Whitepaper

Introduction

The launch of Googles highly anticipated file synchronization tool has generated
widespread attention from both businesses considering a switch to Googles productivity
suite, to Google Apps customers trying to understand the security implications of enabling
Google Drive.

In this whitepaper, well discuss what Google Drive is, what it means to businesses, and how
to secure sensitive corporate data and intellectual property in Google Drive.

Consumer-grade personal file synchronization services are
creating huge potential for data leakage, version conflicts and
compliance gaps. End-user demand to support home PCs and
personal tablets is forcing CIOs into one of three decisions:
allow users to do whatever they want, provide an approved and
controlled service, or totally forbid the use of such services.

Jay Heiser, Lawrence Pingree
How to Control File Synchronization Services and Prevent Corporate Data Leakage
Gartner Research

















At a Glance

Intended Audience:

C-level security, collaboration, and
trust professionals at companies
using or considering the Google
Apps productivity suite
Domain Administrators at
organizations using Google Apps

Takeaway

Readers will learn what Google
Drive is, what it means to
businesses using the Google Apps
productivity suite, and how to
secure their data stored in Googles
cloud file server.

In This Whitepaper:

Introduction
What is Google Drive
What Does Google Drive Mean to
Businesses?
How To Enable, Install, and Secure
Data in Google Drive
Best Practices for Protecting
Intellectual Property in Google Drive
How to Protect Intellectual Property
in Google Docs, Sites and Drive

Securing Data in Google Drive
The Enterprise Guide to keeping corporate data safe in Google Drive
The largest Google Apps customers in the world trust CloudLock to secure their data.

What is Google Drive?


Google Drive is Googles new file synchronization service, allowing users to sync documents between computers, tablets, and mobile
devices. Each Google Drive account gives the user 5 gigabytes of storage with an option to purchase additional storage space.
Making a change to a file in one location automatically makes the change everywhere.





From Google:

With Google Drive, you can:

Create and collaborate. Google Docs is built right into Google Drive, so you can work with others in real time on
documents, spreadsheets and presentations. Once you choose to share content with others, you can add and reply
to comments on anything (PDF, image, video file, etc.) and receive notifications when other people comment on
shared items.
Store everything safely and access it anywhere (especially while on the go). All your stuff is just... there. You can
access your stuff from anywhereon the web, in your home, at the office, while running errands and from all of your
devices. You can install Drive on your Mac or PC and can download the Drive app to your Android phone or tablet.
Were also working hard on a Drive app for your iOS devices. And regardless of platform, blind users can access
Drive with a screen reader.
Search everything. Search by keyword and filter by file type, owner and more. Drive can even recognize text in
scanned documents using Optical Character Recognition (OCR) technology. Lets say you upload a scanned image
of an old newspaper clipping. You can search for a word from the text of the actual article. We also use image
recognition so that if you drag and drop photos from your Grand Canyon trip into Drive, you can later search for
[grand canyon] and photos of its gorges should pop up. This technology is still in its early stages, and we expect it
to get better over time.

You can get started with 5GB of storage for freethats enough to store the high-res photos of your trip to the Mt. Everest,
scanned copies of your grandparents love letters or a careers worth of business proposals, and still have space for the
novel youre working on. You can choose to upgrade to 25GB for $2.49/month, 100GB for $4.99/month or even 1TB for
$49.99/month. When you upgrade to a paid account, your Gmail account storage will also expand to 25GB.





What Does Google Drive Mean To Businesses?


Google Drive is the onramp to using Google Docs as a Cloud File Server. Until now, Google Apps customers have mainly used the
online productivity suite to create new documents, and occasionally upload files to share. By creating an automatic synchronization
bridge between users desktops and the corporate Google Docs account, we will see:

1. More Corporate Data in Google Apps = More Sensitive Data in the Cloud When making files available anywhere is as easy
as placing them in a folder on the desktop, more data will end up in Google Docs. Its only logical that this influx of data will
include sensitive data containing PII, financial records, and IP. Companies will need the visibility and control to make sure
that sensitive information is shared correctly, and in compliance with corporate and industry standards. Luckily, theres a
product for that.

2. Googles Enterprise Storage Grab Google Docs has a storage limit of 5 Gigabytes per user when it comes to uploading
files (the limit is not applied to documents created in Google Docs), and the introduction of Google Drive will cause frequent
uploaders to hit their storage limit. You can always purchase additional storage ($5 for an additional 20 Gigs is a no-brainer).
While an inexpensive add-on, this will cause more businesses to purchase additional Google Docs storage.

3. More Collaboration With more files in Google Docs, coupled with the ease of sharing, businesses will see more
collaboration on formerly stagnant files buried in a local file system.

Google Drive will make Google Docs the primary corporate file share. Just because data is in the cloud, it does not absolve
companies of their responsibility to adhere to the same governance, compliance, and risk management practices that were in place
for their on-premise data. But again, theres a product that lets Google Apps customers take advantage of the cost savings and
collaboration benefits of the suite while making their data more secure than ever.

How To Enable, Install, and Secure Data in Google Drive


With the introduction of Google Drive, enterprises can now offer cloud-based alternatives to other forms of collaboration and fully
embrace the collaboration benefits of Google Apps as Google Drive lets users drive more content more easily and securely into
Google Docs.

In this three-part series, well walk through the steps necessary to enable, install, and secure Google Drive:

1. Enabling Google Drive for the organizations domain. This task must be performed by the domain administrator
2. Installing Google Drive on end-users computers and syncing local folders with the cloud file server
3. Establishing the appropriate controls in Google Drive to make sure that security is not compromised













How To Enable Google Drive for Your Domain

This action is performed by a domain administrator in the Google Apps control panel to enable Google Drive for users:

The domain administrator needs to make sure that the right options in the domain settings are selected in order to enable Google
Drive:





In order to get fast access to Google Drive for the domain, select Rapid Release and Automatic new services.

To allow users to install Google Drive on their computers, go to: Service Settings > Docs and Drive, and check Allow users to install
Google Drive for Mac/PC. To allow users to download Google Drive Apps, check that option as well.




How To Install Google Drive on End-Users Computers and Synchronize Local Folders

1. Go to https://drive.google.com/start?authuser=0 - home to see if your domain has Google Drive enabled. If your domain has
not yet been given access to Google Drive (Google is enabling domains in batches), youll see the following:





In this case, you can click Notify me to be emailed when your domain has access to Google Drive.









However, if you are able to download Google Drive, continue with the following steps:

2. Once Google Drive is enabled for your domain you will notice the following changes:



What was previously called Google Docs has been renamed to Drive and you can now download and install Google Drive from the
Drive menu.

Youll also notice a few other immediate benefits:

Your storage allocation has been increased to 5GB
You can upload files directly into their designated collection
You can create documents directly in the designated collection (no need to organize after the document is created)

When you click to download and install Google Drive on your machine, youll see the following (in our example, well be using a Mac,
but the process is similar for PC users):



Click to agree and download








Sign in to your Google Apps Account





Click Next







To start syncing your files to your computer, click Start sync. Here are the advanced setup options:





Once your initial sync has completed, youll see this message:




How To Secure Data In Google Drive

The same level of control and visibility necessary for Google Docs and Sites apply to data uploaded via Google Drive. There are
a few basic steps organizations can take to ensure Google Drive security.

1. Understand Who Has Access- With CloudLock, its easy to understand who has access to your sensitive data, and what is
accessible to whom, both inside and outside the domain.




2. Fix Data Exposures- Once youve identified data exposures, use CloudLock to set effective permissions on Google Docs
and Sites.




3. Monitor For Future Issues- Use CloudLock for Google Apps reporting features to track changes to permissions in your data
environment.




4. Create a Security Policy for Google Drive Content. CloudLocks Security Policy Engine lets Google Apps customers put
their document security on autopilot with content-aware policies for data in Google Drive allowing organizations to:

Have visibility and control of how data is being shared inside, outside, and inbound (from the outside in)
Detect and alert on sensitive content shared improperly based on keywords and the content of documents
Delegate control to data owners and managers to offload work from IT

See the following for more instructions on how to create policies with CloudLocks content aware security Policy Engine



Best Practices for Protecting Intellectual Property in Google Drive


With Google Drive out, organizations are now able to offer a legitimate, enterprise, Cloud-based file sharing alternative to what are
considered to be rogue forms of collaborations (box.net, dropbox etc). Google Drive lets users drive more content more easily
and securely into Google Docs.

