Security
GOOGLE — a highly loaded network of services that can withstand:
- over 100 billion searches per month
- 100 hours of new videos uploaded to YouTube every minute
- billions of users of Gmail, which is available 99.978% of the time and operates without planned downtime
Cloud storage
Millions of businesses, schools, and governments trust Google’s innovative technologies. With information increasingly stored in the cloud, customers need to be confident that their data is protected from loss and leakage. Google is committed to maintaining our customers’ trust and delivering on our data retention commitments.
Security
Over 700 security professionals, including global experts in their fields, work around the clock to identify and eliminate all kinds of potential threats.
Google's infrastructure is world-leading in terms of reliability and security, and we've invested a lot of effort into its development. Over 700 full-time specialists, including world-class computer security experts, worked on the systems to protect your information. Google constantly researches software vulnerabilities and implements protection systems, such as data encryption and two-step authentication.
Google's data centers use unique equipment, as well as special operating and file systems with increased levels of security. Each of these components is optimized for maximum security and performance. All equipment is monitored by Google specialists, who instantly respond to any system vulnerabilities and external threats.
Google was the first major cloud service provider to use Perfect Forward Secrecy, an algorithm for encrypting data when exchanging information with other companies' servers. Many companies have since followed suit or announced plans to do so.
Google encrypts email, attachments, and files in Google Drive not only while they’re in transit between your devices and Google’s servers, but also while they’re in transit between Google’s data centers.
In 2013, to protect against the latest cryptanalysis algorithms, Google doubled the length of its RSA encryption keys to 2048 bits and began changing them every few weeks.
Privacy
Google protects your information from any unauthorized access.
Independent auditor EY has confirmed that our privacy practices and contractual obligations for Google Workspace and Google Workspace for Education are compliant with ISO/IEC 27018:2014.
Google protects the information of its customers — businesses, educational institutions, and government agencies — from unauthorized access, regardless of who is trying to obtain it: from hackers to government officials.
The issue of information privacy is closely related to the issue of ownership. All data hosted on Google’s system is, by definition, the property of Google’s customer: a business, educational institution, or government agency. Google has no rights to user data, whether it is corporate intellectual property, personal information, or any other information. Google also does not sell user data to third parties.
Google does not collect, analyze, or use Google Workspace customer data for advertising purposes. However, this approach is different from the one that Google uses in its free products and services for private users.
However, Google’s automated systems scan and process emails and data in Google Workspace services to help protect information and ensure access to services. Scanning helps detect spam and malware, organizes emails into folders, and quickly provides users with search results across their accounts. Free services for individuals have additional purposes for scanning data.
When Google receives a request from a government agency to provide customer data, in accordance with its policies, Google encourages government agencies to request the data directly from the customer. Google has a rigorous process for evaluating and deciding on such requests, including requests for data under the CLOUD Act.
Reliability
Service Level Agreement Google Workspace guarantees the performance and availability of core services for 99.9% of the time
To minimize service interruptions caused by hardware failures, natural disasters, and other events, we have built a highly redundant data center infrastructure. Google Workspace customers are targeted for a recovery point objective (RPO) of zero and a recovery time objective (RTO) of zero or zero.
Google’s application and network architecture is designed to provide maximum system reliability and uptime. Google’s computing platform remains operational even in the event of hardware failures, natural disasters, or other unforeseen events, and its software has a robust failover mechanism built in.
The company’s data centers are located in different countries around the world, ensuring that all services are available 24/7, 365 days a year.
Each subsystem is not dependent on a single physical or logical server for its uptime. Multiple copies of data are distributed across groups of active Google servers, which are clustered together. In addition, information is duplicated in auxiliary data centers. Thus, in the event of a hardware failure, the data will be available from another node.
Google services are designed to be used simultaneously by millions of people. This creates special requirements for their performance and stability. Therefore, Google constantly conducts various performance tests, including testing applications under prolonged high loads to observe their impact on factors such as memory allocation and response time. In addition, stress testing is performed to verify the system's operation in unusual situations, including testing its operation under extremely high loads, a large number of repetitions of certain actions, as well as when entering large numerical values and complex database queries.
The company has developed a plan to ensure uninterrupted operation for its data centers and technological processes. This plan is created in the event of major disasters (such as earthquakes) and epidemics. It is designed for the absence of necessary specialists and services for a period of up to 30 days and provides for the continuous operation of all services.
Transparency
Your data belongs to you and you have the right to know how it is used.
