Using any cloud app that stores sensitive information has certain inherent risks. Google has native encryption and an excellent security record, but adding additional encryption layers to prevent a single point of failure is a good idea with any cloud service. Fortunately, there are third-party encrypted cloud storage apps that will enhance Google Drive encryption and add other useful features. Here’s what to look for:
Google Drive Encryption Basics
Google Drive encrypts data both at rest and in motion. Data is encrypted using 256-bit Transport Layer Security (TLS). You can tell TLS is active if you see “https” and a closed padlock icon at the beginning of the web address.
When you upload a file to Google Drive, your computer contacts a local server. Your browser and the server execute a “handshake,” initiating TLS and creating a temporary session key, used to securely transfer the file to the server. The server then decrypts the file, contacts Google’s server (or an intermediate server) and repeats the process.
Google Drive encryption is very safe within Google’s network, but you can’t control what path data takes on the way there and back. If it passes through a server that isn’t properly configured or has been compromised, your data could be intercepted by a hacker.
Strong, Client-Side Google Drive Encryption Prevents Interception
With client-side encryption, the file itself is encrypted before it leaves the uploader’s computer. Even if it passes through a broken server, it can’t be decrypted — provided the file encryption app is sufficiently strong. Due to the number of possible combinations involved in guessing a key, 256-bit AES encryption is considered very strong.
Google Drive Encryption Needs Features that Support Your Workflow
Sophisticated encryption key management is a must— particularly for business users. It allows you to control access within your Google Apps (currently known as G Suite) domain, and provide an audit trail. If you have heightened security and compliance needs, look for a service provider that supports Hardware-Backed Encryption Key Management (HEKM). With your own hardware keys, no provider can be forced to disclose the keys protecting your data, which helps support international data residency requirements.
Secure Google Drive Encryption Should Support Gmail
If you can can’t encrypt emails and attachments as well as Drive files, your data is still at risk when you email people outside your organization — particularly if they aren’t Gmail users.
Unfortunately, most email encryption solutions can only send messages to people who have installed the program, meaning they won’t work for most recipients. When you look at the list of encryption options that also integrate with Drive, the options are even fewer.
Virtru provides strong, 256-bit AES encryption inside, as well as, outside of your Google domain. Virtru offers feature-rich access control, including the ability to control forwarding, revoke access or set time expiration on files and emails, as well as, read receipts to audit access, and optional HEKM for added security.
The commercial-grade UX is integrated throughout Google. Users can learn how to encrypt email and Drive files in minutes and communicate securely with anyone — not just Virtru users. That means your data is safe, no matter where it goes.
Learn more about how Virtru provides file encryption in Google Drive.