Just like Gmail, Google Docs is an essential tool for many businesses. But for Google Docs to live up to its promise as the ultimate business collaboration platform, it also needs to be secure. In today’s world, encryption is recognized as the gold standard for data protection across industry lines; over 45% of organizations already have an encryption strategy in place across their organization. Simply put, encryption scrambles data and makes it unreadable without the right key. So how do you encrypt Google Docs?
The answer to this question is more complicated than it first appears. Google Docs—and all Google Drive services—are a type of content collaboration platform (CCP). CCPs are platforms that enable live content creation and collaboration, meaning many users can collaborate in real-time. Live collaboration is a highly sophisticated and dynamic technology, and modern technology is close but not quite ready to support encryption of a live collaborative document without restricting the basic functionality of Google Docs. However, there are several powerful options to work around this limitation and still achieve a high level of security.
Transport Layer Security (TLS)
Despite the complexity of a live platform, there are security measures in place to protectGoogle Docs. In fact, when you access Google Docs (or any other Google Drive app), Google encrypts the connection between your web browser and Google’s servers by enforcing Transport Layer Security (TLS). This protocol uses asymmetric encryption to initiate a secure communication session between the end user and Google Docs, ensuring both are legitimate and haven’t been hijacked by an imposter.
This process keeps data protected in transit, but it stops at the network level. The content in Google Docs themselves is not encrypted, for the reasons discussed above. That means that if the network perimeter is ever breached, or a Google Doc is shared outside your server, your data is vulnerable.
There are also protections in place to secure dynamic data within those channels of collaboration. One form baked into Google Docs is sharding, where chunks of data are broken up into smaller pieces, or “shards,” and then encrypted.
Here’s what that looks like: to enable live collaboration, Docs are constantly communicating with Google’s database to update and save the content. As files are created and edited, constantly transmitting the full payload can be extremely resource-intensive. To make data transmission faster and more secure, Google breaks up that data into shards that are more manageable and easier to send back and forth between the Doc and Google’s servers. Those shards are encrypted in transit and decryptede when they reach their destination.
However, sharding isn’t a perfect solution: It only protects data within Google’s servers and it brings additional wrinkles to an already complex platform. For instance, sharding can cause Google Drive to slow down or crash if the database becomes overloaded. In the worst-case scenario, sharding can lead to lost or corrupted data.
These two native services to encrypt Google Docs are powerful, but they’re also limited. Both methods of encryption protect data at the server or database level. Neither of them encrypts individual Google Docs themselves. As a result, Google Docs are still vulnerable to breaches, leaks or improper sharing practices. So, if you don’t have a way to restrict or revoke access to a document, your data is at risk.
Third-party solutions augment Google’s native encryption practices by addressing that security loophole. While these third parties can’t encrypt live documents for the reasons addressed above, they can encrypt documents or folders before they’re shared.
For instance, Virtru’s solution creates a static copy of the Doc, Sheet, Slide or other file stored in Google Drive. It then encrypts that file with data-centric encryption, so that even if the file is leaked or the server is compromised, the data remains encrypted. With Virtru, you can also encrypt whole folders with a simple right-click, or set a rule that a folder automatically encrypts any document added to it.
These encrypted files support worry-free external sharing. Your files will be encrypted no matter where or how they’re transmitted. Any third-party collaborators can then decrypt the file, add edits or signatures and send back an encrypted version.
To learn more about how Google Drive is encrypted, check out this blog post which goes into more detail about Google Drive’s layers of security—including where those security measures fall short—and highlights the third-party options you can use to augment Google’s native encryption features.[sc name=”key-management-guide” ]
With the right solution, you can encrypt Google Docs and rest assured that your data is secure. To ensure that your online data remains protected, it’s critical to understand the different components of encryption key management, so that you know the right questions to ask when evaluating new and existing encryption technologies. While encryption is a critical part of data security, it’s only as effective as the methods that protect and distribute the keys being used.