Ex-Employee Claims Your G Suite Data Is Not Encrypted
A report by a former Google employee on the ‘Freedom of the Press Foundation’ website warns organisations that any data stored on Google’s G Suite is not encrypted, can be accessed by administrators and can be shared with law enforcement on request.
G Suite is Google’s set of cloud-based computing, productivity and collaboration tools including Gmail, Drive (for your company documents) and Calendar.
Former Google employee Martin Shelton alleges that files stored within Google’s G Suite have no end-to-end encryption as other Google services do, thereby potentially leaving business data vulnerable to being viewed by Google and by other persons such as Administrators. Mr Shelton reports that:
Not The First Time
This is not the first time that Google has made the news over G Suite privacy. Back in July 2018, The Wall Street Journal highlighted how third-party developers could view Gmail users’ messages.
What Does This Mean For Your Business?
This is clearly some unwanted publicity for Google, particularly when there is fierce competition in the business Cloud services market.
The advice for those worried about G Suite’s privacy and security suggested by former Google employee Martin Shelton is to use G Suite mindfully and give yourself a G Suite audit (Gmail, Drive, and Google-connected activity on mobile devices). This way, if you can see certain data you can assume that the administrator and Google are likely to also be able see it.
Also, if you are concerned about unknown administrators seeing your G Suite data you could consider trying to identify who your G Suite administrators are, what G Suite version you have, whether your organisation is using G Suite Business or Enterprise, finding out what rules have been set in Google Vault and audit logs, and what policies exist for administrative data retention and access.
Mr Shelton also suggests that users may wish to find another cloud service provider that has end-to-end encrypted format to store any particularly sensitive data, or to simply keep data offline or off a computer entirely.