“Unlimited file storage, collaborative editing and perfect privacy” – free of charge!
Google Docs seems too good to be true, and it is. Cloud-based storage compromises the security of Google Docs in ways that no school board can afford. A study by Netskope found that roughly 15% of business Cloud users have been hacked. (“How Secure is Google Drive? 10 Things You Need to Know about Cloud Security,” Cloudfindhq.com) Expert warnings make it abundantly clear: Google Docs is insufficiently secure for organizations such as school boards that deal with sensitive information.
Staying off the cloud altogether is the best bet for protecting the sensitive information that school boards deal with all the time. That is the inescapable conclusion of a recent survey of industry experts by Cloud Security Alliance (Bob Villino, “The Dirty Dozen: 12 Top Cloud Security Threats for 2018,” CSOonline, Jan. 5, 2018). The report identifies a veritable Pandora’s box of dangers awaiting the trusting souls who turn to cloud-based storage solutions. In order of the severity of the risk, those dangers are:
- Data Breaches. The cloud puts non-public information at risk of being viewed by outside parties. These breaches can result from human error, vulnerabilities of apps that are used to access the cloud or poor security practices. Data Guardian’s Data Insider warns: “Even if the cloud service provides encryption for files, data can still be intercepted en route to its destination. The best form of security against this threat would be to ensure that the data is encrypted and transmitted over a secure connection, as this will prevent outsiders from accessing the cloud’s metadata.” (Mauricio Prinzlau, “Six Security Risks of Enterprises Using Cloud Storage and File Sharing Apps,” Data Insider, March 22, 2016.)
- Insufficient Identity, Credential and Access Management. CSOonline describes this risk: “Bad actors masquerading as legitimate users, operators, or developers can read, modify and delete data; issue control plane and management functions; snoop on data in transit or release malicious software that appears to originate from a legitimate source.”
- Insecure Interfaces and Application Programming Interfaces (APIs). Cloud-based information is affected by every program and system through which users access the data – a factor over which the school board has no control once data is stored in the cloud.
- System Vulnerabilities. Such vulnerabilities refer to “exploitable bugs in programs that attackers can use to infiltrate a system to steal data, taking control of the system or disrupting service operations.” CSOonline reports that such attacks are on the rise: “With the advent of multi-tenancy in the cloud, systems from various organizations are placed close to each other and given access to shared memory and resources, creating a new attack surface.”
- Account Hijacking. If attackers get access to a user’s credentials, they can eavesdrop on activities and transactions, manipulate data and redirect clients to illegitimate sites. Google boasts mandatory two-factor authentication as a safeguard against hijacking. They are right that this feature marks an improvement over single-factor authentication, but it does not eliminate the risk of being on the cloud in the first place, especially considering that both passwords are also stored on the cloud. (Prinzlau)
- Malicious Insiders. By using Google docs, a district opens its information not only to outside hackers, but also to a broad new vista of insiders – Google’s own IT personnel. Many school boards turn to the cloud when they realize that local hosting of data makes them susceptible to break-ins by their own employees, be they by malice or by accident. Inside jobs cause more local-government violations than outsider attacks. (Gerald Cliff, “Growing Impact of Cybercrime in Local Government: Managers Lose Uphill Battle,” Public Management 99:5, June 2017, p. 7.) While that threat does call for offsite hosting, it does not call for hosting by a tech behemoth. If Bob down the hall is not as trustworthy as he appears, the entire army of unseen Google developers is no more trustworthy. Onsite hosting dangers should rightly lead a school board to find third-party hosting, but not to open its data to an industry giant.
- Advanced Persistent Threats (APTs). The Trojan Horse of cyber-intruders, APTs are “a parasitical form of cyberattack that infiltrates systems to establish a foothold in the IT infrastructure of target companies, from which they steal data.” Such intrusions pose a special risk for school boards, which keep FERPA -protected records of students and personal identifying information of staff on systems to which a Google Doc could serve as a gateway. “Once in place,” CSOonline warns, “APTs can move laterally through data center networks and blend in with normal network traffic to achieve their objectives.”
- Data Loss. While it may seem simple and innocent by comparison, data loss is no less devastating. Data can be deleted accidentally by cloud service providers. A physical catastrophe like fire or flood can also wipe out data unless there’s redundant storage in multiple locations.
- Insufficient Due Diligence. The heightened security risks of the cloud call on school boards to provide more of their own due diligence as watchdogs. As some school boards have no security policy at all, and some have no internal security training, this requirement leaves them wide open for negligence in the event of a lawsuit. By placing their data on third-party sites less penetrable than the cloud, school boards reduce the high-tech security scrutiny that their own staff must exercise.
- Abuse and Nefarious Use of Cloud Services. Examples of misuse of cloud-based resources include launching distributed denial-of-service attacks, email scams and phishing campaigns. Google is famously playing catch-up with phishers, as they did after the first of several attacks in 2017. After phishers led users to reveal their authentication information by emulating a legitimate Google Docs log-in page, Google responded by adding the features that would have prevented the attack in the first place. (“Google Fixed that Scary Google Docs Attack, But It Can Still Happen Again,” Chris Smith, May 4, 2017, BGR.com)
- Denial of Service (DoS). In a DoS attack, a school board’s data becomes inaccessible to it after an outsider floods the service provider with high volume. A hacker may charge a ransom to return the data, just as he would charge a ransom to unscramble data that he had encrypted.
- Share Technology Vulnerabilities. Cheap components in Google Docs’ own infrastructure can drag down the security of the data stored there by clients. According to the Cloud Security Alliance, “underlying components that comprise the infrastructure supporting cloud services deployment may not have been designed to offer strong isolation properties for a multi-tenant architecture or multi-customer applications.” As Google is notoriously secretive and cheap in its sourcing, it is reasonable to assume that there are some weak links in the armor. (Jonathan Strickland, “How Google Docs Works” on howstuffworks.com.)
CSOonline adds to the Cloud Security Alliance’s list a 13th looming danger to deter potential cloud clients:
- Spectre and Meltdown. Experts agree that cloud-based data is likely to be exploited soon by these new tools in the hands of hackers. It is possible to buy patches, but they do not offer 100% protection, and they might slow down the user’s entire system.
Other industry experts do not trust Google with a client’s data because Google’s portfolio of services includes the sale of data. While Google’s FAQs promise that users will retain ownership of their intellectual property, the Terms of Service for Google Docs gives them “a worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post, or display on or through the Service.”
Surveillance of stored data is an open secret. The Terms of Service admits as much: “Our automated systems analyze your content to provide you personally relevant product features, such as customized search results, and spam and malware detection.” While Google promises to use these powers only for their clients’ benefit, this provision opens the door to unprecedented appropriations of data for which no law is yet in place. Like Facebook, Google peddles data and user profiles.
Google’s own attempts to secure documents can lead it to freeze data that is facing no actual threat. Rachael Bale, a wildlife crime reporter for National Geographic, was working on a story when she couldn’t access her latest draft because Google had frozen it. Google replied that they’d “incorrectly flagged a small percentage of Google Docs as abusive, which caused those documents to be automatically blocked.” “The fact that Google is capable of identifying ‘bad’ Google Docs at all is a reminder: Much of what you upload, receive or type to Google is monitored.” Bale herself tweeted, “This kind of monitoring is creepy.” (Brian Fung, “A Mysterious Message Is Locking Google Docs Users Out of Their Files,” Washington Post, Oct. 31, 2017)
The sheer expanse of Google services creates extra vulnerabilities for Google Docs. If an employee leaves her desk for lunch without signing out of Gmail, a passerby can hijack all of her Google-based information, including Google Docs. Google Drive does not automatically freeze any applications after a period of inactivity.
Alerted to these dangers, a school board may withdraw to the seeming safety of storing data on their own hard drives, but they would be leaping from the frying pan into the fire. As mentioned, local governments of all sorts face more break-ins by their own staff than by third parties. Their systems are likely to have low firewalls, and multitasking employees might inadvertently expose data to the hostile waters of the internet. Local systems are also prime targets for DoS attacks; it doesn’t take much traffic to overwhelm such a small system. If employees download documents onto multiple terminals, then a central administrator loses control of the dangers to which it is exposed.
The better response to the intolerable vulnerability of cloud-based storage is to stick with third-party hosting but choose a secure site off the cloud by a vendor free of conflicts of interest. Staying off the cloud is paramount. As ComputerWorld reports, “phishing attacks, hacked servers and compromised Wi-Fi aren’t a concern for people who don’t host their data in the cloud.” (Lucas Mearian, “No, Your Data Isn’t Secure in the Cloud,” ComputerWorld, Aug. 13, 2013.) Onsite hosting of data is dangerous, but a cloud-based server with countless employees and a side hustle in data sales is not the answer.
Google Docs opens stored data to risks that no conscientious school board can afford. Experts agree that any such cloud-based storage solution exposes data to numerous attacks by bad actors, and Google itself faces conflicts of interest. While offsite storage remains a best practice, smart school boards find third-party hosts who stay off the cloud and stick to one line of business.