Pinterest Stumbleupon Whatsapp
Ads by Google

I use Google Drive A Look At Google Drive, Google's Long-Awaited Cloud Storage Service A Look At Google Drive, Google's Long-Awaited Cloud Storage Service After more than 6 years of rumors and a long-ago cancellation because "files are so 1990", Google Drive is finally here. Coming with 5 GB of free storage space, a Dropbox-like desktop sync client, and... Read More every day. While Word is still my go-to for writing, Drive is my home base for storing documents and cataloging the test results I collect while reviewing computer hardware. There are literally thousands of documents in my drive, and I take it for granted that they’ll be available whenever I need them.

Is that wise? Or is Google Drive’s security not as robust as it may seem? Recent events, including NSA spying and an incredibly convincing phishing scam, have some users worried. Here’s what you need to know about Drive’s security.

Terms Of Service

Security threats don’t always come from outside an organization. Google is a huge company, and it’s worth asking whether it can be trusted to keep data in Drive private.

The answer, according to the terms of service, appears to be “yes.” Google says it does not use Drive data for marketing purposes, which means the company isn’t using what you upload to create a marketing profile of you.

googledrivetos

While Google claims “a worldwide license to use, host, store, reproduce, modify, create derivative works” from your data, this clause is only meant to give Google permission to offer services like Google Translate, which technically creates a derivative work.  The paragraph preceding this section says “You retain ownership of any intellectual property rights that you hold” and “what belongs to you stays yours.”

Ads by Google

There’s no boogeyman in the ToS 10 Ridiculous EULA Clauses That You May Have Already Agreed To 10 Ridiculous EULA Clauses That You May Have Already Agreed To Let’s be honest, no one reads EULA's (End User Licensing Agreement) - we all just scroll down to the bottom and click "I Accept". EULAs are full of confusing legalese to make them incomprehensible to... Read More , but remember; Google does have to comply with each country in which it operates. If a law enforcement agency can produce a legally sound reason to access your data, Google has no choice but to comply. This won’t matter to most people most of the time, but folks who believe a government may have reason to try and access their data would do well to remember it.

Only As Secure As Your Google Account

Drive is a service offered by Google, so that of course means it is tied to your Google account. This may prove to be a problem for people who are concerned with their security. If anyone gains access to your Google account, they have access to what’s in Drive, too.

Let’s say, for example, you leave your Gmail account logged in on your PC and forget to lock Windows when you go to lunch. People do this all the time, and it gives anyone who wanders by access to not only your email but also Drive – and anything else you do through Google. Drive does not automatically log users out after a period of inactivity, something a highly secure service would do.

googlelogin

To Google’s credit, though, the company does offer two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More and provides login information that lets you see if any recent logins came from an unusual location or occurred at an unusual time. You can also print out a code sheet that can be used to regain access to your account if someone swipes your password, logs in, and then changes the password to something you don’t know.

While nothing is ever 100% secure, a Google account secured by two-factor authentication is sufficient for most users. Provided they remember to log out when not using their PC, of course.

Tricky Phishing

Still, there are some attacks that can be particularly devious. A recent example involved a phishing attack that used a document hosted on Google Drive to trick users. Because the document was hosted on Drive, the URL did not seem suspicious and was served over SSL, making victims more likely to think it was legitimate. The fake page presented a convincing recreation of Google’s login page, and anyone who entered their email and password had the data sent to a compromised server.

fakegooglelogin

This attack, though clever, doesn’t reflect any particular weakness in Google Drive. Instead it exposes the obvious, but often forgotten, downside to any cloud storage service; your data is no longer physically in your possession. Your data is hosted somewhere else, and you can only access it through a computer with Internet access. This presents many opportunities for tricks that compromise your account by stealing your login and password.

Locally hosted files, on the other hand, can only be stolen if a Trojan is installed on your PC or someone gains physical access to your hardware. Phishing attacks, hacked servers and compromised WiFi aren’t a concern for people who don’t host their data in the cloud.

