Google Drive potentially putting corporate docs at risk
IAITAM warns that Google Drive may create security risks for companies
Google Drive is potentially putting corporate documents and data at risk, according to the International Association of IT Asset Managers (IAITAM).
Google's popular file sharing service has become a common tool for individuals and companies to share data, but the service has some unique features that make it more risky than other comparable services, IAITAM has warned.
Dr Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM), said that there are a number of security aspects of Google Drive that organisations should consider before widespread adoption.
One major factor is the use of one single password for all Google services. That means that most employees will use the same password for their personal Gmail as for Google Drive, making it easier to access. Also, a device that is logged into one service will be logged in to all, meaning a lost or stolen phone that is logged in can be used to access all document on drive.
It is also more difficult to manage passwords for an employee's Google accounts and to ensure they are following good practices for selecting passwords.
An employee who is invited to use Google Drive for company data will also retain access through their single password when they leave the company.
Access permissions for Google Drive can also be unclear, and companies using Google Docs should be very cautious about how employees are using and sharing data, and how open the data is within the company and the wider world.
Google's high profile also makes it a prime target for hackers, Rembiesa said, which increases the risk of companies being caught up in an attack on Google or its services.
Barbara Rembiesa said: "Google Drive is just like any other cloud services. You have to check it out. You have to make sure it's the right fit. You have to have all your Information Technology Asset Management (ITAM) rules and procedures in place and you have to be vigilant as a hawk on an ongoing basis. There are so many things that can go wrong and so many loose ends, that many organisations will find that it's a bit of a nightmare. However, proceeding in blissful ignorance is an even worse option.
"We cannot rely on vendor solutions to substitute for internal security processes. That is something we must take accountability for as an organization and as a profession. The foundational step is knowing what devices are logged in, where those devices are, and who they belong to. That is what IT Asset Management does. ‘You can't secure what you don't know' has been a rallying call of mine for years. As popularity of cloud-based solutions such as Google Drive continue to trend upward, the problem will continue to grow and expand. We must be proactive and develop internal processes."