are google apps secured?

Does anyone here work in an IT company? I got a couple of questions about google apps. We will be using google drive in the office soon, so all our excel files will be uploaded to google drive for easy sharing. I heard that there is a big chance for data loss. Do you know how true is this? Could we retrieve loss data? Is there a good way to secure those data or files being shared at google drive?

I have the related question as to how private it is, if it’s OK that I piggyback that onto this thread.

Specifically, how good or bad an idea is it that a private person use a Google Docs spreadsheet to store bank account number.

My wife worked in IT management at a university which was considering using google apps for some of their services. They ran into a problem though that many government research grants require that all data be stored on servers in the US and google was unable to ensure that as many of their data storage locations are outside the US.

I vaguely remember reading something later that Google changed their architecture so that they could handle just this sort of requirement, but I might be misremembering that and at the time it was a dealbreaker.

Where I work, we use Microsoft OneDrive in the same way - as a repository of files and to facilitate sharing. I like it - it has cut down on huge emails considerably.

It’s never good practice to only have your data in one place. I’d want to maintain an offline backup of the data in Drive which you control. At an individual level, that kind of happens anyway in that your files are also held locally on your computer (at least, this is the case with both OneDrive and the consumer version of Drive - I haven’t used Drive in a corporate setting). While I personally believe that Google are probably better at maintaining data safely than your average corporate IT department, they’re not completely immune to problems.

In terms of security, you can choose who to share files with, but as always, once someone has a copy of the file they can do what they want with it. Bear in mind that access will be tied to the user account, not a particular computer. There’ll be nothing stopping a user logging into their account from their personal devices and accessing corporate data. For this reason, it’s even more important than normal to remember to revoke users’ access when they leave the business!

The other worry around security is the fact that Google might get hacked and evil people will get all your data. How much this bothers you will depend on what you’re storing and the potential impact if it becomes public. Again, I generally tend to think that Google will have better security experts than most businesses (although I accept they’re also a bigger target).

There’s a similar problem in the EU - regulations require that certain data is stored within the EU, or in countries with strong data protection laws.

Depends how much you trust Google. It’s private in the sense that if a Google Drive user creates a Docs spreadsheet and doesn’t share it with anyone, then no-one will be able to access it unless they have the password (and, ideally a two-factor authentication token as well).

Personally, I’d rather use a password manager for this sort of thing. I use LastPass*, but there are others. It’s a better tool for the job - unlike Google Drive, it can do things like automatically log into websites for you and automatically change your passwords with a single click.

  • Yes, I know they got hacked :slight_smile: . As it happens, I signed up after that, and I take the view that what with randomised 20 character passwords, even if hackers got my encrypted hashes, they’re unlikely to be able to economically break them, and even if they did, anything sensitive has 2FA. And my master LastPass password is very strong and not stored electronically anywhere.

Yes, there is a Google Apps for Government service now. I don’t know if this is what government contractors use, but I hear they provide services that private companies can subscribe to and meet these security restrictions.

Frankly, I think data loss is the thing that Google Drive most protects against. Every file is stored redundantly, with lots of backups. Google is better at ensuring durability of data than pretty much any other company in the world, including yours.

As far as keeping private data private goes, it’s more of a mixed bag. Google is probably also the best at protecting data within the parameters of having an online service, but the simple fact that the data must be available online opens up some attack vectors. Google drive will never be as secure as hard copy in a locked filing cabinet in a safe in your office that only one person knows the combination to.

The security of any application or infrastructure is a really complicated question. Security is not a binary condition – a particular solution might mitigate the risk of certain kinds of security issues to a level you’re OK with, while other security vulnerabilities are not managed well. I’m not terribly familiar with Google apps. I believe the web apps are generally SSL-encrypted, which reduces the risk that someone will snag your documents in transit between you and the Google servers. But that’s just one consideration. It’s hard to say if Google apps fits your security needs without knowing a lot of details about your situation.

I believe this is still a concern. To my knowledge, when you put things on Google apps, you can’t be sure it will stay in the US and be handled only by US citizens. This is a big deal if you’re dealing with data regulated by ITAR, for example.

Anyway, I’m not trying to be unhelpful, but the question you asked is really hard to answer. If you don’t have a security team at your company, you might want to spring for a consultant to assess your needs and make a recommendation.

ETA: I was not aware of Google Apps for Government. Thanks, scr4.

It would not be the first time that a commercial cloud service for government turned out to be not so secure.

Which past incidents did you have in mind?

Also keep in mind, it’s only intended as an alternative for government-run cloud servers - e.g. the kind of task we currently use SharePoint for. I don’t see why a commercial server would be inherently less secure.

It’s somewhat secure, since any IT equipment can be hacked.

Most security issues with GoogleDrive, OneDrive, Dropbox, etc… however arise from people not securing their own IT equipment.
Same passwords for everything, forgetting to log out in public places/work/home, third party access to your IT equipment.