Conclusion: Is Drive Secure?

I think a Google Drive account protected by two-factor authentication and a strong password is reasonably secure. That’s not the same as invulnerable, but it does mean anyone who wants the data in your Drive would have to use extraordinary measures to gain it. Most of us don’t host particularly sensitive information on Drive, and hackers probably aren’t going to use a previously unknown exploit to steal a collection of haiku inspired by condiments (or whatever else you have in your squirreled away).

On the other hand, Drive is not secure enough for users who store valuable or sensitive information. You shouldn’t host all your financial records in Drive, or use it to store your world-famous secret BBQ recipe, or use it to store photos from your last trip to the Adult Entertainment Expo. Drive is vulnerable to the tricks that can impact any online account and can also be compromised simply by forgetting to log out.

What do you think of Google Drive’s security? Is it sufficient, or could Google do more? Sound off in the comments.

  1. Michael O'Brien
    August 29, 2016 at 2:10 am

    You are misreading the TOS. When it says "such as those resulting from translations", this is illustrative only and it does not restrict the previous sentence. Google can create derivative works of all uploaded content and shares that right with anyone they work with.

    This means that anything uploaded to Google Docs or emails that you send via gmail are covered by this right to create derivative works.

  2. Craig
    March 27, 2016 at 9:37 pm

    I worked for a company that stored ss#'s and copies of clients' drivers license on Drive. It's been about three years now, but I was wondering if this is/was illegal, highly recommended against, or if this is a regular practice. If you found out your personal info such as this was being stored on Drive would you be concerned?

  3. Bob
    February 20, 2016 at 2:49 am

    Ok Security and Government Access can be important depending who the Government is. In the United States we currently have freedom to do and say pretty much what we want to. However this is not so in other Countries. For Example we can write about Christianity freely without the FBI or CIA coming to arrest us. Not so, in other countries run by radical Hindu or Muslim factions. Christian that are evangelizing can be beaten or killed for the content found on their computers. How does anyone know what countries Google has given access to scan documents or monitor data transmission? How do you know when even the US might no longer be friendly towards a certain religion or even a political party?

    • Sanjay Srivastava
      March 5, 2016 at 3:51 pm

      Bob, I digress from the main topic of the discussion but I must say this. There is only one major country in the world that is run by a government that supports Hinduism. India is what we are talking of, and this government has Muslim, Christian, Sikhs and people of many other faiths in the government. You can write what you wish in India and the police does not come to arrest you - so long as you don't go anti national. We have NEVER had a shooting in a school or in a parking lot.

      While there are zealots in every religion, the Hindu religion is very easy to live with and in. Come over and see it for yourself sometime.

      • Steve
        March 8, 2016 at 4:53 pm

        Sorry, you don't have a savior who makes a difference and provides eternal life..that's why it's easy to live with and in..Jesus creates controversy because Satan hates Him..why? cause he's the real deal..the enemy..the healer, redeemer..the alpha and the Omega - without Him there is no salvation..I'll stick to my troubles..

  4. mohamed mostafa
    February 2, 2016 at 4:03 pm

    How about if I deleted a file from google drive? Is it still there, can google access it?

  5. Kristofer Skaug
    January 27, 2016 at 12:42 am

    Thanks for the balanced review. Just wanted to comment on this one:
    " your data is no longer physically in your possession",.
    that is not true if you use the PC Client to sync Google Drive on your PC.
    This gives you the best of both worlds IMO - sharing files with multiple machines/users across the web (i.e. "device independence"), while still having everything locally, so you can continue working if the internet connection is unavailable.

  6. J J
    January 21, 2016 at 6:23 pm

    FYI, goolge updated their ToS:

    7. Intellectual Property Rights; Brand Features.

    7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other's content or any of the other's intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.

  7. Fi
    April 29, 2015 at 4:10 pm

    Just wanted to know if Google can and WOULD access files? I have heard of academics who put their PhD on Google Drive and it has been stolen by Google - which ruins the integrity of the work. I have used Google Drive for a while but only for my own things that aren't particularly important (I don't trust it quite yet - may take some convincing)

  8. Carla
    March 22, 2015 at 2:26 pm

    I have absolutely EVERYthing on my google drive. I have a chromebook, thus have to use google drive. I upload everything there, even work documents. I've done this for years until........something strange happened last night...... I logged in and it appears all my files are encrypted by a third party that is asking me to pay $500 to view my own documents (BitCoin). Please help me! I don't know how I can get my stuff back. These are my own documents that I have created. PLEASE help ME!

    • Anonymous
      April 2, 2015 at 10:17 am

      it is called ransomware. It does happen. I believe you should contact your local police department and ask for detectives that handle fraud, cyber-crime, wire-fraud.
      If you are in the States then, surprisingly, the Secret Service got its toes into Cyber crime and may have a phone number.
      http://www.coindesk.com/secret-service-digital-currencies-cybercrime/
      This links to a March 27 Secret Service agent Tate Jarrow discussing bitcoin as a medium for cyber fraud.

      As for your data, I can't recommend one way or the other.

      I believe they encrypted your local files/local drive and then Synching replicated that into the cloud. Two copies, both encrypted (in Sync,right?), and they have the passphrase to decrypt.

      The police *might* know of certain passwords/passphrases repeatedly used by the fraudsters that can be attempted in trial and error.
      Be sure to tell the police its "ransomware", a name for cybercrime where your data is rendered into gibberish until (and IFF) the cybercriminals provide you the correct passphrase to decrypt.

      Good luck.

  9. Carlo
    March 4, 2015 at 3:31 pm

    I do not worry as much about the security of Google drive on the cloud. I do use two-factor authentication.

    My primary concern is the local copy (in the computer).

    If anyone has administrative rights or even physical access to your computer, they can see / copy all contents of your Google drive.

    To prove it, I just booted with Linux, mounted the local drive and was able to see / copy all the files that I have stored on my Google drive.

    Google needs to find a way not to store those files on the local computer, it defeats all security.

    • Carlos
      January 19, 2016 at 7:48 pm

      That's interesting, you can choose to sync only files to your machine that you use often and the rest are cloud hosted which means Admin's could if they wanted view only the local files ie: on your machine in the Google Drive directory.

    • Dan
      July 29, 2016 at 1:51 pm

      Google Drive has an "only sync selected folders" option in the preferences you could put all your files you actually want synced into one folder within Google Drive and then sync only that one folder.

  10. Hamid
    February 12, 2015 at 12:38 pm

    very informative ..

  11. RaZoR
    December 30, 2014 at 4:36 pm

    Yes...we encrypt documents using MS Word before uploading sensitive information to google drive, easy to do by practically any computer users.

  12. Not Telling
    July 31, 2014 at 8:00 pm

    Nothing stored in the "Cloud" is safe from government prying eyes...

    Google FBI National Security Letters (NSL's)... no warrant required by an FBI agent who wants to see your content.

    Can you encrypt prior to upload in order to protect your data? Sure, just don't use US government certified cryptographic ciphers... complete with back doors for "you know who" to access.

  13. Steven E. Browne
    June 9, 2014 at 1:14 pm

    I just found out that google drive's TOS give google the right to your work.

    http://www.askmen.com/entertainment/tech-news/google-drive-licence-agreement.html

    i would not suggest posting any creative works there.

  14. Swetank R
    April 6, 2014 at 9:34 pm

    Why did you left your email address visible on that Google log in page image? This could increase your security issue.

  15. Daniel E
    April 6, 2014 at 9:46 am

    <quote>
    You can also print out a code sheet that can be used to regain access to your account if someone swipes your password, logs in, and then changes the password to something you don’t know.
    </quote>

    Eh? The code sheet I'm familiar with is the substitute for SMS or Google Authenticator. That is, if you don't have your phone with you, you can use the code in that code sheet for the second step of the authentication.

