Huge amounts of Google Drive files containing sensitive data are lacking proper protection

An abstract image of cloud storage.
(Image credit: Shutterstock/Marko Aliaksandr)

A report by data security company Metomic has revealed a concerning reality about Google Drive usage among businesses, highlighting the amount of sensitive data that’s being kept in cloud storage drives without adequate protection.

The study, which scanned around 6.5 million Google Drive files, found that more than two-fifths (40.2%) contained sensitive information that could put organizations at risk of data breaches and cyberattacks.

Metomic also found that one-third (34.2%) were shared with external contacts, and a further 350,000 documents had been shared publicly, giving anyone with a link access.

Protect your Google Drive files

Among the sensitive data identified in the files analyzed by Metomic were confidential employee contracts and spreadsheets containing passwords. The company also flagged 18,000 files as critical level, meaning that they contained highly sensitive data or that file permissions had not been applied securely.

In reference to Google Workspace’s three billion users, Metomic CEO Rich Vibert said: “It’s mind-boggling to think of how much sensitive data is accessible to people outside of an organization and how blind most security teams and business leaders are to this.”

The alarming findings underscore the importance of businesses taking proactive measures to secure the data they store in cloud storage drives, including but not limited to Google Drive. The includes implementing proper data classification and access controls, conducting regular security audits, and even issuing employee training on data protection best practices.

With data breaches becoming increasingly prevalent and more costly – IBM says that the average cost of a data breach has increased 15% over the past three years – organizations must prioritize data security to safeguard their sensitive information.

Vibert concluded: “The best way to prevent a data breach is to protect your business’ vulnerable data so that it does not end up in the wrong hands.”

A Google spokesperson told TechRadar Pro: "Google agrees that organizations should take advantage of the best tools to secure their sensitive data and we have strong protections that we encourage all organizations to employ." They include:

  • "Check Google’s automatically generated data protection reports in your Google Workspace Admin Console. This is the best first place to investigate where your current risks are and what the best next steps are to improve your data protection posture.
  • You can then start by implementing automatically suggested Data Protection rules as well as setting specific Data Loss Prevention policies to protect your specific organization and clawback high risk shares.
  • Trust Rules enable the creation of fine-grained sharing controls for users who handle particularly sensitive data, limiting broad oversharing and unauthorized file access.
  • Drive Labels enable the classification of sensitive files through manual and automated means, from which reporting and access controls can be implemented such as Label-based DLP policies.   
  • Using Context-Aware Access, you can create granular access control policies for apps that access Workspace data based on attributes, such as user identity, location, device security status, and IP address."

More from TechRadar Pro

Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!