Google is able to access sensitive G Suite customer data, former employee warns

Users urged to keep sensitive data away from G Suite due to the lack of end-to-end encryption

Employees whose organisations deploy G Suite have been urged to stay mindful of keeping sensitive data on the productivity suite, following a report that suggests Google and IT admins have extensive access to private files.

Google itself, as well as administrators within a business, have vast access to the files stored within G Suite, and can monitor staff activity, according to a former Google employee. This data, which is not protected by end-to-end encryption unlike other Google services, can even be shared with law enforcement on request.

Advertisement - Article continues below

This level of intrusion is necessary to perform essential security functions for business users, such as monitoring accounts for attempted access, ex-staffer Martin Shelton claimed in his post, but, in turn, this demands enormous visibility on users' accounts.

Organisations using G Suite Business or G Suite Enterprise have even offered administrators powerful tools to monitor and track employees' activity, and retain this information in a Google Vault.

"In our ideal world, Google would provide end-to-end encrypted G Suite services, allowing media and civil society organisations to collaborate on their work in a secure and private environment whenever possible," Shelton said.

"For now we should consider when to keep our most sensitive data off of G Suite in favour of an end-to-end encrypted alternative, local storage, or off of a computer altogether."

Advertisement
Advertisement - Article continues below

Of particular concern is a sense of uncertainty over who within Google has access to user data kept on its servers. Shelton added that Google claims to have protections in place, but that it's not known how many employees are able to clear the bars set by the company.

Advertisement - Article continues below

These protections include authorised key card access, approval from an employee's manager as well as the data centre director, as well as logging and auditing of all instances of approved access.

G Suite administrators, meanwhile, can see a "remarkable level" of user data within an organisation in light of the powerful tools offered by Google. G Suite Enterprise offers the most amount of access into users' activities, with G Suite Business allowing for slightly more restricted visibility.

These tools include being able to search through Gmail and Google Drive for content as well as metadata including the subject lines and recipients of emails. Administrators can even create rules for which data is logged and retained, depending on how they wish to configure their G Suite.

Related Resource

The definitive guide to backup for G Suite

How to find exactly what you need to keep your data safe

Download now

Audit logs, for example, lets IT admins see who has looked at and modified documents, while the use of apps like Calendar, Drive and Slides can be monitored on both desktops and mobile devices.

Advertisement - Article continues below

Shelton has recommended that employees audit their own use of G Suite and be mindful of any sensitive data that's either kept in Drive or discussed with others via Gmail.

The former employee has also suggested users get details from their G Suite administrators pertaining to the level of visibility they have over employees within their organisation, including which rules they've enabled as part of Google Vault.

Concerns over privacy within G Suite have emerged in the past after accusations were made in 2018 that third-party developers were able to view users' Gmail messages.

Google said, at the time, that such a practice was normal across the industry and users had already granted permission as and when this occurred.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement
Advertisement

Recommended

Visit/software/355486/zoom-review-are-we-alone-now
video conferencing

Zoom review: Are we alone now?

29 Apr 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020