Here are five key takeaways from the webinar that shed light on the importance of balancing productivity and security when using Google Drive
In our most recent webinar, Metomic CEO Rich Vibert was joined by Oyster's Director, Sr. Managing Counsel, Trust & Technology, Jeffrey May, and Payfit Espana's Vice President IT & Security, James Moos delved into the complexities of data security within Google Drive, discussing the benefits and risks of using this popular SaaS tool.
Here are five key takeaways from the webinar that shed light on the importance of balancing productivity and security when using Google Drive:
Rich Vibert kicked off the discussion by highlighting the exponential growth in SaaS applications. He noted, "From 2020, there were about 80 SaaS applications per organisation. By 2023, that number has risen to about 130 and continues to increase." This surge is driven by the need for streamlined operations and accelerated time to market.
Google Workspace, including Google Drive, is one of the most widely used productivity tools across various organisations due to its collaboration features. However, this increase in productivity comes with a price. Vibert emphasised, "more security, privacy, and compliance risks are introduced to the business." Balancing the benefits of these tools with their inherent risks is a challenge for many security professionals.
Jeffrey May highlighted the difficulty in achieving visibility and control over data within Google Drive. He emphasised that the default settings of Google Workspace often do not provide adequate visibility into the sensitive data stored and shared within the organisation.
"If you can't see it, you can't protect it," May noted. Even with higher-tier subscriptions that offer more enterprise-level features, security teams often struggle to keep track of data movements and access within Google Drive.
The trio discussed the fact that human error is the leading cause of data breaches in Google Drive.
Citing an IBM study, Vibert revealed that "95% of data breaches are the result of human error." Examples such as the American College of Pediatricians and the UK NHS leaving sensitive files publicly accessible were mentioned to illustrate this point. These incidents highlight how easily files can be accidentally shared with the wrong audience, leading to significant compliance and reputation risks.
Finding the balance between security and productivity requires subtle and user-friendly security measures. James Moos discussed the use of warning prompts or banners when sharing files externally. "It's not going to massively change the outcome if someone's determined or not paying attention, but it can just be enough to catch people that want to do the right thing," he explained. This approach aims to build a human firewall by making employees more aware of their actions without significantly hindering their workflow.
The importance of leveraging DLP technology like Metomic to automate security controls within Google Drive was also highlighted. Jeffrey May mentioned the effectiveness of tools that automatically change sharing permissions after a set period, thereby minimising the risk of outdated, sensitive data being accessible to unauthorised users.
"Being able to say, for example, 'yes, you can share that file publicly, but after 14 days, that share is going to be changed back to restricted.' That's incredibly valuable for us." Such automated controls help manage security risks without disrupting business operations.
To learn more about the risks of Google Drive, watch the webinar in full here.
It’s scary how easy it is to upload sensitive data to Google Drive and share these files and folders with other people - not just within your company, but potentially beyond that too.
With our FREE Google Drive Scanner, you can: