flash drive you use for important documents. However, it is when we “move” the data via the Internet that the risks skyrocket, hence the importance of maintaining the highest level of encryption possible.
If a hacker could access your network and intercept the data you send or receive from Google Drive the level of encryption would make it very difficult to access them. Also, Google sends the files in layers or chunks, so there’s no use getting just one. Every time we update a file, a fragment is updated, a new AES key is created and the old one is discarded, increasing security at all stages of the process.
So far, we have talked about server side security. Google has the keys to the box where you keep your files. This is where we must reflect on the importance of the data we store and what can we do on our side to further enhance your security, regardless of the decisions made by Google.
Eight steps to improve Google Drive security
1.- Make a Security review. Click on this link (you will need to enter your Google details), review the recommendations and make any necessary changes.
2.- Activate the two-factor authentication. This will prevent a hacker from accessing your account even if they are able to steal your password. If you want maximum security, it is better to opt for a physical key system than for SMS.
3.- Add recovery options to your account. Try to make your recovery email unique and you have not used it to register on other web sites. And, of course, be extremely careful with the messages or notices that reach you on the phone you have selected.
4.- Check any app that has access to your Google products (note, not just Google Drive) and deactivate the ones you don’t need or those that don’t provide you with the right level of security. Sometimes, convenience is worth paying for more security.
5.- A basic recommendation that is not only useful for Drive. Never, ever use the same password for multiple sensitive services. Managers like LastPass, Keepass or Bitwarden (this is my favorite) can help you generate strong and secure passwords.
6.- Your mobile devices they are a dangerous entry point. Always activate the screen lock on mobile phones, tablets or laptops and be especially careful when using them with public WiFi.
7.- If you are going to upload sensitive documents, the best option is that encrypt them before uploading them to the cloud. Thus, even in case of intrusion they could not access them. There are many alternatives, but I recommend Boxcryptor, Cryptomator or Drive itself, if you have a corporate account and that option is enabled. The analogy of carrying out this process is to keep a safe to which we have the key inside another, which we trust.
8.- Have a plan B for your most valuable data. another cloud. An external disk in another physical space. A NAS. Whatever you prefer, but don’t give the keys to your entire digital life to one company.
In short, the security level of Google Drive is very high (and similar to that of other alternatives from Amazon, Microsoft or Apple, for example) but we must not fall into the trap of “false security”. There is no invulnerable service and handing over our data to a third party is not without risk.
In addition, you should be aware that Google scans your files, collects data about them and may delete them or inform the authorities if necessary. The alternative is to take sides and follow the recommendations that we indicate to you, including the encryption of those data that you consider that nobody should ever see.