IAITAM: Google Drive Poses Special Challenges Businesses Rarely Consider In Advance

CANTON, Ohio, July 12, 2018 /PRNewswire/ -- Google Drive is free, relatively easy to use, and available to everyone with a Gmail account. No wonder that the cloud-based server storage service (in the same league as Dropbox, Microsoft OneDrive, and others) is seen as such a comfortable fit for hundreds of thousands of medium- and small-sized businesses that need a place to put documents and to work on them remotely.  But Google Drive can be a "nightmare" for unwary businesses that fail to understand the associated risks and how to manage them.

As Dr. Barbara Rembiesa, president and CEO of the International Association of IT Asset Managers (IAITAM) points out, the time to look at Google Drive security issues is on the front end of the process.  But few businesses do so; 50 percent of those surveyed recently were so confident in the security of their cloud services that they never even bothered to explore the issue.  Burying your head in the sand is never a solution, given that 15 percent of business cloud users already have been hacked.  If a catastrophic loss of confidential business information is what it takes to prompt you to look into Google Drive security, it's already too late.

IAITAM President and CEO Barbara Rembiesa said: "Google Drive is just like any other cloud services.  You have to check it out.  You have to make sure it's the right fit.  You have to have all your Information Technology Asset Management (ITAM) rules and procedures in place and you have to be vigilant as a hawk on an ongoing basis.  There are so many things that can go wrong and so many loose ends, that many organizations will find that it's a bit of a nightmare.  However, proceeding in blissful ignorance is an even worse option."

Real vulnerabilities to Google Drive that need to be considered very carefully by business owners:

• One password is your passport to the world of Google. That makes it easy to get into Gmail and Google Drive … and, in fact, maybe it makes it too easy. An employee who stays logged in to Gmail on their desktop or smartphone is also logged into Google Drive.  Consider these facts:  70 million smartphones are lost each year, with only 7 percent recovered; 4.3 percent of company-issued smartphones are lost or stolen every year; 52 percent of devices are stolen from the office/workplace, and 24 percent while at conferences.  That means millions of phones and laptops are stolen every year where people are signed into Google and, therefore, Google Drive. Unfortunately, Google Drive does not automatically log users out after a period of inactivity.
• Even if your company uses good password "hygiene" when it comes to company accounts, you may be laxer when it comes to personal Gmail accounts used to access Google Drive.  This is a problem particularly for medium- and small-sized companies that may be using the free or low-cost version of Google Drive.  Your Google Drive is every bit as vulnerable as every employee who accesses it with a Google password that is weak, predictable and easily cracked. There are many wrinkles to this:  How tough are your standards for part-time/seasonal employees and independent contractors who access your Drive?  What about clients who are given permissions to review and edit documents and spreadsheets under production?
• Google is catnip for hackers.  It seems like some software provider, app maker or website builder is always the top target for hackers. For years now, Google is a prime target for hackers. In one recent case, 24 million Gmail accounts were exposed.  And there have been several "phishing" attacks over the years to trick Google users to give up their credentials.  While you may consider your company too small or unremarkable to be a target of hacking, that does not mean you cannot get caught up in a wider hack of Google that leaves all the confidential business information in your files vulnerable.
• Confusing Google Drive "permission" settings can lead to disaster.  Some users may find the Google Drive "permission" settings too confusing. And it's the "permission" part of Google Drive that companies using Google Docs should be very cautious about. Understand how your employees are using and sharing data is critical. Are they limiting it to their own view or only certain people?  Or, are they opening it up to everyone on your company's domain … or the whole Internet?  It's easy to get this wrong and the consequences for confidential information can be huge.

SOURCE The International Association of Information Technology Asset Managers, Inc. (IAITAM), Canton, OH.