<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

How Secure Is Google Drive?

Topics: Managed File Transfer

Posted: 12 January 2017

secure data transfer google drive

Exfiltration is a decidedly unpleasant word, and it’s rarely connected with Google’s benign application suite used freely by millions all over the world — Google Apps. Specifically, how secure is Google Drive?

Google Drive, a potentially massive repository of intellectual property, personal information — even photos and movies — features a user-friendly browser interface.

Google Apps for Work has been rebranded G Suite, but the security and sharing mechanisms in place are the same. Once a document has been uploaded to a Google server farm, users can click on a G Suite document and turn on link sharing. Within a couple of clicks, the document will have been rendered public (albeit not necessarily discoverable — no SEO secret sauce applies). Unless provided this link by the user, it would take some additional malware or forensics sleuth to discover this document, but users have a way of involuntarily making things easier for access.

These now-public links can be shared through less secure platforms, such as Facebook, Twitter or email. Users may also have forgotten that an entire folder containing the new document was previously shared.

More Ways to Share

There are other ways to exchange information with Google Drive. Through a Google public API, third parties can develop ftp-like tools that enable the exchange of thousands of files through a convenient user interface.

Developers with average skills can develop applications that access G Suite documents. The problem isn’t lax security in Google software. Google implements best practices and has above-average intrusion detection methods. Instead, by leveraging exogenous security lapses, bad actors can leverage the public API to exfiltrate documents or spreadsheets they have discovered.

Too Easy to Share?

When a user decides to share a Google document, form or spreadsheet, Google wants the user to share. Sharing means the document is available to another potential user, whose data can be collected for data mining. This is a fundamental feature of the public cloud company business model. It’s true not only for Google but for Facebook, Twitter, Dropbox, Box and Microsoft’s Azure and MSN enterprises.

A Safer Way

Instead of asking “How secure is Google Drive?”, consider asking how the movement of data in the enterprise is monitored and managed. Ipswitch and other providers recognized the potential risk and have developed tools that monitor and manage file transfers.

Sometimes referred to as enterprise file synchronization and sharing (EFSS), managed file transfer is a stronger contender for a safer way for coworkers to transfer files. This is true for any desktop-to-collaboration activity, not only for G Suite transfers.

Rather than relying on potentially expensive, cycle-stealing data loss prevention (DLP) tooling, provision enterprise users with tools that allow for collaboration while reducing the risk.

New Call-to-action

Mark Underwood Ipswitch Guest Blogger
Posted by: Mark Underwood
Ipswitch Guest Blogger
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts