Is Google Drive secure?
How secure is Google Drive for document sharing & ways to enhance Google Drive security
Learn about the issues with Google Drive security and different encryption or protection methods to secure Google Drive documents and files.
One of Google Drive’s key features is its document sharing capabilities, which make it easy for users to collaborate on projects in real-time over the internet. But though the value and convenience of the cloud storage service is obvious (user data backup, etc.), its security is a little more obscure.
How does Google Drive security work?
How does Google Drive security work?
Google Drive’s security has a few layers:
- Encryption in transit: When you upload a document to Google Drive, it is transmitted using TLS encryption. This prevents it from being intercepted.
- Encryption at rest: The document is also encrypted when it is stored on Google’s cloud servers, using AES 256-bit encryption.
- Google account security: Documents can be shared with users either by sending a link or by choosing a specific Google account. The latter is the more secure option.
- Browser-based security: When a user opens a document, Google Drive enforces editing and printing controls via JavaScript.
Users can take extra steps to enhance their personal security when using Google Drive. This includes using 2FA on their Google Drive account, using a VPN on public Wi-Fi, etc.
Google Drive security may offer a nice balance between security and convenience for casual, home users. If you’re planning to use the cloud storage service to share documents in a business environment, however, there are some important aspects to consider.
Google Drive security concerns: is Google Drive secure?
Google Drive security concerns: is Google Drive secure?
Though Google Drive’s security may sound impressive, several major flaws make it poorly suited for use with confidential files or sensitive information. These include a reliance on browser-based security and Google account security, as well as the security of Google’s servers.
Browser-based security
Google Drive’s browser-based document controls are not effective. This is because Google enforces them using JavaScript, which executes partially on the client side (i.e. on the user’s machine). The user can tamper with code or turn off JavaScript entirely to bypass controls.
For example, a user can remove printing controls by adding ‘/mobilebasic’ to their Google Docs URL and disable JavaScript in their browser’s developer mode. This requires no code and only takes a few seconds. It will additionally allow copying and removal of any watermarks. We cover this in more detail in our blog How secure are Google Docs?
Google account security & vulnerabilities
Another major issue with Google Drive security is that if somebody gains unauthorized access to a user account (via phishing or other attacks), all documents are compromized. The attacker can not only view every document shared with that user but can also use the methods above to extract content. They could potentially even modify files to distribute malware or ransomware.
To combat this, Google offers two-factor authentication. However, this can cause a bit of a headache for admins. While you can make it so that users must have 2FA enabled to log in, this is an instant switch with no grace period. So you must communicate to your users in advance that they need to set it up and hope that they do it in time. Two-factor authentication is also not infallible. Session jacking attacks that bypass 2FA and passwords are becoming increasingly common. Additionally, 2FA does not protect against intentional account sharing or leaks.
Server security
Google services generally have a good server security track record, but no system is perfect. In 2009, Google had its servers breached by Chinese hackers with theft of confidential data. In 2018, a bug exposed the personal data of 52.5 million Google+ users. Additionally, there are privacy concerns. The company allegedly participated in the NSA’s PRISM program, not to mention its other privacy controversies.
Server security is obviously very relevant when you are uploading unencrypted files to Google’s cloud storage that are confidential or sensitive in nature. While files uploaded to Google Drive are encrypted, this would mean very little if Google left the decryption key out in the open or left behind unencrypted temporary files. To be clear, we are not saying that the company does or does not do this, but that’s the point: it is impossible to be certain. This is equally true of any cloud service provider where data security is not transparent.
Google Drive link sharing security
As a side note, Google Drive allows users to use the “anybody with a link can access” option when sharing a file. This makes it even easier for users to share the file with unauthorized users, either intentionally or unintentionally. If using the cloud service in a business, admins should always make sure to turn off link sharing as a PDF on Google Drive and use account sharing instead. Link sharing is just a bad idea to begin with since it is extensively used in phishing attacks.
 | How to password protect a PDF document in Google Drive and why you should not |
Due to the weaknesses in Google Drive’s in-built document security, some organizations password protect Google Docs before upload. The idea is that this provides an additional layer of security should a hacker compromize a Google account. We’ll show you how to complete this process in Drive with a PDF document as an example, and then explain what its issues are.
How to password protect a PDF document in Google Drive
- Download your PDF from Google Drive or open a Google Doc and press “File > Download > PDF document”.
%27%20fill-opacity%3D%27.5%27%3E%3Cellipse%20fill%3D%22%23cacaca%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(51.5%20-263.5%20517.3)%20scale(119.56248%20146.21771)%22%2F%3E%3Cellipse%20fill%3D%22%23c8c8c8%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(72.7083%2038.16048%20-25.31143%2048.22662%20666.6%2020.3)%22%2F%3E%3Cellipse%20fill%3D%22%23fff%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-89.4214%20140.40864%20-490.98658%20-312.69237%20455%20144.3)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- In Adobe Acrobat Pro (or a similar program) press “Protect” in the sidebar, then “protect using password” in the toolbar.
%22%20transform%3D%22translate(2%202)%20scale(4.16406)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%237d7d7d%22%20cx%3D%225%22%20rx%3D%2216%22%20ry%3D%2298%22%2F%3E%3Cellipse%20fill%3D%22%233e3e3e%22%20cx%3D%22150%22%20cy%3D%2214%22%20rx%3D%22129%22%20ry%3D%22158%22%2F%3E%3Cellipse%20fill%3D%22%23616161%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(-98.1%2010.5%208.2)%20scale(44.77093%2016.61528)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Enter and repeat your password.
%22%20transform%3D%22translate(1%201)%20scale(1.95313)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%23595959%22%20cx%3D%2258%22%20cy%3D%22131%22%20rx%3D%2232%22%20ry%3D%2242%22%2F%3E%3Cellipse%20fill%3D%22%23535353%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-10.64492%20-14.44348%2020.96088%20-15.44828%2063.1%2045.6)%22%2F%3E%3Cpath%20fill%3D%22%231d1d1d%22%20d%3D%22M49%2078l204%20167%205-261z%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Upload the password protected PDF in Google Drive.
%22%20transform%3D%22translate(1%201)%20scale(2.14844)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%23bfbad3%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(-161.2%2072.1%2046.4)%20scale(43.23626%2080.92459)%22%2F%3E%3Cellipse%20fill%3D%22%23a794ff%22%20cx%3D%22124%22%20cy%3D%22124%22%20rx%3D%2225%22%20ry%3D%2225%22%2F%3E%3Cellipse%20fill%3D%22%23fff%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-62.66947%20-49.86958%20104.12263%20-130.84751%2012.3%2061.8)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Enter the password to access the file.
%22%20transform%3D%22translate(1%201)%20scale(2.14844)%22%20fill%3D%22%23575757%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20cx%3D%22243%22%20cy%3D%2270%22%20rx%3D%2217%22%20ry%3D%22219%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-73.3664%2017.45468%20-6.54506%20-27.51055%2019.9%2016.7)%22%2F%3E%3Cellipse%20cx%3D%2216%22%20cy%3D%22124%22%20rx%3D%2232%22%20ry%3D%2225%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
Why password protecting documents in Google Drive is problematic
Unfortunately, there are various problems with the above approach:
- The process is unwieldy. To maintain security, you will want to protect each PDF document with a separate password. You then need to find a way to manage and distribute those passwords to users securely. If you decide to set users up with a password manager for their Drive passwords, a compromize of that will result in the password for all documents becoming available.
- Users can still share the PDF passwords along with their account credentials. They can also download the PDF, decrypt it, and share the unprotected document.
- Passwords can still be guessed or brute forced if they are not very long and complex. If they are, then they are difficult for users to remember.
Ultimately, the little protection Google Drive password protection offers is outweighed by the complexity and password management overhead it creates.
How to stop sharing in Google Drive using DRM
How to stop sharing in Google Drive using DRM
A DRM or digital rights management solution is designed from the ground up to provide strong protection and prevent users from sharing, copying, printing and editing files unless they are authorized to do so. Each file is individually encrypted to prevent unauthorized access and DRM restrictions are added to control use. Though there are document cloud services that provide DRM protection, they do not provide client-side encryption. The best way to protect docs is locally so that you never have to upload unprotected documents to a cloud provider where they could be compromised.
How to securely share PDF files with Google Drive
Locklizard Safeguard is PDF DRM software that protects documents without using insecure passwords, browser-based protection, or cloud storage. It instead uses a combination of local encryption, a licensing server, and a dedicated secure viewer application to restrict access and control file use.
Locklizard allows you to protect PDF files before you upload them to Google Drive. You can be sure that nobody can edit your documents and that only those on authorized devices can view them. Print controls cannot be bypassed and are customizable, allowing you to choose whether to allow printing, and if you do, how many copies and in what quality.
Here’s what the process looks like:
- You encrypt a PDF on your local PC and add any DRM restrictions you want to enforce.
- Your protected PDF file is saved to your disk and a document record is created on the Admin System.
- You create a user account for each user you want to view your protected PDF.
- A link to the Viewer and their license file is automatically sent to the user’s email address.
- Once the Viewer is installed and the license file activated (clicked-on) it is registered to that device and cannot be registered elsewhere (unless otherwise specified).
- You control from the Admin System which protected documents each user can access.
- You distribute your DRM-protected docs via Google Drive.
- A protected PDF can only be opened by someone who has been authorized to view it. Depending on your DRM controls, they also cannot be printed, edited, copied, or screen grabbed. Sharing is always prevented since the recipient must be authorized to view the protected Drive file – if they are sent a protected file and have not been authorized to view it, then it will not open. You can also automatically expire PDFs based on their date, number of opens or prints, and instantly revoke access.
A DRM system allows you to continue to distribute your files via Google Drive yet ensure that they cannot be opened by hackers or intentionally leaked. There are no passwords to share, user accounts to be hacked, or unencrypted documents to intercept.
How to secure a document in Google Drive & stop sharing with Locklizard
You can secure Google Drive PDFs using the Locklizard Writer app on your Windows PC in less than a minute.
- Right-click on the PDF and choose “make secure PDF”.
%22%20transform%3D%22translate(1.2%201.2)%20scale(2.41016)%22%20fill%3D%22%23fff%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-.5809%2027.73216%20-106.81608%20-2.23748%20197.3%200)%22%2F%3E%3Cellipse%20rx%3D%2246%22%20ry%3D%2230%22%2F%3E%3Cellipse%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(84.31433%2010.80091%20-3.55798%2027.77434%20176%200)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Select the copy protection controls you want to apply. By default, editing, copying, and printing are disabled.
%22%20transform%3D%22translate(1.3%201.3)%20scale(2.57031)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%234c91c5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(179.5%2055%202.7)%20scale(188.92219%2017.67268)%22%2F%3E%3Cellipse%20fill%3D%22%23fff%22%20cx%3D%22100%22%20cy%3D%22130%22%20rx%3D%2295%22%20ry%3D%2295%22%2F%3E%3Cellipse%20fill%3D%22%23d4d1ce%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-180.49237%2028.49543%20-3.77218%20-23.89328%20132.6%20238.7)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Press the Publish button to protect the PDF.
%27%20fill-opacity%3D%27.5%27%3E%3Cellipse%20fill%3D%22%23d1d1d1%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22rotate(168.9%20164.5%20104.6)%20scale(494.0625%2062.51262)%22%2F%3E%3Cellipse%20fill%3D%22%23fff%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(393.1765%20-23.13948%204.63058%2078.68087%20199.7%2040)%22%2F%3E%3Cellipse%20fill%3D%22%23d5d5d5%22%20fill-opacity%3D%22.5%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(-82.79938%20-45.81606%2023.04825%20-41.6531%2025.1%20159.3)%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
- Add a user account and send them their license via the Safeguard admin portal.
%22%20transform%3D%22translate(1.2%201.2)%20scale(2.41016)%22%20fill-opacity%3D%22.5%22%3E%3Cellipse%20fill%3D%22%2357cae7%22%20rx%3D%221%22%20ry%3D%221%22%20transform%3D%22matrix(90.48772%20.46606%20-.09282%2018.0206%2065.8%207.7)%22%2F%3E%3Cellipse%20fill%3D%22%23eae2e1%22%20cx%3D%22125%22%20cy%3D%2281%22%20rx%3D%22255%22%20ry%3D%2253%22%2F%3E%3Cellipse%20fill%3D%22%239df1bc%22%20cx%3D%2252%22%20cy%3D%2221%22%20rx%3D%2292%22%20ry%3D%226%22%2F%3E%3C%2Fg%3E%3C%2Fsvg%3E)
From this point, only users that you give access to in the Safeguard Admin portal will be able to access the document, and only on devices where they have activated a valid Locklizard license file. By default, users can only activate a license on one computer. This allows you to freely upload documents to Google Drive and even share them with a public link or insert the PDF into a Google Doc by pasting the link into it. Only authorized devices will be able to view your documents and nobody will be able to edit, print (unless you decide otherwise), screenshot, or copy from them.
Google Drive Security: How secure is Google Drive for business?
Google Drive Security: How secure is Google Drive for business?
Google Drive is an excellent, convenient service for casual home users. But is Google Drive secure enough for businesses? No. It relies too heavily on good account security, browser-based controls, and users doing the right thing. And while it might be tempting to password protect a document in Google Drive, this is a band-aid at best. Password protecting PDFs in Google Drive might stop an account hacker from being able to easily view all of your documents, but it won’t stop intentional sharing and it will introduce massive password management and safety headaches.
If you must upload sensitive or confidential PDFs to Drive, it is more secure to protect them with a PDF DRM solution first. See how you can stop sharing by taking a 15-day free trial of our DRM software.
FAQs
FAQs
Can you password protect documents in Google Drive?
Google Drive doesn’t have a built-in password protection tool, but you can download documents and protect them locally, or use a Google Docs add-on to quickly upload the file to an online password protection tool and download it again. However, we do not recommend password protection or add-ons in general due to their inherent security failings and management overheads.
Are Google Drive documents secure?
Google Drive documents are not secure by default. Though they are AES 256-bit encrypted in transit and at rest, the encryption key is tied to user accounts, and not individual files. Additionally, this encryption does not stop authorized users from sharing documents with unauthorized ones, nor do Google Docs controls, which can be easily bypassed.
Is Google Drive secure for tax documents?
If they are just your personal tax documents and you have very strong account security, Google Drive’s 256-bit encryption may be secure enough. However, if you are planning to share the documents with others (such as an accountant), it is important to keep in mind that a you have no control over use of those documents.
You may also want to consider the fact that you cannot verify how secure Google’s servers are or how securely they store their decryption keys. You also won’t be able to stop somebody from intentionally sharing your tax documents as Google Docs controls are useless.
Is there any way to secure Google Drive / How do I make sure Google Drive is secure?
You should take a three-pronged approach to Google Drive security:
- Training: Make sure your users are aware of the risks of Google Drive and the best practices to minimize them. Educate them on session jacking attacks, etc.
- Account security: Force all users to adopt 2FA and set strong password requirements to minimize the chances a Google account will be compromized.
- Protect your documents with DRM before uploading them to Google Drive. This will ensure that only authorized users can view and print them.
Is Google Drive Sheets secure?
No. Just like Google Docs security, Google Sheets’ copying, printing, and editing controls are enforced by the browser and are therefore easy to bypass. Additionally, if the user you share the sheet with has their account compromized, the hacker will immediately gain access to the files you’ve shared with them.
Is Google Drive encrypted?
Yes. Google Drive uses 256-bit AES encryption, which would take current supercomputers millions of years to crack. Files uploaded to Drive are encrypted in transit and at rest. However, it is worth noting that files are not individually encrypted using separate keys, zero-knowledge encryption, or passwords – they are all encrypted with the same security key. It is not possible to verify whether Google creates or stores the encryption key in a secure manner. If you want to share files securely with others or prevent Google employees accessing them then you should encrypt them before uploading to Google Drive.
Can you encrypt or password protect a Google Drive folder?
It is not possible to lock or password protect a Google Drive folder with a different password from the one that is used to access your Google account. You have to use third party file encryption software to encrypt folders and files before uploading them to Drive such as Boxcryptor.
Is Dropbox or Google Drive more secure?
Dropbox is slightly more secure because it allows you to add passwords to files and set an expiry date for them. However, it is still far from being suitable for the protection of sensitive and confidential documents – see secure file sharing for more info.
Are Google Drive files safe from hackers?
Not at all, since a hacker only has to compromize an account to gain access to all of the documents created by and shared with it. This is a major reason why Google Drive should not be used for confidential and sensitive data without additional protection measures in place.
Can anyone see into my Google Drive?
External users can only see into your Google Drive data if you have shared files or folders via a public link (i.e. sending it by Gmail). In this case, anybody with the link can view that file or folder.
Is Google Drive safe for confidential information? What kind of encryption does Google Drive offer?
Google Drive uses 256-bit AES encryption, but this does not necessarily make it safe for confidential information. Due to poor implementation of document controls and reliance on Google account security, it is too easy for Google Drive files to be leaked, whether intentionally or via a hacker.
Is Google Workspace more secure than regular Google Drive?
Google Workspace security offers admins greater control over user account security and allows users to add client-side encryption to files. However, this still does not fully address the core flaws with Google Drive security.
How can you stop sharing with Google Drive?
Blocking users sharing on Google Drive is impossible because there are just too many ways to create unrestricted copies of documents. If you want to stop sharing on Google Drive, you should protect the file with a DRM solution first.
Can you restrict download of files in Google Drive?
Though you can remove the download option from files in Google Drive, in practice this doesn’t stop the downloading of most file formats. This is because users can still copy and paste from and print documents (using a simple bypass). Likewise, image files can be screenshotted, video files, recorded, etc.
Is Google Drive secure enough to share files?
It depends on what kind of files you’re sharing. Google Drive is great for sharing day-to-day files with friends and family, but its security is not sufficient for the sharing of sensitive or confidential business documents.
How secure is Google Drive for Business?
Google Drive for Business (Google Workspace) makes it easier for admins to secure user accounts from phishing attacks etc. However, it does not make any major changes to its file sharing capabilities. Documents and images shared with authorized users via Google Drive are still easy to copy and share.
ABOUT US
CONTACT
