Virtru Security Insights

Join 10,000+ Security Professionals Who Receive Our Content Every Month

Encrypt Google Drive for Layered Security and End-to-End Protection

Getting the Most Out of Google Drive – Part 3 of 3.

Google’s native security and control features offer fundamental data protection capabilities. Google Drive’s native sharing and information rights management features give admins basic control over their files and folders, while Drive’s built-in security controls leverage several encryption methods to secure data at-rest and in-motion encryption. But for many enterprises, G Suite’s native security functionality will come up short of meeting data privacy needs and heightened compliance requirements.

Once companies realize they need to encrypt Google Drive for defense in depth, it’s important to understand the features and gaps in third party security solutions.

Drive Encryption Point Solutions

Several vendors provide file encryption point solutions to encrypt Google Drive files and folders, such as Sookasa, BoxCryptor, and Axcrypt. These vendors offer encryption for Drive but have complex implementation processes and restrictions in their control and administration capabilities that prevent successful enterprise-scale deployments.

Drive Sync Client

These solutions do not directly integrate with G Suite to encrypt Google Drive, so end users (or their admins) first need to download a separate Drive sync application that stores Drive files on their desktop. Google offers two options for this: Google Drive Backup and Sync, and Google Drive File Stream. Both applications synchronize file changes between the cloud and your desktop, appearing as a new folder in the computer’s file directory.

Encryption Point Solution Client

The point solution must also be installed as local client software to encrypt Google Drive files. Once installed, the local client creates a virtual drive on your computer. The point solution should then detect the local Google Drive folder from the Drive sync client and nest it within the new virtual drive. When configured properly, this enables synchronization of encrypted content between the encryption solution’s virtual drive, the added desktop Drive folder, and online Drive files.  

However, synchronizing the point solution with the Google sync client is not always straightforward, and if not configured properly, documents will not actually be encrypted, exposing your Drive files to data leaks and unauthorized access.

Limitations of Point Solutions for Enterprise Security and Control

While point solutions may meet basic encryption needs, they have significant limitations in larger deployments and common enterprise use cases.

These tools don’t address the big picture. They lack the breadth of capabilities needed to persistently protect data and manage access throughout the entire data lifecycle. They don’t offer enhanced controls like document watermarking or advanced privacy  features such as customer-hosted hosted encryption keys. Audit capabilities are limited to basic access and sharing workflows. Granular visibility throughout the document’s lifecycle on who has accessed documents when and where is not available. Point solutions also fail to integrate with the full enterprise security stack including DLP, classification, SIEM, and key management infrastructure, limiting the confidentiality, control, and flexibility that many enterprises need.

Sharing and Administration Drawbacks

Enterprises using Google Drive rely on it for seamless sharing and collaboration, yet these point solutions require external collaborators to install local file encryption software, create new accounts, and manage another password, burdening external partners and customers with unwanted friction. In some cases, external sharing breaks end-to-end encryption. For example, when sharing encrypted files externally with Sookasa, if the recipient doesn’t have Sookasa installed, Sookasa’s servers decrypt the file and serve it via SSL, giving Sookasa access to your unencrypted data.

Administration is also cumbersome. As noted above, multiple pieces of client software need to be installed and configured for users to synchronize and protect files, so administrators must implement very carefully to prevent synchronization issues and avoid data leak risks. Some vendors offer individualized customer support (at an extra cost), but self-service administration features are few and far between.

For organizations who need end-to-end protection plus seamless collaboration, enhanced access controls, enterprise-ready administration and audit, and customer-hosted keys, these solutions will fall flat.

Introducing Virtru Google Drive Encryption

We’re excited to announce Virtru Google Drive Encryption, recommended by Google and designed specifically to meet enterprise data protection needs. Virtru Google Drive Encryption adds a critical layer of advanced security that unlocks Drive’s potential for private, compliant, and controlled file collaboration, while overcoming the limitations of point solutions discussed above.

Virtru gives organizations persistent protection and control for any Drive file, wherever it’s shared. Enterprises can create, store, and share files in Google Drive, while preventing Google and other third parties from accessing confidential enterprise data and complying with the most stringent regulations.

Virtru’s seamless user experience is embedded directly into Google Drive, never requiring local client software, separate applications, or new workflows. End users protect files on-demand with the click of a button for ease of use that minimizes support costs. Virtru enables seamless and secure external sharing – authorized external collaborators don’t even need to set up a Google account. Enhanced access controls like document watermarking secures external sharing workflows even further.

Virtru Drive Encryption also comes with flexible key management options that give customers direct control of the encryption keys that secure Drive documents, preventing unauthorized access and government surveillance. Customers can choose between hosting in a hybrid cloud or on-premise, with hardware security module (HSM) integrations that support your existing cryptographic operations. Virtru also provides granular audit capabilities that enterprises need for complex compliance reporting workflows, with fine-grained visibility into who has accessed and shared content (with details on when and where) and SIEM integrations.

Google Drive Security: How Your Options Stack Up

Learn more about how Virtru can encrypt Google Drive files to give your organization the protection and control necessary to keep files private and prevent data leaks.