Is Google Drive secure? How Google uses encryption to protect your files and documents, and the risks that remain

·4 min read
Google Drive app on smartphone
Overall, Google Drive is fairly secure, but unlike some end-to-end encrypted apps, it has vulnerabilities. SOPA Images / Contributor/Getty Images
  • Google Drive is generally very secure, as Google encrypts your files while they're being transferred and stored.

  • However, Google can undo the encryption with encryption keys, meaning that your files can theoretically be accessed by hackers or government offices.

  • You can make Google Drive more secure by using two-factor authentication and being careful when giving other apps permission to use your Drive.

  • Visit Insider's Tech Reference library for more stories.

Google Drive is quickly becoming the most popular storage service around. And with more than a billion users and over 2 trillion files saved, it needs to be secure.

But Google users have been victim to hacks before - in 2014, approximately 5 million Gmail usernames and passwords were stolen and leaked online.

So if you use Google Drive, you might be wondering how secure your files really are.

How Google Drive secures your files and data

Regardless of previous hacks, the risk of using Google Drive is low. Google uses the strong 256-bit Advanced Encryption Standard (AES) encryption on all its Google Drive servers (with the exception of a small number of storage devices that date prior to 2015 - those use AES128 encryption instead).

Likewise, when the data is in transit between users and Google Drive servers, Google uses the Transport Layer Security (TLS) protocol to protect the data and prevent interception.

In short: your data is largely secure.

Is_Google_Drive_secure 1
Google Drive uses enhanced encryption tools for both file transport and storage. Dave Johnson/Insider

How Google Drive may be vulnerable

Some security experts don't love that Google keeps encryption keys for all the files on Google Drive. Encryption keys are tools that let Google (or whoever has the keys) decrypt files, bypassing all their security.

"Because they are in control of these encryption keys, it can lead to vulnerabilities for its users," said Kristen Bolig, founder at SecurityNerd. "They have the power to decrypt files which can make them easier for hackers."

This is in contrast to apps like Signal, where not even the company that runs the app can access your data.

Moreover, Google is subject to governments and law enforcement. "If your files are subpoenaed, depending on what Google decides, it might not take a security breach to forfeit your privacy," said Monica Eaton-Cardone, chief operating officer of Chargebacks911.

And as is often the case with cloud services, the most significant risks aren't related to the encrypted infrastructure, but with the user, and Google Drive has a number of user-related vulnerabilities.

Google Drive lacks cohesive organizational permissions, for example. Nick Santora, CEO of Curricula, said, "The way Dropbox uses folders allows us to segment data by department and only give employees in that department access to those folders. Google makes this extremely difficult to do. Everything you do is a one-off. The permissions system is ad hoc, which leads to mistakes."

Is_Google_Drive_secure 2
Google has no coherent system for file permissions, so every file permission is applied in a one-off, highly error-prone process. Dave Johnson/Insider

How to protect yourself as a Google Drive user

The biggest risk to your Google Drive data is often you - along with the computers or devices you've connected to Google Drive. Remember that in general, any files on Google Drive get synchronized to your computer, so those files are vulnerable. "You can use encryption to further hide and protect your files," Bolig suggested.

In addition, you can take advantage of two-factor authentication to prevent hackers from accessing your files from another device, even if they take your username and password. And of course, always make sure you have a strong password.

Security.org editor Gabe Turner said it's important to "remove any apps or browser extensions that have access to Google Drive unnecessarily." Every app with permission to access Google Drive is another vector for hackers and a security vulnerability.

How to share files on Google Drive in 3 different ways, and choose who can view, comment, or editHow to add the Google Drive app to your desktop on a PC and sync all of your files easilyHow to upload files to your Google Drive on desktop or mobile (and back them up for safekeeping)How to create and share a Google Drive folder with customized sharing settings

Read the original article on Business Insider

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting