How Secure Are Your Documents In Google Drive?

Ads by Google

I use Google Drive every day. While Word is still my go-to for writing, Drive is my home base for storing documents and cataloging the test results I collect while reviewing computer hardware. There are literally thousands of documents in my drive, and I take it for granted that they’ll be available whenever I need them.

Is that wise? Or is Google Drive’s security not as robust as it may seem? Recent events, including NSA spying and an incredibly convincing phishing scam, have some users worried. Here’s what you need to know about Drive’s security.

Terms Of Service

Security threats don’t always come from outside an organization. Google is a huge company, and it’s worth asking whether it can be trusted to keep data in Drive private.

The answer, according to the terms of service, appears to be “yes.” Google says it does not use Drive data for marketing purposes, which means the company isn’t using what you upload to create a marketing profile of you.

googledrivetos

While Google claims “a worldwide license to use, host, store, reproduce, modify, create derivative works” from your data, this clause is only meant to give Google permission to offer services like Google Translate, which technically creates a derivative work.  The paragraph preceding this section says “You retain ownership of any intellectual property rights that you hold” and “what belongs to you stays yours.”

There’s no boogeyman in the ToS, but remember; Google does have to comply with each country in which it operates. If a law enforcement agency can produce a legally sound reason to access your data, Google has no choice but to comply. This won’t matter to most people most of the time, but folks who believe a government may have reason to try and access their data would do well to remember it.

Ads by Google

Only As Secure As Your Google Account

Drive is a service offered by Google, so that of course means it is tied to your Google account. This may prove to be a problem for people who are concerned with their security. If anyone gains access to your Google account, they have access to what’s in Drive, too.

Let’s say, for example, you leave your Gmail account logged in on your PC and forget to lock Windows when you go to lunch. People do this all the time, and it gives anyone who wanders by access to not only your email but also Drive – and anything else you do through Google. Drive does not automatically log users out after a period of inactivity, something a highly secure service would do.

googlelogin

To Google’s credit, though, the company does offer two-factor authentication and provides login information that lets you see if any recent logins came from an unusual location or occurred at an unusual time. You can also print out a code sheet that can be used to regain access to your account if someone swipes your password, logs in, and then changes the password to something you don’t know.

While nothing is ever 100% secure, a Google account secured by two-factor authentication is sufficient for most users. Provided they remember to log out when not using their PC, of course.

Tricky Phishing

Still, there are some attacks that can be particularly devious. A recent example involved a phishing attack that used a document hosted on Google Drive to trick users. Because the document was hosted on Drive, the URL did not seem suspicious and was served over SSL, making victims more likely to think it was legitimate. The fake page presented a convincing recreation of Google’s login page, and anyone who entered their email and password had the data sent to a compromised server.

fakegooglelogin

This attack, though clever, doesn’t reflect any particular weakness in Google Drive. Instead it exposes the obvious, but often forgotten, downside to any cloud storage service; your data is no longer physically in your possession. Your data is hosted somewhere else, and you can only access it through a computer with Internet access. This presents many opportunities for tricks that compromise your account by stealing your login and password.

Locally hosted files, on the other hand, can only be stolen if a Trojan is installed on your PC or someone gains physical access to your hardware. Phishing attacks, hacked servers and compromised WiFi aren’t a concern for people who don’t host their data in the cloud.

Conclusion: Is Drive Secure?

I think a Google Drive account protected by two-factor authentication and a strong password is reasonably secure. That’s not the same as invulnerable, but it does mean anyone who wants the data in your Drive would have to use extraordinary measures to gain it. Most of us don’t host particularly sensitive information on Drive, and hackers probably aren’t going to use a previously unknown exploit to steal a collection of haiku inspired by condiments (or whatever else you have in your squirreled away).

On the other hand, Drive is not secure enough for users who store valuable or sensitive information. You shouldn’t host all your financial records in Drive, or use it to store your world-famous secret BBQ recipe, or use it to store photos from your last trip to the Adult Entertainment Expo. Drive is vulnerable to the tricks that can impact any online account and can also be compromised simply by forgetting to log out.

What do you think of Google Drive’s security? Is it sufficient, or could Google do more? Sound off in the comments.

Join live MakeUseOf Groups on Grouvi App Join live Groups on Grouvi
Best Anonymity Tools
Best Anonymity Tools
11 Members
Online Security Tips
Online Security Tips
7 Members
New Security Breaches
New Security Breaches
2 Members
Windows Firewalls & Antivirus
Windows Firewalls & Antivirus
5 Members
Tips for Privacy Obsessed
Tips for Privacy Obsessed
14 Members
Ads by Google
Comments (37)
  • Fi

    Just wanted to know if Google can and WOULD access files? I have heard of academics who put their PhD on Google Drive and it has been stolen by Google – which ruins the integrity of the work. I have used Google Drive for a while but only for my own things that aren’t particularly important (I don’t trust it quite yet – may take some convincing)

  • Carla

    I have absolutely EVERYthing on my google drive. I have a chromebook, thus have to use google drive. I upload everything there, even work documents. I’ve done this for years until……..something strange happened last night…… I logged in and it appears all my files are encrypted by a third party that is asking me to pay $500 to view my own documents (BitCoin). Please help me! I don’t know how I can get my stuff back. These are my own documents that I have created. PLEASE help ME!

    • Anonymous

      it is called ransomware. It does happen. I believe you should contact your local police department and ask for detectives that handle fraud, cyber-crime, wire-fraud.
      If you are in the States then, surprisingly, the Secret Service got its toes into Cyber crime and may have a phone number.
      http://www.coindesk.com/secret-service-digital-currencies-cybercrime/
      This links to a March 27 Secret Service agent Tate Jarrow discussing bitcoin as a medium for cyber fraud.

      As for your data, I can’t recommend one way or the other.

      I believe they encrypted your local files/local drive and then Synching replicated that into the cloud. Two copies, both encrypted (in Sync,right?), and they have the passphrase to decrypt.

      The police *might* know of certain passwords/passphrases repeatedly used by the fraudsters that can be attempted in trial and error.
      Be sure to tell the police its “ransomware”, a name for cybercrime where your data is rendered into gibberish until (and IFF) the cybercriminals provide you the correct passphrase to decrypt.

      Good luck.

  • Carlo

    I do not worry as much about the security of Google drive on the cloud. I do use two-factor authentication.

    My primary concern is the local copy (in the computer).

    If anyone has administrative rights or even physical access to your computer, they can see / copy all contents of your Google drive.

    To prove it, I just booted with Linux, mounted the local drive and was able to see / copy all the files that I have stored on my Google drive.

    Google needs to find a way not to store those files on the local computer, it defeats all security.

  • Hamid

    very informative ..

  • RaZoR

    Yes…we encrypt documents using MS Word before uploading sensitive information to google drive, easy to do by practically any computer users.

Load 10 more
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.
Affiliate Disclamer

This review may contain affiliate links, which pays us a small compensation if you do decide to make a purchase based on our recommendation. Our judgement is in no way biased, and our recommendations are always based on the merits of the items.

For more details, please read our disclosure.