How we can ensure the security of files in Google file stores often arises as a concern for people who are not familiar with how Google Drive Security works. Once you understand some of the key concepts they can serve to allay any fears.
Mike Dunn from the Teaching and Learning team has delivered training on Google Workspace and its applications since the University of York became a Google Institution. He has a deep understanding of how the "old" style file stores work compared to the newer file stores offered by Google. In these three articles he discusses the different security aspects of each file store. This will help you to understand that the security of files is very much dependent on how you apply the file security features.
The most common approach developed for saving files on computer systems is based on an hierarchical or ‘tree’ approach. It works really well when we’re organising our own documents, and as long as our computer has appropriate security, will keep them away from prying eyes.
Where these filing systems start to fall down is when groups of people need to share access. We often work with shared drives, and although technically you can control access to individual folders and files, in practice it’s not easy to do; mostly we end up with a large number of people having full access to a large number of documents, with no way of knowing who has edited or deleted what. It’s a bit like giving people a master key that will let them into more or less any room in the building.
The applications we’ve been using for a long time with these systems do not allow simultaneous editing, and if you want someone who doesn’t have access to the drive to see or edit a document, the only option is to start sending copies around as attachments. At this point you lose control of what happens to them.
In an age when many users expect to be able to access documents from a range of locations using a range of devices, traditional shared drives are not straightforward.
The starting point for Google Drive is that documents should be available almost anywhere, with any device, and should be usable by more than one person at once - but they should also be secure.. They’ve achieved this by putting content onto a password-protected file-store that is accessed through the internet, with any internet-enabled device, and by developing applications designed for collaborative use.
Security works by assigning access permissions to each and every folder and file, based on the identity of each user, potentially giving a much more secure system. Instead of giving people a master key, it works like the electronic locks that need your University card identity.
Organising documents is always important, and to make life easier, permissions are inherited within folders, allowing entire folders of content to be easily shared, but with the knowledge that security will be maintained.
Google Drive is very flexible, allowing you to control access to each and every folder and document. In some circumstances, however, this complexity is unnecessary, in particular when you have a clearly defined group of people who each need a consistent level of access to the same collection of material. Google Shared drives (formerly Team Drives) were designed for this situation.
Any user can create a new Shared drive, and then individuals and Groups can be added as members, each one being allocated one of five levels of permission. These are: Manager, Content manager, Contributor, Commenter or Viewer. The permission set for an individual or Group will apply to each and every folder and file over the whole Shared drive, and all content will be owned by the Drive, not by the users when you add members. These people will be able to do anything except add and remove other members from the drive - you have to be a Manager to do that. Generally it’s a good idea to have at least two Managers, and anyone else needing full editing can be a Content Manager. Contributor access is good for people who need to edit documents but you don’t want them moving things around. They will still be able to add users to individual files.
There is some limited flexibility: you can upgrade permissions for a single user or Group for individual files; you can grant individuals who are not members of the drive access to individual files; and you can turn on link sharing, again for individual files. If you find you need to change permissions in this way frequently, Shared drives are probably not really suitable for what you're trying to do.
Bear in mind, too, that if you grant a non-member Manager or Content Manager status they will be able to remove files from the drive, at which point they become the owner. It’s best to limit non-members to Contributor or lower.
Any security system is only secure if it’s used correctly. Five-lever mortice locks are great, but not if you leave the key under a flower pot, or dangle one on a string inside the letterbox.
Likewise, documents on Google Drive are very secure when you understand and make effective use of the security features. Security is based around identity - either individual or group. Identities are used to determine who has access to what. In this context, role-based identities are not a good idea, as they require password sharing.
Setting permissions also determines what those with access can do. They may be able to organise and edit folders, or only view the contents; users with access to files may have full editing capabilities, may be restricted to adding comments and suggestions or may just be able to read the content.
Wherever possible, permissions should be set at folder level, as this will be inherited by the contents, but with the option of changing for individual documents if necessary.
One slightly confusing feature is called ‘link sharing’. This is how you grant access based only on the URL, or link, not on a person’s identity. It’s the least secure way of sharing access, so only use it when you have to.
Do you want to grant access for specific individuals at the University? Leave ‘Who has access’ set to ‘Private’ and share with individual or group identities.
Do you want to grant access to external individuals with their own Google accounts? Leave ‘Who has access’ set to ‘Private’, share with their individual identities and set an expiry date.
Do you want to make content viewable by anyone at the University from a link on a web page or other document? Turn ‘link sharing’ on, set it to ‘Anyone at University of York with the link’ can view. Other listed users can still be granted comment and edit access.
Do you want external users browsing the University website to be able to read a linked document? Set ‘link sharing’ on, set to ‘Anyone with the link’ can view.
Do you want an external user with no Google account to collaborate on a document? Link sharing is the only option in this case. You must set it to ‘Anyone with the link’ can… set it to edit if you absolutely must, preferably comment if that will be suitable, and set a reminder in your calendar so you remember to turn link sharing off after the deadline.