How does Google secure your data and ensure its confidentiality?

1. The Google Cloud Platform encrypts data at rest on their servers. That means that your stuff, while it sits idle on the cloud platform, is wrapped in encryption. This is done without your intervention. The Google Cloud Platform even allows users to declare their own cryptographic keys if desired for extra layers of security.

2. Google Data is distributed and wrapped in key-chunks throughout their data centers. That means your stuff is broken into pieces - so not all of your eggs are in one basket. Your data is spread among data centers to provide extra redundancy, security, and disaster recovery, and encrypted using Google's Key Management Service. This is also done without your intervention.

3. Data is encrypted at the storage level using AES128 or AES256 encryption. This is a bit nuanced, but let's say that Google's physical hardware is also set to use encryption.

4. Google uses Perfect Forward Secrecy (PFS) with it's API's. Data that travels between their services is encrypted. It also uses Keyczar to implement encryption of your data between all of their products.

5. Google employs TLS/SSL security in transit. While your data is on the move between their servers and your device it is encrypted.

6. Gmail's web interface forces all client connections to use HTTPS (RSA/SSL) encryption and has done so since 2014. While you're using Gmail on the web, your session is secure.

7. Gmail has client-side controls within the web interface to notify the user of security failures or questions.  While you're using Gmail, it informs the user if there are questionable aspects of the sender that could put you at risk.

8. Google is actively attempting to depreciate legacy mail clients that use older forms of email challenge/verification. Google refers to these mail solutions as "less secure clients" and the user must flip a switch for them to be used. This often forces the user to upgrade their mail client software to versions that support more modern and secure access tokens.

Now, all of this is well and good but it's not the end of the conversation. Your data may be encrypted at rest and in transit with Google, but is it confidential?

1. If you own a non-commercial Gmail account, you have no promise of confidentiality. That is because the service is offered in exchange for Google being able to read your email and market services to you. This aspect of Gmail would fail all best practice confidentiality requirements as Google expressly says in its EULA that the data is theirs and can be used to "token and stem" - a big-data practice of creating logical relationships between ideas - as to market to you. That's why it's free.

2. If you own a commercial Gmail account - if you pay for G-Suite - you are a commercial subscriber to the Google Cloud Platform. The EULA there says that Google does not read your data and Google considers it a private, sealed container. It's your data.

3. Caveat: both the non-commercial and commercial aspects of the Google Cloud Platform are subject to US Law and Regulation. That is, if Google receives a warrant to access data under your account, they will work with federal officials to retrieve that data and surrender it to authorities. This aspect of Google's operations - for some - presents a hazard that has folks turning to Proton Mail, for example: a free encrypted mail service that is presumed outside US jurisdiction, or, Signal, from Open Whisper Systems, an encrypted messaging platform.

Okay, but I use a thick mail client like Apple Mail or MsOutlook or Thunderbird. What about the security of my client software, o/s, or hardware platform?

This isn't recommended. Using a thick mail client makes you responsible for the care-taking of your data and some aspects of filtration (spam filters, AV filters, keyword and black list filters, etc). Even using G-Suite which centralizes some of this management.

Still, if you don't use the web for accessing email and insist on using a thick mail client:

1. Once the data is delivered to a software mail client (e.g., Apple Mail, MsOutlook, Eudora, etc.), it is up to the client to secure the messages. Example: if your Windows laptop was stollen, the data stored in MsOutlook's PST file is an open container - it is not encrypted unless you encrypt it - and is therefore vulnerable. You must take steps to encrypt that data.

2. The platform must provide encryption. At the o/s and hardware level, there are tools to encrypt the contents of your drive. You must take steps to encrypt the drive system (enable Filevault 2 on a Mac, or, Bitlocker on a PC).

3. You may not think the o/s level encryption is good enough, so you may be convinced to implement your own hardware level encryption. That's something you'd have to do, too.

4. Some iOS platforms are secured through hardware-level encryption; some are not. Generally, receiving mail to Apple Mail on an iPhone 6 or iPhone 7 is secure. Android phones must be specifically configured to provide o/s layer security; each vendor has their own policy on hardware level encryption, and that's variable based on product.

Best Practice:

Are you concerned about the best way to keep your data secure on Gmail/G-Suite?

1. Follow my list of advice on how to Avoid Gmail Hacks.

2. Don't use a thick mail client. Stick to using the web interface.

3. Avoid using Microsoft Windows computing platforms. Using a ChromeBox, Linux machine, or Apple product is far superior in terms of o/s security.

4. Use the latest iOS and Apple devices for the best security possible.

5. Avoid using unaltered Android platforms. Have a professional help you configure Android to be secure; and/or purchase specific OEM products like Google's Pixel or the Blackphone from Silent Circle to make it secure.

