Is Google Drive secure? How Google uses encryption to protect your files and documents, and the risks that remain
- Google Drive is generally very secure, as Google encrypts your files while they're being transferred and stored.
- However, Google can undo the encryption with encryption keys, meaning that your files can theoretically be accessed by hackers or government offices.
- You can make Google Drive more secure by using two-factor authentication and being careful when giving other apps permission to use your Drive.
Google Drive is quickly becoming the most popular storage service around. And with more than a billion users and over 2 trillion files saved, it needs to be secure.
But Google users have been victim to hacks before - in 2014, approximately 5 million Gmail usernames and passwords were stolen and leaked online.
So if you use Google Drive, you might be wondering how secure your files really are.
How Google Drive secures your files and data
Regardless of previous hacks, the risk of using Google Drive is low. Google uses the strong 256-bit Advanced Encryption Standard (AES) encryption on all its Google Drive servers (with the exception of a small number of storage devices that date prior to 2015 - those use AES128 encryption instead).
Likewise, when the data is in transit between users and Google Drive servers, Google uses the Transport Layer Security (TLS) protocol to protect the data and prevent interception.
In short: your data is largely secure.
How Google Drive may be vulnerable
Some security experts don't love that Google keeps encryption keys for all the files on Google Drive. Encryption keys are tools that let Google (or whoever has the keys) decrypt files, bypassing all their security.
"Because they are in control of these encryption keys, it can lead to vulnerabilities for its users," said Kristen Bolig, founder at SecurityNerd. "They have the power to decrypt files which can make them easier for hackers."
This is in contrast to apps like Signal, where not even the company that runs the app can access your data.
Moreover, Google is subject to governments and law enforcement. "If your files are subpoenaed, depending on what Google decides, it might not take a security breach to forfeit your privacy," said Monica Eaton-Cardone, chief operating officer of Chargebacks911.
And as is often the case with cloud services, the most significant risks aren't related to the encrypted infrastructure, but with the user, and Google Drive has a number of user-related vulnerabilities.
Google Drive lacks cohesive organizational permissions, for example. Nick Santora, CEO of Curricula, said, "The way Dropbox uses folders allows us to segment data by department and only give employees in that department access to those folders. Google makes this extremely difficult to do. Everything you do is a one-off. The permissions system is ad hoc, which leads to mistakes."
How to protect yourself as a Google Drive user
The biggest risk to your Google Drive data is often you - along with the computers or devices you've connected to Google Drive. Remember that in general, any files on Google Drive get synchronized to your computer, so those files are vulnerable. "You can use encryption to further hide and protect your files," Bolig suggested.
In addition, you can take advantage of two-factor authentication to prevent hackers from accessing your files from another device, even if they take your username and password. And of course, always make sure you have a strong password.
Security.org editor Gabe Turner said it's important to "remove any apps or browser extensions that have access to Google Drive unnecessarily." Every app with permission to access Google Drive is another vector for hackers and a security vulnerability.