News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Google Drive and secondary encryption

    Posted on Towson_Steve Comment on the AskWoody Lounge

    Home Forums Admin IT Lounge Google Drive and secondary encryption

    Viewing 6 reply threads
    • Author
      Posts
      • #2312501 Reply
        Towson_Steve
        AskWoody Plus

        Sorry if this is the wrong place for the question, but after searching (and searching), I found a question about Drive that had a breadcrumb pointing here.

        We’re getting into this a little late in the pandemic story, so I hope there’s a fair amount of experience to draw upon.

        There is an office where we have sensitive client information.  With the current surge in COVID, an employee may need to work from home, rather than coming into this office.  The office has a private network to share the client files in-house.  I’ve been asked how to implement a solution.

        I use Google Drive (and backup&sync) personally, and can recommend that, but I have been reading about added layers of security.

        1. I’m looking for recommendations about encrypting the data prior to uploading to the Google Drive cloud.  (I know they also encrypt, but they also scan for data useful to their search engines.)

        2.  Since the data would need to be downloaded and decrypted in order to make changes, should VPN also be used in that process?  (Drive is supposed to be encrypted end-to-end.)

        3.  Since there are a large numbers of clients, would each client need to be encrypted separately?    I’m thinking this is becoming a huge magilla!

         

        Thanks for any advice!
        Towson_Steve

      • #2312683 Reply
        mn–
        AskWoody Lounger

        There is an office where we have sensitive client information. With the current surge in COVID, an employee may need to work from home, rather than coming into this office. The office has a private network to share the client files in-house.

        Well now… this will depend on exactly what is agreed with the client.

        I use Google Drive (and backup&sync) personally, and can recommend that, but

        … I’ve seen client requirements that data not be transferred to a third party even in encrypted form, without specific approval from the client and possibly other requirements. Sometimes that is required by law and not the actual contract.

        In some cases this makes Google Drive and other similar services categorically unsuitable.

        Yes, very possible that you’ll need to get some lawyers involved.

        In my experience, small healthcare businesses might be the worst clients in this because they’ll ask you about what they legally require, and healthcare law is complicated. (I’m in one EU member country, might be different elsewhere but from what I’ve read in the news, different might well mean worse…)

        2. Since the data would need to be downloaded and decrypted in order to make changes, should VPN also be used in that process? (Drive is supposed to be encrypted end-to-end.)

        A VPN without any Google involvement is more likely to fit contract requirements easily.

        And I mean a properly private VPN, the kind that makes your home PC look like it’s in the office. Many of the more “current” office router and/or firewall boxes offer a simple VPN capability for that just waiting to be turned on, but if there are lots of people doing that, a small one might run out of capacity.

        That only leaves the matter of whether the home desks satisfy any contract or legal requirements on premises where work is performed… in some cases I know of, that too might be very difficult, but in others quite easy.

        3. Since there are a large numbers of clients, would each client need to be encrypted separately?

        Depends on the contract and legal requirements with the clients…

        I’ve heard of cases where someone had two work laptops with different security settings, to work from home with two clients with different requirements. And still had to go into the office to do some stuff for a third one who had physical security requirements.

        1 user thanked author for this post.
      • #2312684 Reply
        Paul T
        AskWoody MVP

        There are so many solutions it’s hard to know where to start.

        If your client has servers you could use a secure remote desktop connection to access a machine on the internal network. This is the most secure as the data never leaves the site, although you can copy / paste at home.

        There are secure sharing solutions, like OwnCloud or Tresorit. These manage the encryption for you, unlike GoogleDrive. Google’s GSuite has full encryption.

        It’s really about whether the data is allowed offsite and if so, who will manage that data.

        cheers, Paul

      • #2312693 Reply
        Paul T
        AskWoody MVP

        There is a nice article here about possible solutions.

        COVID-19: The challenges of working from home

        The cheapest is probably remote desktop with Duo for authentication.

        cheers, Paul

        1 user thanked author for this post.
      • #2312730 Reply
        Towson_Steve
        AskWoody Plus

        Thanks, mn- and PaulT !

        You’ve given me much to ponder.

        This is a two person office that has been in business for nearly 20 years.  In-house, the files are stored on one PC, and the associate has a hard-wired network connection to share the files.  The Principle user may retire within the next 18 months, so expenditures are not so attractive.  In fact, the associate user may wind up with the bulk of the business, making all this moot.

        Would you say that a remote console situation might be the ultimate solution for the timeframe?  I would need to bone up on setting that up.   There is no immediate move afoot; just seeking paths for investigation.

         

        Thanks again.

        Towson_Steve

         

      • #2312734 Reply
        Paul T
        AskWoody MVP

        The cheapest and easiest IMO is Duo Free and remote desktop. You need to configure the connection at the office and load the Duo app on your phone, then away you go.

        cheers, Paul

        p.s. I wouldn’t attempt any office connection without 2FA –  too many bad actors trying to access your stuff.

      • #2312735 Reply
        Paul T
        AskWoody MVP

        How Duo works.

        Patch Lady – ransomware attacks

        cheers, Paul

    Viewing 6 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Google Drive and secondary encryption

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.