We’re committed to making the internet industry more transparent for our users. You can track the health of our services in real time, see the results of our system audits, and learn how our data centers are performing. Your data belongs to you, and you have the right to know how it’s being used.
Customers and regulators need to be confident that Google’s systems are secure, private, and compliant. That’s why Google regularly undergoes independent audits, where an independent auditor reviews our data centers, infrastructure, and operations. Google Workspace and Google Cloud Platform are certified to SOC1™, SOC2™, and SOC3™ (audited by the American Institute of Certified Public Accountants, AICPA), as well as ISO/IEC 27001, 27017, and 27018. Each customer can access copies of these certificates in their account through the Compliance Report Manager.
Since 2010, Google has published regular reports on the availability of services and data, providing information on how government agencies can request data and how they and other parties affect the security and privacy of data on the Internet.
Google was the first major cloud provider to launch a program that invites organizations to independently audit Google’s security systems. Moreover, any information security professional who sends Google information about a vulnerability found in their network services will receive a reward.
Google has developed a special protocol for actions in case of a breach of confidentiality, integrity, and availability of systems or data. This is a set of measures and procedures designed to eliminate and document problems, eliminate their consequences, and also notify the parties concerned about the problems that have arisen. Google’s information security service works 24/7. If the confidentiality, integrity, or availability of your data is violated, a specialist of this service or a product manager will contact you.
Endpoint management
This feature is supported in all Frontline, Business, Enterprise, and Education version packages.
Mobile app management
This feature is supported in all Frontline, Business, Enterprise, and Education version packages.
You can decide which apps Android and iOS users can find and install on their managed devices
FAQImportant Questions About Cloud Enterprise Storage
- How does consolidated storage work?
- What content counts towards your storage quota? What doesn't?
- What happens if a user or organization exceeds the storage limit?
- Google Drive Data Security
- Privacy of data in Google Drive, Docs, Sheets, Slides and Vids
- Transparent Access: View logs of Google employees' access to users' content
How does consolidated storage work?
Pooled storage is shared between all users to store data such as Google Drive files, Gmail, Google Photos, and more.
Each additional user license increases the amount of storage. Because it is pooled, users have access to more storage than their licenses allow.
The combined storage is provided in stages:
- At the time of purchase, you will receive access to a portion of the storage.
- As subscription payments are made on time, the amount of space provided will increase to the total storage amount. It may take up to 72 hours from the time of payment until additional space is provided.
What content counts towards your storage quota? What doesn't?
The following files are counted:
- Google Drive
- PDFs, images, videos, Meet meeting recordings, and Sites project files.
- Files created or modified after May 2, 2022, in collaboration apps like Google Docs, Sheets, Slides, Drawings, Forms, Voice Memos, or Jamboard.
- Content in shared drives.
- Content in the Trash until it is permanently deleted.
- Gmail
- All emails and their attachments, including items in the Spam folder. and Trash.
- Google Photos
- Images and videos uploaded to Google Photos at Original quality.
- Images and videos uploaded to Google Photos at High quality (now called File Compression) and Express quality after June 1, 2021. High and Express quality items uploaded before that date don't take up storage.
The following files aren't counted:
- Drive shortcuts.
- Google Chat messages and attachments.
- Content created in the My Maps app.
- Files shared with users. Shared files only count towards the file owner's quota, not the users they share with.
- Version history for files created in Google Docs, Sheets, and Slides, unless the user has checked the box to keep older versions.
- Google Drive
What happens if a user or organization exceeds the storage limit?
- If a user exceeds the storage limit set by their administrator or license, their use of Google services will be immediately impacted.
- Uploading or copying files to Google Photos will be unavailable once the limit is reached.
- If an organization exceeds the limit by 25% or 14 days (whichever comes first):
- Users will not be able to upload new files or images to Google Drive.
- Users will not be able to create files in collaboration apps like Google Docs, Sheets, Slides, Drawings, and Forms. Until the storage limit is reduced to the allowed limit, no user will be able to edit or copy affected files or submit forms that they own.
- Google Meet meeting recording will not be available.
- Even if the organization's limit is exceeded, users will be able to sign in to their Google Workspace account, send and receive emails, and view and download files.
- If your quota is exceeded for two or more years, all user content in Gmail, Google Photos, and Google Drive may be deleted. This includes Google Docs, Sheets, Slides, Drawings, Forms, Vids, and Jamboard files.
Before Google deletes content:
- Notifies you via email or notifications in Google services at least three months before the content is scheduled to be deleted.
- Gives you the option to prevent data deletion by purchasing additional storage or freeing up storage.
- Gives you the option to download data from Google services.
