Using Google Drive Encryption – A Guide
Data is big business, both for the companies that generate it and hackers who want to access it for ransomware or to simply sell it to the highest bidder. Indeed, the problem of corporate hacking is only getting worse. In 2022, 1,802 companies experienced data breaches, which affected over 422 million people in the U.S. alone.
Those statistics may make you wonder how strong the encryption is on your company’s Google Drive account. After all, encryption is the shield that deflects nefarious attempts to access your data, so it needs to be strong. This article explains how Google Drive encryption works and what you can do to bolster it.
Google Drive’s Standard Encryption
Google automatically encrypts every file you upload to Google Drive. It also encrypts any files you create within the Google Drive suite, such as those made using Google Sheets, Docs, or Slides.
The company uses AES256 bit encryption for this purpose, which stands for “Advanced Encryption Standard (AES) 256.” It divides any information put through it into blocks, which it encrypts using a cipher so that the text is unreadable to anybody who doesn’t have the key for the information, i.e., people who don’t have access to your document.
Google implements this encryption “in transit,” meaning it’s applied instantly when you upload or create a file in Google Drive.
How to Apply Client-Side Encryption to Google Drive
For many, the use of AES256-bit encryption is enough. It’s a military-grade encryption standard that some claim is impenetrable, at least from hackers using brute-force methods. But that doesn’t eliminate the possibility that somebody could gain access to the key needed to decrypt your Google Drive files, such as a disgruntled employee who still knows the password. Which means you may want another layer of encryption.
Google Drive provides this with client-side encryption.
With client-side encryption, you encrypt Google Drive files on the local level, thus supplementing the protection of the service’s standard AES256-bit encryption. By turning on client-side encryption at the administrative level, you grant your users the option to decide whether to encrypt their files locally.
You need to have a Google account with “super administrator” privileges to enable client-side encryption. Assuming you do, follow these steps:
- Sign into your Google Admin console.
- Locate the “Menu” (indicated by three horizontal lines), and select “Security.”
- Click “Access and Data Control,” followed by “Client-Side Encryption.”
- Scroll to “Apps” and toggle encryption on for the required Google Drive apps.
If you already have client-side encryption set up, specifically on your parent organizational unit, your Google Admin console may ask if you wish to override those settings for the group you’re working on. Select “Override” to do so, choosing either “Inherit” to make the group inherit the settings you have in your parent group or “Save” to override the parent group settings with your new settings.
Note – It may take up to 24 hours for your changes to take effect. Once client-side encryption is activated, your users can make, copy, upload, and tweak encrypted documents via Google Drive.
Making Encrypted Files in Google Drive
With client-side encryption enabled at the admin level, your organization’s users can encrypt files as they create them using two methods.
Encrypt at the Google Drive Level
Follow these steps to encrypt files via Google Drive:
- Sign into your Google Drive account.
- Click “New +” in the top-left corner of the screen.
- Move your cursor over the arrow next to the Google Docs, Slides, or Sheets file you wish to encrypt.
- Select “Blank Encrypted Document/Presentation/Spreadsheet.”
- Create in your “New Encrypted Document” window.
Encrypt at the Google Docs, Slides, or Sheets Level
You can also encrypt documents, slides, and spreadsheets without directly logging into your Google Drive account:
- Open a Google Docs, Slides, or Sheets file.
- Select “File” at the top of the screen.
- Highlight “New” and select “New Encrypted Document/Presentation/Spreadsheet.”
Copying Encrypted Files in Google Drive
You can copy encrypted Google Drive files as long as you’re logged into an account that has access to client-side encryption:
- Either double-click or right-click the file you wish to copy.
- Choose “Make a Copy.”
Copying is versatile, too, as it allows you to add encryption to Google Drive files that don’t already have it, or remove encryption from those that do. After double-clicking or right-clicking on your file, select “Make a Decrypted Copy” to remove client-side encryption from the file, or “Make an Encrypted Copy” to add encryption to files that don’t have it.
Uploading an Encrypted File to Google Drive
Enabling client-side encryption allows users to upload and encrypt previously unencrypted files from their local devices:
- Log in to your Google Drive account.
- Select “New +” from the navigation bar.
- Highlight “File Upload,” and select “Encrypt and Upload File.”
- Choose the file you wish to upload from your device’s directory.
Adding Encryption to an Existing Google Drive Document
You may have existing Google Doc, Slide, or Sheet documents that you want to further protect with client-side encryption. The process is simple, though there are some caveats. Follow these steps to encrypt your document:
- Open the Google Doc, Slide, or Spreadsheet.
- Choose “File” from the navigation bar, followed by “Make a Copy.”
- Select “Add Additional Encryption.”
As for the caveats – there are some features in Google documents that either have to be removed or lose their dynamic traits when you encrypt them.
Features that encryption removes from the document include:
- E-signature fields
- Any protected ranges
As for the loss of dynamism, the following features become static upon encryption:
- Link forms
- Connected Sheets
- Any charts, tables, or images embedded in the file
- Most external data functions
So, your document loses some of its usability, making applying client-side encryption to an existing document something you should only do if you’re happy with a static document.
Encrypted Google Drive Files on Android and iOS Devices
Unfortunately, Google Drive doesn’t provide Android and iOS device users with the ability to create, copy, or upload client-side encrypted files. But it’s not all bad news – you can still download and preview encrypted files on both types of devices.
However, even that feature isn’t perfect. Android and iOS users can’t access encrypted Google Docs, Slides, or Sheets files because they’re not yet supported. You can only access file types that Google Drive supports but aren’t part of the Google suite of document creation tools, such as Microsoft Word and PDF files.
Encryption Made Easy With Google Drive
You don’t have to use any complicated third-party workarounds (though third-party encryption is possible) with Google Drives. The app automatically encrypts anything you create in it or upload to it with AES256-bit encryption, plus you can activate client-side encryption for localized protection. By combining these two encryption formats, your documents are guarded against any malicious intruders.
Now, we’re ready to hear from you. Do you think the encryption tools that Google Drive provides are enough to protect your documents? Have you had any issues with people accessing Drive files without permission? Tell us about it in the comments section below.