(The post was written in February 2016, so I understand if the post doesn't account for service advancements since then. However, leaving this as is, especially given its high page rank, isn't doing readers a service.)
There are certainly reasons to not rely on Google Drive (or Dropbox, Box, or other cloud file sharing options) for workflow-driven, automation-aided document management, which is discussed in the post. But the first two reasons are just plain inaccurate, and taken at face value, can inhibit organizations who have complex needs and limited resources from taking advantage of commonly used cloud offerings.
Let's start with reason #1 ("Google Drive is Difficult to Administrate"). The basic premise here is that IT administrators don't have the control over folder and file access that they do in more centrally controlled systems, and that control is exceedingly important to maintaining data security. While that sounds bad, let's consider that once someone has access to download a file or folder, they can then share it with whomever they want via email, some other file sharing mechanism, or by printing it out. Further, people are more likely than ever to find the best tools for their work, especially if IT is clinging to admin-centric rather than user-centric services. Data protection and security, absent an environment that is so restrictive that it allows only the most basic functionality at all, is often a combination of technical capabilities, corporate policies, and user training to provide a secure and productive environment.
The roles of policy and training in protecting an organization's data cannot be emphasized highly enough (but here's a few links for your reading pleasure):
- http://www.enterprise-cio.com/news/2016/jan/22/importance-security-awareness-training-enterprise-it-governance/
- http://www.information-age.com/importance-creating-cyber-security-culture-123465778/
- https://nces.ed.gov/programs/ptac/pdf/issue-brief-security-training.pdf
For example, your HR employees need to store sensitive information like social security numbers, names, birthdates, and direct deposit banking information. If they store this information in Google Drive, there is a good chance that other employees can see it, too. Obviously, that’s not a good idea.Storing this data in a spreadsheet in any location is ill-advised and no technology is going to fully protect against it happening. In a security-aware culture, though, the data steward would more likely consult with IT on the best way to store that data and prevent inappropriate disclosures.
On to reason #2 ("Google Drive Only Uses SSL Encryption"). When considering your data security, it's certainly crucial to consider data at rest as well as data in motion. This post asserts that data stored in Google Drive are encrypted in motion, but not at rest, linking to an article that says the same thing. That would be disconcerting and likely put people off using G-Suite. However, Google is fairly upfront about their encryption, making a topic-specific whitepaper available for public view. It articulates how data are encrypted at rest and in motion, as well as how encryption keys are managed. The short version is that with the possible exception of video files, data uploaded to or created in Google Drive/Docs/Slides/Sheets are encrypted. It's also one part of Google's overall security approach. Dropbox and Box have similar information available about their security and encryption approaches.
When considering cloud storage for your organization, security and risk management should be right alongside usability and collaboration in your priority list, and doing your research is important to making a sound decision. The major cloud service providers get it, and have embraced data security and protection as cornerstones of their storage services. Saying otherwise is outdated and unhelpful.
