The thought of storing sensitive documents in the cloud can be a daunting one. It’s especially true if you are responsible for securing your organization’s data. Compared to the traditional on-premises solution, Google Drive is a paradigm shift. It’s a shift in both where files reside and how they are accessed. Learning more about high profile data leaks reinforce the need for Google Drive security.
Why Google Drive Security is Important
Over the past several years, data breaches have been big news. Target, Home Depot, Instagram, and Sony, just to name a few. Of course, it’s true that these kinds of headline-grabbing, coordinated attacks on consumer and employee data pose a big threat. Organizations are also at risk from a “slow leak” of content, such as intellectual property and other confidential documents. In fact, according to a Ponemon Institute study, 80% of respondents considered loss of intellectual property a risk of insecure file sharing practices.
Although the total cost of a data breach is hard to estimate, Experian’s Data Breach Industry Forecast estimated that, in 2014, the average cost of a data breach was $3.5 million. The Ponemon Institute study results also point to a wide range of potential consequences, including:
- Loss of intellectual property
- Reputation and brand damage
- Disruptions to productivity
- Increased malware infections
- Regulatory actions
Needless to say, it’s well worth the additional time, effort, and money to implement the proper Google Drive security protocol compared to the repercussions of a data breach.
Is Google Drive Less Secure than On-Premise Solutions?
A common misconception among proponents of on-premises solutions is that “the cloud” is inherently less secure. According to Gartner contributor David Mitchell Smith,
Cloud computing is perceived as less secure. To date, there have been very few security breaches in the public cloud — most breaches continue to involve on-premises data center environments.
Smith recommends, however, that cloud vendors should be able to demonstrate that their specific solution meets necessary security requirements. With this advice in mind, you will be hard-pressed to find a solution to stands up to scrutiny better than Google Drive. Google is very open about their data security and compliance practices, which include:
- Encrypting your data both at rest and in transit
- Comprehensive background checks on all employees with access to data centers
- Multiple layers of redundancy
- Hardware tracking
- Comprehensive destruction of retired hard disks
- Regular third-party audits to maintain ISO, SOC, and FISMA certifications
The Human Equation of Google Drive Security
Having established that, due to extensive Google Drive security measures, the risk to data residing on Google servers is negligible, we arrive at the single largest risk factor for Google Drive data loss: the end users themselves.
According to Experian’s Data Breach Industry Forecast, 59% of security incidents in 2014 were attributable to human error or malicious employees. Furthermore, only 54% of organizations reported offering security training for employees with access to confidential information. Clearly then, there is a large gap between what IT leaders perceive as a major threat and the actual source of most data leakage.
The knee-jerk reaction to such statistics is to lock down Google Drive. Organizations either drastically restrict the ability of employees to share files externally, or completely disable it. However, this often proves counterproductive as users will organically reject a platform that is overly restrictive due to the inevitable inconveniences, as well as perceived lack of progress compared to existing on-premises data storage.
Raising employee awareness and providing training will pay large dividends in terms of reducing the amount of data lost due to negligence. Although many IT departments loathe expending precious budget on these services; the more open the sharing platform, the more vital this effort becomes.
Although securing Google Drive data takes planning and foresight, it is far from impossible. In fact, because Google Drive activity can be monitored, external sharing is actually more secure than sending email attachments.
Three Google Drive Security Best Practices
Your goal should be to take necessary measures to properly implement Google Drive security. At the same time, you want to leverage the power of cloud-based collaboration. Whether you’re planning to conduct a review of your organization’s Google Drive security, or you’re migrating data to Google Drive and need to plan accordingly, adherence to these three best practices will help secure your organization’s data, without placing restrictions on sharing and collaboration.
INVEST IN EMPLOYEE AWARENESS
User training and education should be a central aspect of your plan. Money invested in training will return dividends in a more savvy and security-conscious user base. Proper training can also help users avoid phishing scams and better secure their accounts using 2-step verification. End users also need a clear understanding of what does or does not violate your organization’s Google Drive security policy.
Take Steps to Secure Endpoint Devices
Even the best training and data loss prevention software will not prevent a data breach if an unsecured device falls into the wrong hands. Thus, it’s always a best practice to enforce Google Drive security policies on mobile devices. For example, use password-protected screen locks and remote-wipe stolen devices. Your IT team should also have a clear and documented plan for securing any accounts at risk from a stolen phone or laptop.
Understand What Data is Being Shared, and to Whom
It is essential to conduct regular data audits to understand quantity of externally exposed data. If possible, you should also implement data loss prevention measures. This includes scanning Google Drive content for policy violations using an application such as BetterCloud. Knowing the volume and content of files being shared outside the company will provide you with valuable data, and you will be able to proactively adjust your Google Drive security policies accordingly.