If your organization has intellectual property that needs to be protected, leaving your acceptable use policy on paper is simply
not good enough. Rather, enterprises that need to protect IP stored in Google Drive need to take the following steps:

1. Define the list of keywords that identify intellectual property that might be stored in Google Docs or otherwise in files
uploaded by Google Drive users. Heres a sample list: trade secret, patent, trademark, confidential, formulas, client lists,
private or secret processes.
2. Upload the list to a content and context-aware security policy engine for Google Docs and Google Sites.
a. Context Aware Who are the owners and potential collaborators for this specific Google Doc policy?
b. Content Aware What are the set of keywords relevant to this policy?
3. Audit Google Docs for policy violations that are both context and content-aware.
4. Notify relevant stakeholders entrusted with protecting intellectual property:
a. Trust Officer
b. Legal department
c. Owner of the violating documents
d. Others
5. Take action when a document containing a reference to IP is shared the wrong way (e.g with untrusted external
organizations). The administrator can:
a. Revoke excessive access rights for Google Docs and or Sites
b. Copy the infringing documents and keep archived copies under a system account
c. Transfer ownership of the infringing documents to a system account, in effect preventing the document from
being deleted
d. All of the above

How to Protect Intellectual Property in Google Docs, Sites and Drive


With Google Drive, organizations are now able to offer a legitimate, enterprise, cloud-based file sharing alternative to what are
considered to be rogue forms of collaboration. Google Drive lets users drive more content more easily and securely into Google
Docs.

With more sensitive data and increased collaboration, organizations must take steps to implement the same data loss prevention,
auditing, compliance, and data management procedures that are in place for data stored on-premise. Simply leaving an
acceptable use policy on paper and telling users not to share inappropriately is not good enough.

Here are 5 simple steps enterprises can take to protect IP stored in Google Drive and Google Docs (the names Google Docs and
Google Drive are used interchangeably, based on whether your organization has enabled Google Drive).

5 Steps to Protecting Intellectual Property in Google Docs, Sites, and Google Drive

Step #1 - Identify Keywords That Designate IP Specific To Your Company. Define the list of keywords that identify intellectual
property that may be stored in Google Docs or otherwise in files uploaded via Google Drive. For example: patent, trademark,
confidential, formulas, client lists, private, or secret.

This can be a simple paper exercise, but make sure that all the stakeholders and various departments that use Google Docs and
Google Drive provide input during this critical step.


Step #2 - Create Content and Context-Aware Policies. CloudLocks Security Policy Engine allows you to create policies for
Google Docs and Sites, putting the burden of daily security tasks on autopilot.

Context awareness is key to identify the owners and potential collaborators for each policy.




Content awareness lets you create a set of keywords relevant to each policy




Step #3 - Audit Google Docs and Sites. Review the violators of each policy and decide on the appropriate actions. Through
CloudLock you can click to view all the Documents, Sites and users that violate any policy.





Step #4 - Notify Relevant Stakeholders Entrusted with Protecting Intellectual Property. Once policies are in place, notify
and involve the relevant stakeholders. These can one or more of the following:
a. Trust Officer
b. Legal department
c. Owner of the violating documents
d. Others Step

#5 - Take Action to Protect Intellectual Property. As the administrator for your organizations domain, when a document
containing a reference to IP is shared the wrong way (e.g with untrusted external organizations) you can perform the following
corrective actions to make sure your company does not experience any data loss:
a. Revoke excessive access rights for Google Docs and or Sites
b. Copy the infringing documents and keep archived copies under a system account
c. Transfer ownership of the infringing documents to a system account, in effect preventing the document from
being deleted
d. All of the above
You can select some or all document that violate the policy and perform the relevant bulk operation to protect the IP:








About CloudLock

CloudLock helps enterprises extend their data security practices and policies to the cloud. CloudLocks suite of security
applications give businesses the controls and visibility they need to take advantage of the collaboration benefits of public cloud
offerings, without sacrificing on security. The largest Google Apps customers in the world trust CloudLock to secure their data.
For more information about the company or reseller opportunities call (781) 996-4332 or visit http://www.cloudlock.com.




CloudLock 203 Crescent St., Ste. 105 Waltham, MA 02453 781-996-4332 cloudlock.com