Google Drive is more than just an online place to stash files. Actually, it integrated into many Google applications including Google apps and lets you access your information from just about anywhere, including mobile devices. Improving you Google Drive security would be an important issue for you. We are going to introduce some useful tools to improve your Google Drive security.
Google dominates many aspects of our digital lives: emails, internet search, navigation, cloud storage, and so much more. That domination demands trust.
Can you trust Google with your documents, pictures, and memories? How do they keep your private files secure when you pass the baton of trust and upload your files to Google Drive?
Well, Google encrypts your files when your data is resting (as well as in transit too). Is Google Drive’s integrated encryption enough to keep your private files safe from harm? Let’s find out how you should improve your Google Drive security.
How Google Drive Does Security
- Before your data leaves your device, it is encrypted using the TLS standard. This is the same standard used to encrypt your browser connections to secure (HTTPS) websites. It is then uploaded to Google.
- After your data reaches Google, it gets unencrypted then re-encrypted using 128-bit AES. While not the 256-bit algorithm that most other services use, this is still perfectly fine. This is done on-the-fly before the data is actually stored, which prevents the possible leakage of unencrypted data on their hard drives.
- The AES encryption keys that were used to encrypt your data are then, themselves, encrypted with a rotating set of master keys. This adds another layer of security by requiring a second set of encryption keys to get to your data.
- This process is simply reversed when one of your devices retrieves your data from Google.
How Does Google Drive Encryption Work?
Google Drive uses AES-256 to protect file transfers, and AES-128 to encrypt your files at rest. AES is a very secure encryption algorithm without any currently feasible attacks, and is the current US Government encryption standard.
Your Google Drive account, then, keeps your files extremely secure when the upload completes and when your files are at rest.
Incoming data is split into chunks, then Google Drive encrypts each chunk with a unique data key. The data key is then further encrypted with a specific key encryption key (wrapping the data encryption key) and stored by Google.
In addition to the double set of encryption keys, you can also protect your Google Drive with two-factor authentication (2FA), and you can use that 2FA with a secure password manager to add another layer of security.
In truth, there is no easy way to show you how Google Drive encryption works or what it looks like in a folder. Google purposefully doesn’t provide forward-facing information for Google Drive customers within the Google Drive environment. Like many things “Google,” it just works. The system does have a few minor flaws, though.
The Biggest Issue of Google Drive: Security and Privacy
Google Drive’s encryption has two main issues:
- During the upload process, your file has TLS protection. TLS stands for Transport Layer Security and is designed to protect data in transit. However, when your data arrives at the gates of your Google Drive, it is momentarily decrypted before being encrypted again. Why? Google rapidly scans and analyzes the file before encrypting it. There is very little chance of leakage, but it is still a slight flaw.
- You are never in control of the encryption keys. It means that you never have 100 percent control over your Google Drive data. Of course, you have 100 percent control in decision making. If you don’t like losing control of your encryption keys, read on for some solutions.
Your files are secure with Google Drive. Yes, Google encrypts them internally. But no, that doesn’t mean Google isn’t using you for advertising (it is their business model, after all). The bottom line is that if you’re using a free Google product, then you have no true expectation of complete privacy.
I use Google Drive all the time. It’s a great and easy to use bridge between my desktop and laptop. However, I don’t use it for sensitive files, and realistically, nor should you. Other, more secure options are available.
Alternatively, there are tools you can use to increase your Google Drive privacy and security further.
Tips for Improving Google Drive Security and Privacy
You can bulk out your Google Drive encryption using a client-side encryption tool. What does that mean?
Well, instead of sending your files as-is to Google, you encrypt them on your own system first, then send them to your Google Drive. Check out these useful encryption tools to your Google Drive security.
Cryptomator tops this list. It is free, open source, has no backdoors, and requires no user registration. Better still, it is easy to set up and works on Windows, macOS, various Linux distributions, iOS, and Android (the Android and iOS apps aren’t free, however).
Cryptomator uses transparent encryption to make it feel like nothing extra is happening to your files, keeping your productivity at the same level. The major difference is the addition of a Cryptomator vault. The vault resides on your Google Drive. But you have a virtual hard drive to access and modify your files. Cryptomator encrypts each file you add to the virtual hard disk individually. Meaning if you only edit a Word document, only the Word document changes. The rest of your files remain encrypted at all times.
Cryptomator is a free, open source project—but it is donationware. Small donations keep amazing projects like Cryptomator ticking over. So do consider supporting if possible.
Next up, Boxcryptor. Boxcryptor is a free product, but with limitations. For instance, the Boxcryptor free subscription grants users access to the basic Boxcryptor version, a single cloud provider, and only two devices.
First, download and install Boxcryptor (Windows,Mac). When you are finished, it will tell Windows users to reboot to finish installation, and then you’ll see the Boxcryptor login window. If you don’t want to create a Boxcryptor account right now, click the three dots in the lower right-hand corner, go to Local Account, and click the Setup Account link. Since you are creating an offline account, you need to be responsible for the key that you use to decrypt your files. The program will ask you to affirm that you’re aware that losing the key file will make it impossible to decrypt your files. To continue, check the box and click the Create Key File button. Give this file a name and click the Save button.
Once you’ve logged in, you’ll see a window displaying a virtual Google Drive, plus a side window with several short tutorials on the the program’s mechanics. When you click and drag a file to the Google Drive folder, you will get a prompt asking if you want to encrypt it. Files encrypted with Boxcryptor will have a small green padlock on their icon. When you drag a file out of this folder, it will automatically decrypt, since you are logged in to your local decrypt account.
Although this version of Boxcryptor is free, there are a few drawbacks. One, you can’t share these files with other people unless they have your decryption password, which is generally not something that you want to share. Everything that you encrypt with Boxcryptor uses the same password to decrypt it. So someone who can open one of your files could open all of them. The other main disadvantage is that the company can’t reset your password. If you want those two features, you’ll need to sign up for a premium Boxcryptor account, which is $48 per year (which works out to $4 a month).
3. Rclone with Crypt
It is a command line program to sync files and directories from Google Drive (and a long list of other services, too). Rclone is open source and offers a huge range of control and customization in their cloud service sync process.
In that, the crypt function allows you to encrypt your Google Drive files on your system before syncing. The video below is a thorough walk-through of how to do this.
Rclone with Crypt is an advanced tool. It takes a bit of setting up but once done grants you extensive control and improve your Google Drive security.
You now understand a little more about how Google encrypts its cloud services. Your documents are secure, albeit lacking privacy. There are a few options available to expand your security and privacy.
Your Google Drive always has one weak-link that is you. Users like you and me are always the potential weak link, and that is something only improved with better security education.