GW

Introduction to Google Drive Security and Smart Sharing Practices

GW

Google Drive Security Features by Default• Storage in the Cloud

– If your computer crashes or your hard drive fails, your document will still exist in Google Drive

• Network Transport Protection (HTTPS)– Communications between Google Drive and your computer are encrypted to

prevent people from eavesdropping on your documents as you edit or read them

• Google Authentication & Authorization– Google provides insight how to specify a good password for your

account and prevents unauthorized access to your documents• Google Drive Files are Private by Default

– Only your account has access to the file when you create a new file in Google Drive

• Change Tracking (Google Docs Only)– Google drive automatically tracks changes to the document,

allowing you to revert back to previous versions if an unwanted change is implemented

GW

Risks to Consider When Using Google Drive• Sharing a file with an unintended party• Setting insecure permissions/sharing context (visibility) to a

shared document• An unauthorized party accessing your Google Drive• Uploading a document that is inappropriate for Google Drive• A document you shared with another

party is re-shared by that party to an unintended party

• If Google or GW SSO experiences an outage, you may not be able to access your files until service is restored

GW

Why are Sites like eRoom and SharePoint sometimes Safer?• Google Drive is accessible via the Internet• Sites like eRoom and SharePoint are often only accessible

on the organization’s intranet• Therefore, for eRoom/SharePoint, the attacker has to

compromise your NetID and get a GWU intranet address to access the application (Usually via taking over a laptop/desktop with malware)

• With Google Drive, all they need to do is compromise your Google account and can access it from anywhere; there is no need to compromise a machine

GW

Google Drive: Private Files and Folders• Private File

– Default Google Drive file permission when uploading or creating new documents

– Only the owner can access the document• Private Folder

– Folders are private by default– Folders can store multiple files and sub-folders– A private folder can contain both private and shared files and

sub-folders

GW

Google Drive: Shared Files and Folders• Shared File

– When enabling sharing, by default, the document is shared privately; the owner must manually add additional users unless the visibility option is changed

– By default, users who are added as editors of the document can add additional people and change permissions of the document, including the document visibility

• Shared Folder– When enabling sharing, by default, folders are shared privately; the owner must

manually add additional users unless the visibility option is changed– Files/folders within the shared folder inherit permissions of the shared parent

folder– New files and folders added to or created within the shared folder inherit the

shared permissions.– Individual file and sub-folder permissions within the shared folder can be later

customized manually after being added to the shared folder

GW

Google Drive Sharing Settings: Visibility Options• Google Drive Visibility Options: | Private | Anyone with the link | Public on the

web |• GW Google Drive Visibility Options:| Private | People at GWU with the link | Anyone at GWU |• By default, files are shared privately on Google Drive

GW

Google Drive Shared File User Roles/Access Levels

• Owner– Full Control

• Editor– Edit document– Add/Remove users by default– Cannot delete document– Can download or make a copy

• Commenter– Read only with the ability to

comment– Can download or make a copy

• Viewer– Read only– Can download or make a copy

GW

How much authority do your editors have?

• By default, editors of the document can change visibility settings and add/remove users

• This setting can result in the file easily being shared in ways the owner did not intend

• It is suggested to restrict the sharing settings so that only the owner can change permissions

GW

Do You Trust Your Sharers?

• Like other sharing services, Google Drive can assist in protecting a shared document

• However, you must trust the people you share the document with

• Even with advanced sharing restrictions, the people who have access to the document may make copies or share the document in ways you did not intend without you knowing about it

Owner

Editor Viewer - Makes Copy

Viewer Commenter Editor of Copy

Editor of Copy Editor of Copy

GW

Data That Should Not be Stored in Google Drive• Policy drives the controls and regulations put in place to protect certain

types of data• GW Data Classification Policy: http://my.gwu.edu/files/policies/

DataClassificationPolicy.pdf• Data classified as “Confidential” should not be stored in Google Drive• Examples of Confidential Data include:

– Student records and other non-public student data

– Credit Card Data– Usernames/passwords– Personnel and payroll information– Health and Patient Information– Data subject to Government regulation– Social Security Numbers

X

GW

Recommended Sharing Settings for Most Cases

• Share privately and explicitly ONLY add essential users as needed (Google Drive default setting)

• Set the sharing settings so that only the owner can change permissions (Requires the user to manually adjust this setting after creation)

• Do not store data classified as “confidential” on Google Drive

GW

Additional Google Drive Best Practices

• Utilize a strong password for your Google account (Password managers such as keepass (http://keepass.info/) are great for this)

• Log out of your Google account when you are finished

• Beware of using Google Drive on a shared or public computer

• Use caution when using Intellectual Property with Google Drive. Google states you retain ownership of these documents, but you may want to read the following:– https://www.google.com/intl/en/policies/terms/– https://www.google.com/policies/privacy/

GW

References and Additional Information

Google: Choosing a smart passwordhttps://support.google.com/accounts/answer/32040?hl=enGoogle Drive Sharing settings overviewhttps://support.google.com/drive/answer/2494886?p=visibility_options&rd=1Keepasshttp://keepass.info/Security in Google Drive https://support.google.com/drive/answer/141702?hl=enWhat do Google’s Terms of Service mean for the files I upload to Google Drive?https://support.google.com/drive/answer/2733115?hl=en&ref_topic=2428743