6. If you're concerned about HIPAA, only the G-Suite product can offer a Business Associate Agreement (BAA) for protecting that data, and there are specific restrictions over Google's service offerings. Not all data on the Google Cloud Platform is considered compliant. Careful.

7. If you're concerned about FERPA or COPPA, G-Suite for Education is compliant there. PCI-DSS 3.0 compliance is also a feature of the Google Cloud Platform.

And finally, how do you know that Google is actually doing what they're promising? Like, how can you trust Google?

Don't take my word for it: Google is audited annually to specific information system standards. Independent agencies routinely compare what Google says to what Google does. Still, Google isn't perfect - in 2015, the EFF rated Google poorly on being transparent with publishing government requests and data access. We hope that Google will make progress there.

There we go. A reasonable accounting of how well your data is secured and confidentiality managed on the Google (G-Suite) Cloud Platform. Questions?

R

On March 19, 2016, Mr. John Podesta - Hillary Clinton's Campaign Chairman - received an email advising him that his Gmail account had been compromised.

The email looked like an official communication from Google. It even had a link available in the email to change his password. It was not. It was intentionally crafted to make Mr. Podesta believe that it was an official alert from Google.

And when Mr. Podesta clicked on the link, he was brought to a website designed to look like Google's password rotation site. What Mr. Podesta didn't realize was that the site wasn't Google's - he received a phish - and he inadvertently gave has account's password away to Ukrainian hackers.

The rest is history. Mr. Podesta's email was siphoned and uploaded to Wikileaks, a data breach that - in part - is alleged to be used by the Russian government to exert influence a United States election cycle.

Update 2017.05.31: Google announces new tools and features in Gmail to help prevent phishing attacks.

Update 2017.06.05: A good article on how to identify and avoid common phishing scams by Dave Albaugh

Okay, so maybe your concerns don't involve the Presidency of the United States but the confidentiality of your affairs are still important to you. You don't want your Gmail or Google Apps (G-Suite) email to be hacked. So what can you do?

1. Question Authority.

When it comes to the security of your Google account (really, any online account you may own), never act on impulse.

Emails like the one Mr. Podesta received are designed to get you to stop thinking and just take action - the intent is to disconnect your logical mind with an overriding emotion, like fear, and to get you to click on a hyperlink found within the email. Don't fall for it. 

There is a similar attack going around concerning Google Drive. You may receive an email that says somebody (you may or may not know) has shared a file with you on their Google Drive. If you clink on the link to access the file, you're brought to a login screen similar to Google's that captures your email address and password; your credential is then used to access your account and make changes to your email settings.

2. Use the Tools Yourself.

If you suspect that your account may have been compromised, Google has a tool that you can use to rotate your password and investigate the matter on your own. It's found at www.google.com/accounts.  

Open a browser and go there yourself. Rotate (change) your Google password on your own. And by the way, don't be a wuss: now's not the time to go convenient on your Google password. Woman-up and do what needs to be done: change your password to something unique and strong. 

In the case of Google Drive, access Google Drive directly on the web and go to the Shared With Me section of Drive. If somebody shared a file with you, it'll actually appear in this list. Check for it there.

3. Protect Yourself - Security Self-Service.

Take a few minutes to evaluate the Google Accounts site.

• Do you need to recover a hacked Gmail account? You can do so yourself.
  

• Are there devices and applications connected to your account? Don't recognize them? Just disconnect them. Clean this up. Only allow current devices and applications that you actually use to access this account.
  

• Do you have a recovery cell phone number? If you do, is it your cell phone? If you don't have a recovery cell phone number, add it now.
  

• Have you enabled two-factor authentication? Two-factor authentication requires not only what you know (your password) but what you have (your cell phone) in order for you to login to your account. If two-factor authentication is enabled, the hacker can't sign-in as your account unless they have your cell phone, which is highly unlikely.
  

• Have you set your security alert settings? Get notified directly on a more secure channel when something is suspicious about your account - like, get a text message from Google to your recovery cell phone. That way, you won't need to fall for the phish.
  

• Do you notice strange computers or devices acting on your account? This information is also available from the Gmail Security Details link in the bottom-right-corner of your Gmail screen.
  

• Force a sign-off from all active sessions. That will force anyone who wants to use your account to re-authenticate: they'll have to know your new password to sign-in again.
  

• Is your Gmail account being filtered? One of the ways these exploits work is to set up a filter in your Gmail account that deletes any inbound mail sent to you, so it'll look like that you're not receiving email. Check your Gmail Filters. If you see a filter that says any mail addressed to your email account should be deleted, remove that filter.
  

• Is your account accessible by less secure apps? This setting should only be enabled (flipped on) if you're using a legacy (old) email program to retrieve your email. It's a less secure setting to receive your email, and some hacks try to flip this setting on so it's easier to get at your email. If you're not sure, turn it off.

