Whitepaper Introduction The launch of Google’s highly anticipated file synchronization tool has generated widespread attention from both businesses considering a switch to Google’s productivity suite, to Google Apps customers trying to understand the security implications of enabling Google Drive. In this whitepaper, we’ll discuss what Google Drive is, what it means to businesses, and how to secure sensitive corporate data and intellectual property in Google Drive. “Consumer-grade personal file synchronization services are creating huge potential for data leakage, version conflicts and compliance gaps. End-user demand to support home PCs and personal tablets is forcing CIOs into one of three decisions: allow users to do whatever they want, provide an approved and controlled service, or totally forbid the use of such services.” — Jay Heiser, Lawrence Pingree “How to Control File Synchronization Services and Prevent Corporate Data Leakage” Gartner Research At a Glance Intended Audience: • C-level security, collaboration, and trust professionals at companies using or considering the Google Apps productivity suite • Domain Administrators at organizations using Google Apps Takeaway • Readers will learn what Google Drive is, what it means to businesses using the Google Apps productivity suite, and how to secure their data stored in Google’s cloud file server. In This Whitepaper: • Introduction • What is Google Drive • What Does Google Drive Mean to Businesses? • How To Enable, Install, and Secure Data in Google Drive • Best Practices for Protecting Intellectual Property in Google Drive • How to Protect Intellectual Property in Google Docs, Sites and Drive Securing Data in Google Drive The Enterprise Guide to keeping corporate data safe in Google Drive The largest Google Apps customers in the world trust CloudLock to secure their data.
Transcript
Whitepaper
Introduction The launch of Google’s highly anticipated file synchronization tool has generated widespread attention from both businesses considering a switch to Google’s productivity suite, to Google Apps customers trying to understand the security implications of enabling Google Drive. In this whitepaper, we’ll discuss what Google Drive is, what it means to businesses, and how to secure sensitive corporate data and intellectual property in Google Drive.
“Consumer-grade personal file synchronization services are creating huge potential for data leakage, version conflicts and compliance gaps. End-user demand to support home PCs and personal tablets is forcing CIOs into one of three decisions: allow users to do whatever they want, provide an approved and controlled service, or totally forbid the use of such services.”
— Jay Heiser, Lawrence Pingree
“How to Control File Synchronization Services and Prevent Corporate Data Leakage” Gartner Research
At a Glance Intended Audience: • C-level security, collaboration, and
trust professionals at companies using or considering the Google Apps productivity suite
• Domain Administrators at organizations using Google Apps
Takeaway • Readers will learn what Google
Drive is, what it means to businesses using the Google Apps productivity suite, and how to secure their data stored in Google’s cloud file server.
In This Whitepaper: • Introduction • What is Google Drive • What Does Google Drive Mean to
Businesses? • How To Enable, Install, and Secure
Data in Google Drive • Best Practices for Protecting
Intellectual Property in Google Drive • How to Protect Intellectual Property
in Google Docs, Sites and Drive
Securing Data in Google Drive The Enterprise Guide to keeping corporate data safe in Google Drive
The largest Google Apps customers in the world trust CloudLock to secure their data.
What is Google Drive? …………………………………………………………………………………………………………………………………………………………………………………………………………… Google Drive is Google’s new file synchronization service, allowing users to sync documents between computers, tablets, and mobile devices. Each Google Drive account gives the user 5 gigabytes of storage with an option to purchase additional storage space. Making a change to a file in one location automatically makes the change everywhere.
From Google: With Google Drive, you can:
• Create and collaborate. Google Docs is built right into Google Drive, so you can work with others in real time on documents, spreadsheets and presentations. Once you choose to share content with others, you can add and reply to comments on anything (PDF, image, video file, etc.) and receive notifications when other people comment on shared items.
• Store everything safely and access it anywhere (especially while on the go). All your stuff is just... there. You can access your stuff from anywhere—on the web, in your home, at the office, while running errands and from all of your devices. You can install Drive on your Mac or PC and can download the Drive app to your Android phone or tablet. We’re also working hard on a Drive app for your iOS devices. And regardless of platform, blind users can access Drive with a screen reader.
• Search everything. Search by keyword and filter by file type, owner and more. Drive can even recognize text in scanned documents using Optical Character Recognition (OCR) technology. Let’s say you upload a scanned image of an old newspaper clipping. You can search for a word from the text of the actual article. We also use image recognition so that if you drag and drop photos from your Grand Canyon trip into Drive, you can later search for [grand canyon] and photos of its gorges should pop up. This technology is still in its early stages, and we expect it to get better over time.
You can get started with 5GB of storage for free—that’s enough to store the high-res photos of your trip to the Mt. Everest, scanned copies of your grandparents’ love letters or a career’s worth of business proposals, and still have space for the novel you’re working on. You can choose to upgrade to 25GB for $2.49/month, 100GB for $4.99/month or even 1TB for $49.99/month. When you upgrade to a paid account, your Gmail account storage will also expand to 25GB.
What Does Google Drive Mean To Businesses? …………………………………………………………………………………………………………………………………………………………………………………………………………… Google Drive is the onramp to using Google Docs as a Cloud File Server. Until now, Google Apps customers have mainly used the online productivity suite to create new documents, and occasionally upload files to share. By creating an automatic synchronization bridge between users’ desktops and the corporate Google Docs account, we will see:
1. More Corporate Data in Google Apps = More Sensitive Data in the Cloud – When making files available anywhere is as easy as placing them in a folder on the desktop, more data will end up in Google Docs. It’s only logical that this influx of data will include sensitive data containing PII, financial records, and IP. Companies will need the visibility and control to make sure that sensitive information is shared correctly, and in compliance with corporate and industry standards. Luckily, there’s a product for that.
2. Google’s Enterprise Storage Grab – Google Docs has a storage limit of 5 Gigabytes per user when it comes to uploading
files (the limit is not applied to documents created in Google Docs), and the introduction of Google Drive will cause frequent uploaders to hit their storage limit. You can always purchase additional storage ($5 for an additional 20 Gigs is a no-brainer). While an inexpensive add-on, this will cause more businesses to purchase additional Google Docs storage.
3. More Collaboration – With more files in Google Docs, coupled with the ease of sharing, businesses will see more
collaboration on formerly stagnant files buried in a local file system. Google Drive will make Google Docs the primary corporate file share. Just because data is in the cloud, it does not absolve companies of their responsibility to adhere to the same governance, compliance, and risk management practices that were in place for their on-premise data. But again, there’s a product that lets Google Apps customers take advantage of the cost savings and collaboration benefits of the suite while making their data more secure than ever.
How To Enable, Install, and Secure Data in Google Drive …………………………………………………………………………………………………………………………………………………………………………………………………………… With the introduction of Google Drive, enterprises can now offer cloud-based alternatives to other forms of collaboration and fully embrace the collaboration benefits of Google Apps as Google Drive lets users drive more content more easily and securely into Google Docs. In this three-part series, we’ll walk through the steps necessary to enable, install, and secure Google Drive:
1. Enabling Google Drive for the organization’s domain. This task must be performed by the domain administrator 2. Installing Google Drive on end-users’ computers and syncing local folders with the cloud file server 3. Establishing the appropriate controls in Google Drive to make sure that security is not compromised
How To Enable Google Drive for Your Domain
This action is performed by a domain administrator in the Google Apps control panel to enable Google Drive for users: The domain administrator needs to make sure that the right options in the domain settings are selected in order to enable Google Drive:
In order to get fast access to Google Drive for the domain, select Rapid Release and Automatic new services. To allow users to install Google Drive on their computers, go to: Service Settings > Docs and Drive, and check “Allow users to install Google Drive for Mac/PC.” To allow users to download Google Drive Apps, check that option as well.
How To Install Google Drive on End-Users Computers and Synchronize Local Folders
1. Go to https://drive.google.com/start?authuser=0 - home to see if your domain has Google Drive enabled. If your domain has not yet been given access to Google Drive (Google is enabling domains in batches), you’ll see the following:
In this case, you can click “Notify me” to be emailed when your domain has access to Google Drive.
However, if you are able to download Google Drive, continue with the following steps:
2. Once Google Drive is enabled for your domain you will notice the following changes:
What was previously called Google Docs has been renamed to Drive and you can now download and install Google Drive from the Drive menu. You’ll also notice a few other immediate benefits:
• Your storage allocation has been increased to 5GB • You can upload files directly into their designated collection • You can create documents directly in the designated collection (no need to organize after the document is created)
When you click to download and install Google Drive on your machine, you’ll see the following (in our example, we’ll be using a Mac, but the process is similar for PC users):
Click to agree and download
Sign in to your Google Apps Account
Click Next
To start syncing your files to your computer, click “Start sync”. Here are the advanced setup options:
Once your initial sync has completed, you’ll see this message:
How To Secure Data In Google Drive
The same level of control and visibility necessary for Google Docs and Sites apply to data uploaded via Google Drive. There are a few basic steps organizations can take to ensure Google Drive security. 1. Understand Who Has Access- With CloudLock, it’s easy to understand who has access to your sensitive data, and what is
accessible to whom, both inside and outside the domain.
2. Fix Data Exposures- Once you’ve identified data exposures, use CloudLock to set effective permissions on Google Docs and Sites.
3. Monitor For Future Issues- Use CloudLock for Google Apps reporting features to track changes to permissions in your data
environment.
4. Create a Security Policy for Google Drive Content. CloudLock’s Security Policy Engine lets Google Apps customers put
their document security on autopilot with content-aware policies for data in Google Drive allowing organizations to:
• Have visibility and control of how data is being shared inside, outside, and inbound (from the outside in) • Detect and alert on sensitive content shared improperly based on keywords and the content of documents • Delegate control to data owners and managers to offload work from IT
See the following for more instructions on how to create policies with CloudLock’s content aware security Policy Engine
Best Practices for Protecting Intellectual Property in Google Drive ……………………………………………………………………………………………………………………………………………………………………………………………………………
With Google Drive out, organizations are now able to offer a legitimate, enterprise, Cloud-based file sharing alternative to what are considered to be “rogue” forms of collaborations (box.net, dropbox etc). Google Drive lets users drive more content more easily and securely into Google Docs. If your organization has intellectual property that needs to be protected, leaving your acceptable use policy on paper is simply not good enough. Rather, enterprises that need to protect IP stored in Google Drive need to take the following steps: 1. Define the list of keywords that identify intellectual property that might be stored in Google Docs or otherwise in files
uploaded by Google Drive users. Here’s a sample list: trade secret, patent, trademark, confidential, formulas, client lists, private or secret processes.
2. Upload the list to a content and context-aware security policy engine for Google Docs and Google Sites. a. Context Aware – Who are the owners and potential collaborators for this specific Google Doc policy? b. Content Aware – What are the set of keywords relevant to this policy?
3. Audit Google Docs for policy violations that are both context and content-aware. 4. Notify relevant stakeholders entrusted with protecting intellectual property:
a. Trust Officer b. Legal department c. Owner of the violating documents d. Others
5. Take action when a document containing a reference to IP is shared the wrong way (e.g with untrusted external organizations). The administrator can:
a. Revoke excessive access rights for Google Docs and or Sites b. Copy the infringing documents and keep archived copies under a system account c. Transfer ownership of the infringing documents to a system account, in effect preventing the document from being deleted d. All of the above
How to Protect Intellectual Property in Google Docs, Sites and Drive ……………………………………………………………………………………………………………………………………………………………………………………………………………
With Google Drive, organizations are now able to offer a legitimate, enterprise, cloud-based file sharing alternative to what are considered to be “rogue” forms of collaboration. Google Drive lets users drive more content more easily and securely into Google Docs. With more sensitive data and increased collaboration, organizations must take steps to implement the same data loss prevention, auditing, compliance, and data management procedures that are in place for data stored on-premise. Simply leaving an acceptable use policy on paper and telling users not to share inappropriately is not good enough. Here are 5 simple steps enterprises can take to protect IP stored in Google Drive and Google Docs (the names Google Docs and Google Drive are used interchangeably, based on whether your organization has enabled Google Drive).
5 Steps to Protecting Intellectual Property in Google Docs, Sites, and Google Drive Step #1 - Identify Keywords That Designate IP Specific To Your Company. Define the list of keywords that identify intellectual property that may be stored in Google Docs or otherwise in files uploaded via Google Drive. For example: patent, trademark, confidential, formulas, client lists, private, or secret. This can be a simple paper exercise, but make sure that all the stakeholders and various departments that use Google Docs and Google Drive provide input during this critical step. Step #2 - Create Content and Context-Aware Policies. CloudLock’s Security Policy Engine allows you to create policies for Google Docs and Sites, putting the burden of daily security tasks on autopilot. Context awareness is key to identify the owners and potential collaborators for each policy.
Content awareness lets you create a set of keywords relevant to each policy
Step #3 - Audit Google Docs and Sites. Review the violators of each policy and decide on the appropriate actions. Through CloudLock you can click to view all the Documents, Sites and users that violate any policy.
Step #4 - Notify Relevant Stakeholders Entrusted with Protecting Intellectual Property. Once policies are in place, notify and involve the relevant stakeholders. These can one or more of the following: a. Trust Officer b. Legal department c. Owner of the violating documents d. Others Step #5 - Take Action to Protect Intellectual Property. As the administrator for your organization’s domain, when a document containing a reference to IP is shared the wrong way (e.g with untrusted external organizations) you can perform the following corrective actions to make sure your company does not experience any data loss: a. Revoke excessive access rights for Google Docs and or Sites b. Copy the infringing documents and keep archived copies under a system account c. Transfer ownership of the infringing documents to a system account, in effect preventing the document from being deleted d. All of the above You can select some or all document that violate the policy and perform the relevant bulk operation to protect the IP:
About CloudLock CloudLock helps enterprises extend their data security practices and policies to the cloud. CloudLock’s suite of security applications give businesses the controls and visibility they need to take advantage of the collaboration benefits of public cloud offerings, without sacrificing on security. The largest Google Apps customers in the world trust CloudLock to secure their data. For more information about the company or reseller opportunities call (781) 996-4332 or visit http://www.cloudlock.com.
