5 STEPS TO SECURE GOOGLE DRIVEBACKUPIFY – AUGUST 2012
5 STEPS TO SECURE GOOGLE DRIVEBackupify, Inc. 2INTRODUCTIONIntroduced a few months ago, Google Drive is more than just an online place tostash files. Google Drive is integrated into many Google applications includingGoogle Apps and lets you access your information from just about anywhere –including mobile devices. But what kind of risks do you face by uploading yourdata to the cloud? We address Google Drive-specific security issues below.TIP #1: USE TWO-STEP VERIFICATIONThe biggest risk to your data is your credentials, which for most of us is an easilyguessed password. Two-step verification is one of the surest ways to secure yourGoogle Account (which gives you access to Google Drive, of course). Once enabledyou’ll have to enter not only your password but a second code Google sends toyour mobile phone via text message. It doesn’t add much time to the loginprocess and is infinitely more secure. Why? If someone tries to hack your accountthey’ll need your password AND your phone.Google’s short DIY on how to setup two-step verification can be found here.TIP #2: SETUP RECOVERY ON YOUR GOOGLE ACCOUNTIt can happen – let’s say you lost control of your account to a third party (you leftyour account logged into on a public computer, forgot to lock your computer,someone guessed your password). Google Drive users should be more concerned
5 STEPS TO SECURE GOOGLE DRIVEBackupify, Inc. 3than anyone, especially if they’re uploading identity-theft grade files like taxreturns or insurance documents.Fortunately, losing control of your account isn’t the end of the world. You cansetup account recovery options which will allow you to regain control of yourGoogle Account. Things you can do include adding a security question, use ofyour mobile phone, and most importantly, setting up an alternate email address.TIP #3: SECURE YOUR FILES BY APPLICATIONThink of Google Drive as a backend platform – while it can simply store files, it’salso designed to act as a storage subsystem for applications (Google Apps, forexample, now uses Google Drive instead of the defunct Google Documents). Youcan find apps that store photos, videos and even faxes in Google Drive inthe Chrome Web Store. Why is it important to think about security on a per-filebasis? You may not want to give a video editing app access to last year’s W2 form.While it probably won’t hurt, keep in mind that most apps for Google Drive arenot developed by Google (read: third-party). It’s not that we don’t trust anyone,but why take any risk, no matter how small, if it’s unnecessary?Chances are you won’t be micromanaging access to all of your files (especially ifyou have thousands like I do) – maybe just to that W2 like I mentioned. To revokean app’s permission to a file, right-click the file and click “View authorized apps…”
5 STEPS TO SECURE GOOGLE DRIVEBackupify, Inc. 4and then the Revoke button next to any app you don’t want to have access. Youwill still have access to the file through Google Drive, but the app won’t.TIP #4: CONTROL ENTIRE APPS WITH ONE CLICKDo you want to cut off an app’s access to your data entirely? This would be agood idea if you’re not using the App – and chances are you’ve downloaded onetoo many that is not being used.Go to accounts.google.com, sign in, and click “Security” on the left. Then click on“Authorizing applications & sites”:This page shows you every app that has access to your data and gives you onebutton to revoke all access. Neat!TIP #5: BACKUP GOOGLE DRIVENo matter how much you protect your Google Drive data from outside attacks, it’shard to protect it from yourself. Nearly 63% of all data loss in Google Apps is usererror – cases of accidental deletion tops among them. Moreover, if you’ve shared aGoogle Drive item with another user, they could corrupt or delete thosedocuments through no fault of your own. The best defense against user error (andany other form of data loss) is an independent backup of Google Drive.
5 STEPS TO SECURE GOOGLE DRIVEBackupify, Inc. 5CONCLUSIONIt’s important to be stringent about access to your data. Think about access toyour Google Account for starters; make sure you setup two-step verification andyour account recovery options. Two-step verification is an extra barrier to hackingand recovery means you can regain control of your account should anyoneactually get in. Next we have the issue of third-party apps having access to yourdata in Google Drive. You can setup access on a per-file basis and even lock outentire applications with a few clicks. Lastly, backup of all data is best practice, evenin Google Drive. Remember that Google is doing a lot of unsaid work behind thescenes to keep your data safe, but at the end of the day you’re ultimatelyresponsible for what you upload to the Internet and how you protect it.Hope you’ve got a good backup plan.ABOUT BACKUPIFYBackupify is the leading provider of backup and restore solutions for SaaSapplications including Google Apps, Salesforce, Facebook, Twitter, and more.Backupify was founded in 2008 and is based in Cambridge, MA. Backupify has over200,000 users trusting us with more than 500 million documents, two billion emailmessages and 350 terabytes of data.WHY BACKUP CLOUD DATA?Your data is one of the most critical assets of your business. Like any importantasset, it should be insured. While most SaaS providers, including Google andSalesforce, offer state-of-the-art disaster recovery capabilities that protect youfrom some forms of data loss, you are still at risk for data loss due to user error,hacked accounts and third-party application bugs. To fully replicate your on-premise backup capabilities in the cloud, you need the ability to perform granularrestores, and to retain the control that comes from having your own securesecond copy of the data in your SaaS applications.