4. Don't Just Give Away Access to Your Google Account.

Over time, you may have indiscriminately given access to your account to other applications. When dealing with a compromise situation, turn off all access to your account by removing those applications from your Connected Applications list; you can always add them back later.

Second, think harder about that. When asked about connecting applications and granting them authority to look at your account, you're going to receive a screen that looks like this from Google.

Think very hard: is this something you really want? Do you know or trust the vendor (Twillio in this case)? Is this actually a good idea? Think critically: are you about to share critical account information with someone you don't know?

5. Ask for Help.

If you have a question about a suspicious email that you received, talk to your IT folks and/or a trusted IT professional before clicking on it. If you're on the Google Accounts site and need clarification about what it's telling you, ask someone. If you're being challenged to provide authentication for account access and you're not sure why, please ask a trusted professional.

Remember that Google Apps / G-Suite / Gmail isn't an insecure platform. It isn't Gmail that's hacked - it's the human that's hacked. In all of these cases, what's being exploited here are human weaknesses.

Humans will react emotionally to phishing emails instead of act rationally.

Humans will create weak passwords because it's more convenient than using stronger passwords.

Humans may not enable two-factor authentication because they don't know it's there, or, it's an inconvenience they'd rather not bother with.

Humans may not review what devices and applications are accessing their accounts because they don't know how to perform this check, or, they don't want to be bothered by it.

Humans will allow any application access to their account because it's convenient to do so.

Convenience is the enemy of security. If you're genuinely interested in protecting you, your family, your company, your clients, your patients - everyone - from security compromises and breaches, then take action. Follow some of these best practices. Stop making security convenient. Think before you click. Ask for help.

R

Around March 2016, I picked up a new phone. The Nextbit Robin.  I'd never owned an Android phone before but the Robin had some pretty compelling specs as compared to the iPhone 6s:

• 2ghz hexa-core Snapdragon 808

• 2680mAh fixed battery

• 3gb RAM and 32gb storage

• 13mp/5mp back/front camera

• WiFi, GPS, Bluetooth, NFC, 4G

Plus, hey: the form factor and color options were pretty cool and retro. I got to admit that it's a pretty phone.

Robin started as a Kickstarter campaign and some of the overall concepts of the phone intrigued me, primarily the idea of a phone entirely focused on cloud-based storage model. Part of the phone's offerings in a 100gb cloud-based storage that the o/s sync's against to store things like photos, videos, and music that wouldn't be stored on the physical unit.

With local device encryption and Android Mobile Device Management Policies implemented through Google Apps, I felt I could make the phone reasonably secure.

Like I said: I'd never owned an Android phone before and I was interested in the phone from a technical-curiosity perspective, but I must admit: I recently purchased an Apple iPhone 7. It arrives tomorrow and I intend never to go back to Android. I had really thought Android was on-par now with iOS, but after my experience with it, I now feel that just isn't the case.

I didn't have the best experience.  In using it for six months:

• The Robin's o/s performance and hardware seemed to degrade.

• Battery life seemed to be eroded very quickly and it retains less than a five hour charge now - I have to charge it twice a day;

• I literally can't make a telephone call from the unit and have people hear me unless I turn on the speaker phone - even after reboots - I can't even figure out what happened there;

• Voice recognition is far inferior to Apple - it's like I have to fight with the narration to get my ideas down on the device;

• Application integration in Android seems tedious - so many permissions and allowances just to get anything accomplished;

• Vendor support for Android and Android Pay seemed unrealistically non-existent - my bank didn't support it as they supported iOS' ApplePay;

• Android updates took over 45 minutes to be applied to the unit; its cloud-based sync offered no superior functionality to Apple's sync services;

• I'd lose text messages - stuff never arrived to me or my messages never left the device;

• The chassis flexed and bent too easily, creating a warped line on the phone so that it didn't sit evenly with a table within a month.

Through my experience with it, I had to spend an inordinate amount of time troubleshooting the phone, restarting it, resetting its image, fiddling with settings. I spent a lot of time fighting with this phone. Likely, my problems were more related to Android than Nextbit's product itself. Inasmuch, I couldn't recommend this phone (perhaps any Android phone) to anyone who simply wants a working, secure appliance that takes minimal effort to work. If they want a hobby or to play around with a phone, this wasn't a bad unit - it was fairly fast - but it was so distracting that it compromised my ability to get work done; missing text messages was bad but the inability to complete a phone call was the last straw.

Perhaps you had a different experience with the Nextbit - I hope so. I really liked some of the ideas presented in the Kickstarter. However, I just can't say I'm an Android person, and my Nextbit experience was enough to solidify my ideas and satiate my curiosity: I'm going back to Apple.