In a few years, almost everyone has become accustomed to the benefits of the cloud, without realizing that we use it every day technological milestone which was until recently sci-fi. You drag the file to your personal space and forgetwith the proviso that security is more than guaranteed. After all, we’re talking about great Google, right?

The reality is a little more complicated, especially if we use Google Drive to store sensitive information from a personal or professional point of view. Google Drive, like other similar services, allows you to store your data in the cloud. But where is the cloud. Neither you nor I can know the data is stored on thousands of servers around the world.

From the moment you upload something to your cloud, data security does not depend on you, but on the company that provides you with the service. Google is a leader in cloud technologies, invests billions of euros in security and infrastructure, and has an unsurpassed technical team, so it’s clear that the benefits outweigh the risks, but still We must not be tempted to think he is invulnerable.

Google, precisely because of its size and the huge amount of data it hosts, is and priority target for hackers and cybercriminals. Of course, a head-on attack wouldn’t make much sense, but with millions of users using it with their Google Account, it’s a very interesting temptation to hack your browser, extension, or spyware.

The site is full of comments with phishing, fake sites that mimic Google Drive, or attractive downloads of movies or ebooks that hide malware under the seeming security of Google storage.

Here comes another important variable: the Privacy. The history of what Google does with the data we store on Drive has changed over time and with pressure from users and regulations. The current terms make it clear that personal information is not shared without the user’s consent, but also warns that it is checking all your files and may delete anything that violates their policies. Please note that we are not only talking here about illegal content, but which third party (in this case Google) considers “inappropriate”.

In its Terms of Service, Google states that «we may review the content to determine if it is legal or in violation of our program policiesand we may remove or refuse to disclose it if we reasonably believe that it violates our policies or the law. “.

How is this “content check” done? According to Google, the automated system scans and detects suspicious files, which are then examined by human experts. Once they have been awarded, they should be left where they are, restricted access to third parties, removed, excluded users from all Google services, or notified authorities.

Finally, it should be recalled that Google in Europe is subject to European Union privacy and data protection legislation, with all that follows personally but even more professionally. At this point, I recommend consulting information on GDPR and storing professional files in the cloud.

How Google Drive protects your files

Google Drive uses encryption 256-bit SSL / TSL for files in transit and encryption keys 128-bit AES for files inclhusband. Simply put, Google uses the highest level of security when uploading, downloading, or browsing files stored on Drive. When you don’t touch them, they are stored using 128-bit encryption.

It should be noted that data is never 100% secure, not even on Disk, much less on your PC or on an old flash drive that you use for important documents. However, the risks skyrocket when we “move” data over the Internet, so it’s important to maintain the highest level of encryption.

If hacker If they could access your network and intercept data that you send or receive from Google Drive, the level of encryption would make it very difficult to access it. Google also sends files in layers or chunks, so there’s no point in getting just one. Each time we update a file, a snippet is updated, a new AES key is created, and the old one is discarded, which increases security at all stages of the process.

So far we have talked about server-side security. Google has keys from the clipboard where your files are stored. Here we need to think about the importance of the data we store what we can do on our side to further increase your security, regardless of Google’s decision.

Eight steps to improve Google Drive security

1.- Create a Security review. Click this link (you’ll need to enter your Google information) to review the recommendations and make any necessary changes.

2.- Activate two-factor verification. This will prevent hackers from accessing your account, even if they are able to steal your password. If you want maximum security, it is better to choose a physical key system than SMS.

3.- Add recovery options in your account. Try to make your secondary email unique and not use it to register on other websites. And, of course, be extremely careful with the messages or alerts that reach you on your chosen phone.

4.- Check all an application that has access to your Google products (note, not just Google Drive) and disable those you don’t need or don’t provide the right level of security. Sometimes it pays to pay for more security for convenience.

5.- A basic recommendation that is not only useful for Drive. Never, ever use the same password for more sensitive services. Managers like LastPass, Keepass or Bitwarden (this is my favorite) can help you generate strong and secure passwords.

6.- Yours mobile device are a dangerous entry point. Always activate the screen lock on mobile phones, tablets or laptops and be especially careful when using them with public WiFi.

7.- If you are going to upload sensitive documents, the best option is encrypt them before uploading to the cloud. So even in the event of a breach, they could not reach them. There are many alternatives, but I recommend Boxcryptor, Cryptomator or Drive itself if you have a corporate account and this option is enabled. The analogy of carrying out this process is to keep the safe to which we have the key inside another that we trust.

8.- Have a plan B for your most valuable data. another cloud. External disk in another physical space. OUR. Whatever you prefer, but don’t give the keys to your entire digital life in one company.

The security level of Google Drive is simply very high (and similar to other alternatives such as Amazon, Microsoft, or Apple), but we must not fall into the trap of “fake security.” There is no invulnerable service and transferring our data to a third party is not without risk.

In addition, you should be aware that Google scans your files, collects data about them, and may delete them or notify authorities if necessary. The the alternative is to stand on one side and follow the recommendations which we suggest to you, including encrypting the data that you think no one should ever see.