Google Drive for Work's fundamental insecurity

Google Drive for Work is pitched at enterprises and is an appealing collaboration and file sharing option. Unfortunately it has a fundamental flaw: once you take a document outside the Google Drive service itself, any access limitations you imposed on your documents are lost and your documents are completely unprotected.

When you create a document in Drive and share it, you have 3 permissions you can set for the document:

  1. View (in other words, read-only);
  2. Comment (this allows a collaborator to suggest edits and comment on the document using the Suggested Edits feature); and
  3. Edit (full permissions to edit the document and comment on the document).

I created a test document in my work account and shared it with myself at my Gmail address which exists outside my work organisation in Drive. I set the sharing permission for the test document to “View”:

Test_document_-_Google_Docs

There are many reasons why you would want to only allow a collaborator to view a document or restrict their engagement to commenting only. You may not want a collaborator to be able to edit a document or access an editable version until it is ready for them to work with, for example.

When I opened the document in my Gmail-based Drive account, it was marked as “view only” and I didn’t have any of the menu options ordinarily available to me to edit the document. I was, however, able to export the document into various formats and download it to my local machine.

Test_document_-_Google_Docs_-_download_options

I downloaded the test document from my Gmail-based Drive profile in Word’s .docx and OpenDocument Format’s .odt formats and opened them in Microsoft Word 2011 for Mac and LibreOffice 4.3.4, respectively. Neither version had any restrictions on what I could do with the documents at all. They weren’t set to “read-only”. Tracked Changes wasn’t even enabled. The documents were completely accessible and editable. Here is the .docx version open in Word:

Testdocument_docx_Properties_and_Testdocument_docx

and

Test_document_-_unprotected

Here is the .odt version open in LibreOffice:

Properties_of_Testdocument_and_Testdocument_odt

What this means is that sharing permissions available in Google Drive are practically ineffective if a collaborator has the thought to download a version of the document in another format. A response to this criticism may be that Google’s main concern is that the Drive-based version not be accessed in a way the creator isn’t comfortable with but that is a very limited perspective.

Using_Google_Drive_–_Learn_about_new_features

This little workaround makes a mockery of Google’s claims that Drive is secure and enables you to share documents “how you want”. It is also not a viable option for businesses that expect more than cursory protection for their documents which may only be effective when collaborating with someone working purely in the Web or on a Chromebook where the option of downloading a version in a different format isn’t feasible.

I really like Google Drive and I enjoy using it. I have been tempted to remove Microsoft Word from my Mac because Google Docs finally has pretty good document formatting options that work well for legal documents. This workaround totally negates any document level security and means that Drive is very poorly suited for anyone who hopes to exercise control over who can access documents and what sort of access is acceptable.

Better ways to implement these permissions could include –

  1. Not permitting downloads when documents are shared as “view only” and permitting downloads of versions with “Track Changes” (or the equivalent) enabled and locked for documents shared with the “comment” permission; or
  2. Downloadable document versions should be marked as “read-only” if the original permission is “view” and locked with “Track Changes” enabled if the original permission is “comment”.

As Drive stands, its document-level security is virtually non-existent. I hope Google fixes this soon or it will have failed a very basic set of security requirements for documents.

Paul
Enthusiast, marketing strategist, writer, and photographer. Passionate about my wife, Gina and #proudDad. Allergic to stupid

  1. Interesting perspective and good catch. 🙂 On a domain level you can prevent sharing outside of the domain as one way of keeping information on the domain, but it still doesn’t solve this challenge.

What do you think?

%d bloggers like this: