Google Drive Security Guide

Overview

The following information outlines the steps necessary to store sensitive data in Google Drive securely. Google Drive has two areas for storing and sharing data. The first is My Drive, which is a personal drive you can use to store files. You may also share files stored in My Drive via a link or by giving a person or group direct access. The second storage area is a Shared Drive. You can create a Shared Drive for a project and add other users to it.

Detail

The University of Pittsburgh does not currently have a Business Associates Agreement with Google Drive to dictate how Google will handle Pitt data. For this reason, HIPAA data (Protected Health Information) must not be stored in Google Drive.

It is your responsibility to manage access to your Google Drive account.

Navigate to Google Drive

Visit Google Drive (drive.google.com).
Log in with your Pitt credentials. Google may automatically log you in under a personal account. If you log in via Pitt credentials, you will be redirected to Pitt passport authentication before accessing your Google Drive. Click the icon in the top right-hand side to verify what account is logged in.

Share Folders in My Drive

To access all configuration settings for sharing a My Drive folder, select that folder, then click the “person and plus sign” icon in the top right-hand side.
Note: If no folder or file is selected, this option will not appear.
A Share with people and groups window for managing all security configurations to My Drive opens. Click the top right-hand side gear icon.
A new window will open with settings related to user permissions. Keeping in mind that the most secure configuration is to enable none of these options, you can select a setting.
Note: The image below shows the Editor option that allows these users to change permissions and share documents. This setting should not be enabled for sensitive data.
Enter a user's email address.
Click the drop-down menu to the right of the email address, then select Viewer, Editor, or Commenter permissions for the user.
Note: It is the responsibility of the folder owner to make sure these permissions are assigned correctly.

Note: You can add non-Pitt users to a My Drive folder. You will see a warning notification about a non-Pitt user. Click Share anyway to proceed. It is the responsibility of the folder owner to manage non-Pitt users.
To manage link settings for file locations shared with users, return to Share with people and groups, click the downward pointing arrow to change a link's settings, select the change, then click Done.
Note: The image below shows the three permission settings for links. The Restricted setting is the most secure and required setting for sensitive data; only people added to the folder can open a link.
To remove user access to folder(s) or change permission levels, return to Share with people and groups. Locate the user that needs their permission level changed, click on the right-hand side drop-down menu, and select a permission. The Editor access–like that shown below–allows the user to share files with others and should only be granted if absolutely necessary.
Note: It is the responsibility of the folder owner to manage access permission levels properly.

Shared Drives

Shared Drives are appropriate to use when working on a project with a group of people who all need access to the same files, or the content you want to store isn’t personal and interests a specific team or group. Under the Shared Drive window, you can see all shared drives you own or are a member of.

After August 1st, 2022, Individuals will be unable to create shared drives without approval. If you need to create a new shared drive, please contact the Technology Help Desk with your request.

Manage Access to Shared Drives

Unlike the Shared with users or groups window feature, Manage members has no create link option in Shared Drives and the gear icon for permission settings (in the top right-hand side of the window) is locked so only Pitt administrators can make changes.

Only users with Pitt email accounts can be added to a Shared Drive. There is an exemption process to have this changed at the administrative level. To request an exemption, please contact the Technology Help Desk at 412-624-HELP (4357).

Unlike My Drive, where different users might see different files in a folder depending on the access granted, all Shared Drive members can see all files.

Manage Access

Select a drive, then click the 3-dot icon on the window’s top right.
Enter a user's Pitt email address.
To add or change a permission level for the user, make a selection from the the Content manager drop-down menu.
Note: The options are viewer, commenter, contributor, content manager, and manager. The manager permission can grant access to specific folders in shared drives. The manager, content manager, and contributor permissions can add people to specific files in shared drives. It is the responsibility of the manager of the shared drive to assign the correct permission level for the users.