Swan(sea) Song – personal research during my six years at Swansea ... and bey...
5 Steps to Secure Google Drive
1. 5 STEPS TO SECURE GOOGLE DRIVE
BACKUPIFY – AUGUST 2012
2. 5 STEPS TO SECURE GOOGLE DRIVE
Backupify, Inc. 2
INTRODUCTION
Introduced a few months ago, Google Drive is more than just an online place to
stash files. Google Drive is integrated into many Google applications including
Google Apps and lets you access your information from just about anywhere –
including mobile devices. But what kind of risks do you face by uploading your
data to the cloud? We address Google Drive-specific security issues below.
TIP #1: USE TWO-STEP VERIFICATION
The biggest risk to your data is your credentials, which for most of us is an easily
guessed password. Two-step verification is one of the surest ways to secure your
Google Account (which gives you access to Google Drive, of course). Once enabled
you’ll have to enter not only your password but a second code Google sends to
your mobile phone via text message. It doesn’t add much time to the login
process and is infinitely more secure. Why? If someone tries to hack your account
they’ll need your password AND your phone.
Google’s short DIY on how to setup two-step verification can be found here.
TIP #2: SETUP RECOVERY ON YOUR GOOGLE ACCOUNT
It can happen – let’s say you lost control of your account to a third party (you left
your account logged into on a public computer, forgot to lock your computer,
someone guessed your password). Google Drive users should be more concerned
3. 5 STEPS TO SECURE GOOGLE DRIVE
Backupify, Inc. 3
than anyone, especially if they’re uploading identity-theft grade files like tax
returns or insurance documents.
Fortunately, losing control of your account isn’t the end of the world. You can
setup account recovery options which will allow you to regain control of your
Google Account. Things you can do include adding a security question, use of
your mobile phone, and most importantly, setting up an alternate email address.
TIP #3: SECURE YOUR FILES BY APPLICATION
Think of Google Drive as a backend platform – while it can simply store files, it’s
also designed to act as a storage subsystem for applications (Google Apps, for
example, now uses Google Drive instead of the defunct Google Documents). You
can find apps that store photos, videos and even faxes in Google Drive in
the Chrome Web Store. Why is it important to think about security on a per-file
basis? You may not want to give a video editing app access to last year’s W2 form.
While it probably won’t hurt, keep in mind that most apps for Google Drive are
not developed by Google (read: third-party). It’s not that we don’t trust anyone,
but why take any risk, no matter how small, if it’s unnecessary?
Chances are you won’t be micromanaging access to all of your files (especially if
you have thousands like I do) – maybe just to that W2 like I mentioned. To revoke
an app’s permission to a file, right-click the file and click “View authorized apps…”
4. 5 STEPS TO SECURE GOOGLE DRIVE
Backupify, Inc. 4
and then the Revoke button next to any app you don’t want to have access. You
will still have access to the file through Google Drive, but the app won’t.
TIP #4: CONTROL ENTIRE APPS WITH ONE CLICK
Do you want to cut off an app’s access to your data entirely? This would be a
good idea if you’re not using the App – and chances are you’ve downloaded one
too many that is not being used.
Go to accounts.google.com, sign in, and click “Security” on the left. Then click on
“Authorizing applications & sites”:
This page shows you every app that has access to your data and gives you one
button to revoke all access. Neat!
TIP #5: BACKUP GOOGLE DRIVE
No matter how much you protect your Google Drive data from outside attacks, it’s
hard to protect it from yourself. Nearly 63% of all data loss in Google Apps is user
error – cases of accidental deletion tops among them. Moreover, if you’ve shared a
Google Drive item with another user, they could corrupt or delete those
documents through no fault of your own. The best defense against user error (and
any other form of data loss) is an independent backup of Google Drive.
5. 5 STEPS TO SECURE GOOGLE DRIVE
Backupify, Inc. 5
CONCLUSION
It’s important to be stringent about access to your data. Think about access to
your Google Account for starters; make sure you setup two-step verification and
your account recovery options. Two-step verification is an extra barrier to hacking
and recovery means you can regain control of your account should anyone
actually get in. Next we have the issue of third-party apps having access to your
data in Google Drive. You can setup access on a per-file basis and even lock out
entire applications with a few clicks. Lastly, backup of all data is best practice, even
in Google Drive. Remember that Google is doing a lot of unsaid work behind the
scenes to keep your data safe, but at the end of the day you’re ultimately
responsible for what you upload to the Internet and how you protect it.
Hope you’ve got a good backup plan.
ABOUT BACKUPIFY
Backupify is the leading provider of backup and restore solutions for SaaS
applications including Google Apps, Salesforce, Facebook, Twitter, and more.
Backupify was founded in 2008 and is based in Cambridge, MA. Backupify has over
200,000 users trusting us with more than 500 million documents, two billion email
messages and 350 terabytes of data.
WHY BACKUP CLOUD DATA?
Your data is one of the most critical assets of your business. Like any important
asset, it should be insured. While most SaaS providers, including Google and
Salesforce, offer state-of-the-art disaster recovery capabilities that protect you
from some forms of data loss, you are still at risk for data loss due to user error,
hacked accounts and third-party application bugs. To fully replicate your on-
premise backup capabilities in the cloud, you need the ability to perform granular
restores, and to retain the control that comes from having your own secure
second copy of the data in your SaaS applications.