Google Drive Security Guide
The following information outlines the steps necessary to store sensitive data in Google Drive securely. Google Drive has two areas for storing and sharing data. The first is My Drive, which is a personal drive you can use to store files. You may also share files stored in My Drive via a link or by giving a person or group direct access. The second storage area is a Shared Drive. You can create a Shared Drive for a project and add other users to it.
The University of Pittsburgh does not currently have a Business Associates Agreement with Google Drive to dictate how Google will handle Pitt data. For this reason, HIPAA data (Protected Health Information) must not be stored in Google Drive.
It is your responsibility to manage access to your Google Drive account.
Navigate to Google Drive
- Visit Google Drive (drive.google.com).
- Log in with your Pitt credentials. Google may automatically log you in under a personal account. If you log in via Pitt credentials, you will be redirected to Pitt passport authentication before accessing your Google Drive. Click the icon in the top right-hand side to verify what account is logged in.
Share Folders in My Drive
- To access all configuration settings for sharing a My Drive folder, select that folder, then click the “person and plus sign” icon in the top right-hand side.
Note: If no folder or file is selected, this option will not appear.
- A Share with people and groups window for managing all security configurations to My Drive opens. Click the top right-hand side gear icon.
- A new window will open with settings related to user permissions. Keeping in mind that the most secure configuration is to enable none of these options, you can select a setting.
Note: The image below shows the Editor option that allows these users to change permissions and share documents. This setting should not be enabled for sensitive data.
- Enter a user's email address.
- Click the drop-down menu to the right of the email address, then select Viewer, Editor, or Commenter permissions for the user.
Note: It is the responsibility of the folder owner to make sure these permissions are assigned correctly.
Note: You can add non-Pitt users to a My Drive folder. You will see a warning notification about a non-Pitt user. Click Share anyway to proceed. It is the responsibility of the folder owner to manage non-Pitt users.
- To manage link settings for file locations shared with users, return to Share with people and groups, click the downward pointing arrow to change a link's settings, select the change, then click Done.
Note: The image below shows the three permission settings for links. The Restricted setting is the most secure and required setting for sensitive data; only people added to the folder can open a link.
- To remove user access to folder(s) or change permission levels, return to Share with people and groups. Locate the user that needs their permission level changed, click on the right-hand side drop-down menu, and select a permission. The Editor access–like that shown below–allows the user to share files with others and should only be granted if absolutely necessary.
Note: It is the responsibility of the folder owner to manage access permission levels properly.
Create Shared Drives
Shared Drives are appropriate to use when working on a project with a group of people who all need access to the same files, or the content you want to store isn’t personal and interests a specific team or group. Under the Shared Drive window, you can see all shared drives you own or are a member of.
To create a new shared drive:
- Select Shared drives at the top left-hand side of the My Drive window, then click New.
- Enter a name, then click Create.
Manage Access to Shared Drives
Unlike the Shared with users or groups window feature, Manage members has no create link option in Shared Drives and the gear icon for permission settings (in the top right-hand side of the window) is locked so only Pitt administrators can make changes.
Only users with Pitt email accounts can be added to a Shared Drive. There is an exemption process to have this changed at the administrative level. To request an exemption, please contact the 24/7 IT Help Desk at 412-624-HELP (4357).
Unlike My Drive, where different users might see different files in a folder depending on the access granted, all Shared Drive members can see all files.
- Select a drive, then click the 3-dot icon on the window’s top right.
- Enter a user's Pitt email address.
- To add or change a permission level for the user, make a selection from the the Content manager drop-down menu.
Note: The options are viewer, commenter, contributor, content manager, and manager. The manager permission can grant access to specific folders in shared drives. The manager, content manager, and contributor permissions can add people to specific files in shared drives. It is the responsibility of the manager of the shared drive to assign the correct permission level for the users.
For more guidance regarding Shared Drive permission levels, please see https://support.google.com/a/answer/7337554?hl=en.
- Open the Manage members window, then navigate to the user.
- Click the permission drop-down menu to the right of their name.
- Select Remove.