  16. Julio C
    April 5, 2014 at 6:38 pm

    It's enough for me according the documents I store there. For sensitive information , a pen drive or an external disc

  17. Roy
    April 5, 2014 at 4:44 pm

    If you send unencrypted information to Drive, is it encrypted before going over the internet to Drive or is it only encrypted after being placed on Drive?

    Roy

  18. Emma
    April 5, 2014 at 7:15 am

    The sensitive info on your terabyte hard disks is what your governments are trying to get at eventually. But for now their agents can test "cloud services" untll the time when hard-diskless computers will be standard by law in the name of "security". Everyone will only save on the cloud services provided by your governements.
    For now enjoy your limited freedoms

  19. Jo-anne P
    April 5, 2014 at 6:31 am

    I really don't have a whole heck of a lot of really secret stuff but no I am not willing to cloud my stuff only because I feel once it is out there its gone.

  20. Larry
    April 5, 2014 at 1:45 am

    Google Apps (and Drive) is the only cloud service I have found that has a HIPPA compliance method so your medical record may be on it. Hope it's secure...

  21. Robert Wm Ruedisueli
    April 5, 2014 at 12:30 am

    For particularly sensitive documents, you can use an encryption program prior to upload. Of course, this eliminates the ability for online viewing and editing. Thus, you probably should reserve this measure for things that absolutely must be kept secret.

  22. Jenni
    April 4, 2014 at 8:45 pm

    I don't like to use any cloud service for very private information, as Al C stated too. Also, I have had discussions with my work place because we are using the cloud for our new whole employee database (indirectly) and yet our privacy processes and documentation have not caught up with it yet. Few have any real idea of what / where information is being stored now. The information that I provided to them has been put away for 'later'.

  23. Al C
    April 4, 2014 at 6:54 pm

    I am dubious about hosting any sensitive personal information, e.g documents containing bank account details, card numbers etc on any cloud service - because its security is outwith my control.

  24. Guy M
    April 4, 2014 at 5:57 pm

    Once people accept the fact that there is no such thing as perfect security, they need to determine what is acceptable security for them and their documents.
    For most people and most information, I believe the security of Google Drive is acceptable. If they encrypt before they upload, then even more so.
    The least I can say is that I find it acceptable for me and the documents I store there.
    Really liked the article!

  25. Petew
    April 4, 2014 at 4:40 pm

    "There’s no boogeyman in the ToS"
    Really?
    From the EULA: "communicate, publish, publicly perform, publicly display and distribute such content."
    You better bring your lawyer along.

  26. victor
    April 4, 2014 at 3:56 pm

    How about encrypting files using EncFS: http://ninjatips.com/encrypt-dropbox-using-encfs/ then upload them to the drive. Will that make them secure?

  27. jack
    April 4, 2014 at 2:25 pm

    Cloud Storage Secure? Are you kidding me? I refuse to store any documents in the cloud.

  28. dragonmouth
    April 4, 2014 at 1:16 pm

    "There’s no boogeyman in the ToS"
    No, the boogie man is in the law offices of the firm(s) representing Google, and in the interpretation of ToS by those lawyers. If Google decides that it wants to sell your documents to a third party, I'm sure the lawyers can find ways of justifying it.

    Yes, the documents are secure, and will become more so in the future, from hacking. But as you say, "Security threats don’t always come from outside an organization"

  29. Mark M
    April 4, 2014 at 1:45 am

    Given the growing popularity/use of cloud-based storage, I believe that it's overall security will only get stronger. Companies like Google, AWS, OneDrive, DropBox etc. will develop to better suit the needs/concerns of the average "every-day" user. This will bode well for both the host and the user. I'm just beginning to get comfortable with using cloud storage for my documents, spread-sheets, pics & vids and even purchase receipts, I think most folks are beginning to accept this as well. Only the future will tell of the overall security of this venture, as for now, the "privacy" of your information is becoming more of a concern than the security of it.

    • dragonmouth
      April 4, 2014 at 1:23 pm

      Security is not something to be comfortable with, or about because that is when you start losing it. New threats arise constantly.

  30. james
    April 3, 2014 at 11:34 pm

    Its actually easier for law enforcement to enter your home and take your computer than it is for them to subpoena your docs on drive. Its more secure than your laptop.

    • dragonmouth
      April 4, 2014 at 1:25 pm

      They still need a search warrant or a subpoena to enter your house, or your explicit permission.

    • James
      April 4, 2014 at 4:03 pm

      At your house it is most likely there is no lawyer who can determine if the request is too broad or challenge it should it be mistargeted. Google on the other hand fights these regularly, for free.

    • Matt S
      April 4, 2014 at 8:00 pm

      I think this is a good point. While the NSA stuff is troubling, I think it's wrong to think less of Google or Microsoft because of it. Ultimately they have to follow the law. The problem is the law, not the companies.

  31. Terence @ eStrategyPro.com
    April 3, 2014 at 10:38 pm

    Google Drive may be 'secure' in the sense that
    (1) they provide good authentication control (e.g. two-factor login) and
    (2) that your files in transit to and fro their servers are encrypted (i.e. TLS/SSL)
    (3) that your files at rest in their servers are encrypted

    But these points also apply to every other cloud storage provides (e.g. DropBox, OneDrive, Box, etc).

    But the more crucial question is this: are your files PRIVATE?

    No matter how much security Google employs, this fact remains: GOOGLE CAN SEE EVERYTHING YOU STORE THERE! And that, by extension, means that Google has to comply with whatever legal obligation to turn over your files to the authorities when compelled. In fact, this applies to almost every cloud storage providers.

    If you want security and privacy, then the only way is to encrypt your files PRIOR to uploading to any cloud storage providers. And make sure you keep the encryption keys secret to yourself only.

    So, is Google Drive secure? Sure, I believe so. Is it private? Nope, definitely not.

    • mark
      December 27, 2014 at 4:37 pm

      Google does not look at files without a damn good reason period. No file can be looked at without high level authorization and any Google employee that peeks at a file without authorization is gone. If a government request access then they need to follow every little legal procedure to get it. So if you are a crook then the cloud migh not be for you but everyone else is safe.

  32. Bram
    April 3, 2014 at 8:23 pm

    Can you actually say the same thing about other cloud services like Dropbox en Onedrive?

  33. Ed
    April 3, 2014 at 6:00 pm

    I only store stuff in Drive or any cloud storage that I wouldn't mind printing out and letting it sit on an open desk.. If it needs to be private or secure, it's not going in anybody's cloud service. That's just me.

  34. KB
    April 3, 2014 at 4:41 pm

    I find it hard to trust TOS, especially from American-based companies. In light of the NSA and subpoenas from the secret court, companies could NOT disclose information about the governments requests into user data (and I'm guessing much much more). I would much rather trust my data to an end-to-end encryption service like mega, or perhaps use an encryption-application to encrypt the data before it hits my Google drive.

  35. Michael
    April 3, 2014 at 2:18 pm

    Between the two-step verification and Google using HTTPS on all of it's services, I'd say it's more secure than most. By forcing unknown locations to require a password and a code sent to your phone, you're pretty set. As for other techniques of acquiring your info, not only does Google use HTTPS, but if you also use a VPN service like Hotspot Sheild, as I do, then you're in even better shape. I've been a Google power user for the past 5 - 6 years and I think they're doing a pretty solid job when it comes to securing your information.

    • Danielx386
      April 5, 2014 at 1:08 am

      But then there nothing to stop google from looking at your stuff like drop box does

    • rk
      April 9, 2014 at 3:47 pm

      I am no tech guru but SSL is now under scrutiny after a bug was found. It's being patched in a jiffy I am told but what other bugs are lurking to be discovered? I had to view something on google drive for the first time yesterday and I must've been living under the rock. I found it (at first glance/usage) a bit cumbersome and videos were super slow although they were only a min long videos!

Leave a Reply

Your email address will not be published. Required fields are marked *