- If a user exceeds the storage limit set by their administrator or license, their use of Google services will be immediately impacted.
Google Drive Data Security
If you use Google Drive for an organization or school, all files you receive from people outside your organization are scanned for malware and phishing. For your security, access to inappropriate files is blocked. When Google's algorithms classify a file as likely spam, it is blocked or redirected to spam.
Google reserves the right to immediately block a Drive user who violates the Acceptable Use Policy. To prevent fraud and other malicious activity in Google Drive, we use reCAPTCHA. If a violation is detected across an organization or school, Google may block the entire account and block the administrator from accessing all Google Workspace services. In this case, we will send a notification to the primary administrator via a secondary email address.
Files uploaded to Google Drive are stored in secure data centers.
If something happens to your computer, phone, or tablet, you can access your documents from other devices.
By default, files are visible only to you. However, you can share them with other users.Privacy of data in Google Drive, Docs, Sheets, Slides and Vids
User data is used for personalization
To make it easier for users to use our services, Google processes some customer data while ensuring its protection. You can change your privacy settings at any time in your Google account.
- User content is secure
When a user uploads or creates files on Google services, they are stored in Google data centers that use security systems that meet all global standards. Data is encrypted when transferred and stored. If you work with files offline, the information is stored on your device.
Google Account security systems built into your account detect and block threats such as spam, phishing, and malware. Strict data protection standards are applied when storing information about your activities.
- Your name and email address are used to sync data and send you newsletters
Google stores your name and email address to remember your preferences, make it easy to sign in, provide access to files uploaded from different devices, and notify you about changes to services and user activities.
- User data is needed to create and manage a Google account
When you create a Google account, you are asked to provide your name and phone number. Later, when you manage your account, you can add additional information, such as your physical address and profile photo, and upload contacts.
- Data from Google Drive, Docs, Sheets, Slides and Vids is used to improve services
By analyzing the content you save in Google services, you can use features such as spam filtering, virus detection, malware protection, and search for files in your account.
To improve the performance and reliability of our services, we collect data about their operation and failures. In addition, this data helps prevent service failures and analyze their operation.
- Google Drive content is not used to manage ads
Google does not use data from apps that store primarily personal content to tailor ads.
- User content is secure
Transparent Access: View logs of Google employees' access to users' content
What are Transparent Access Logs?
These logs record information about actions taken by Google employees, including:
- Support actions that were requested by a customer over the phone;
- Simple technical actions during the analysis performed while processing a support request;
- Other technical actions to keep the service running, such as recovering from a failure.
Transparent Access Use Cases
Transparent Access can be useful in a variety of situations. For example, you can use it to:
- make sure that Google only accesses user data for business purposes, such as when resolving an issue or processing a request.
- make sure that Google specialists process the request correctly;
- collect and analyze information about monitored access events using an automated security information and event management (SIEM) tool.
Services that keep transparent access logs
- Gmail: subjects, message texts, attachments.
- Calendar: names, descriptions, and locations of events.
- Chat: names, chat room names, chat groups; message texts and topics in direct messages and chat rooms; information about users, including names, email addresses, and chat room memberships.
- Drive: Contents of source files uploaded to Drive.
- Google Docs, Forms, Sheets, Sites, and Slides: Contents of documents, including text content, inline images and drawings, comments, and responses received through forms.
Note: The legacy version of Sites is not supported. - Meet: Recordings stored in Drive.
Note: Google does not have administrative access to ongoing meetings. Recordings stored in Drive — this is all that remains after the meeting is over.
Transparent Access Logging Guidelines
- A log entry is created in the following situations:
- When a Google employee accesses a user's content that was created using such a service. For example, an entry is created when a support engineer helps troubleshoot a Calendar issue.
- The user grants a Google employee access to the data by sharing the file directly with them.
- Notifying the customer of an access event is prohibited by law.
- The data that Google accesses is an identifier on a publicly accessible resource, such as a document ID.
- The data is accessed by a system task, such as a data compression or machine learning task. In this case, Google uses an internal version of binary authorization to ensure that the system code that runs on transparently enabled services is verified by a second party.
- A log entry is not created in the following cases:
- The user grants a Google employee access to the data by enabling public link sharing for the file.
- Notifying a customer of an access event is prohibited by law.
- The data that Google accesses is an identifier on a publicly accessible resource, such as a document ID.
- The data is accessed by a system task, such as a data compression or machine learning task. In this case, Google uses an internal version of binary authorization to ensure that the system code that runs on transparently enabled services is verified by a second party.