I have a G-Suite account an love it, but I’ve always been a little shy putting private docs on google drive. I usually keep that documentation on a server on its own network and access it with OpenVPN remotely. I thought about moving this documentation to G-Suite Google Drive for easy access, and management. I have a strong password and 2FA but is it enough? Should I just stay where I am at?
From a trust perspective, nothing is safer than hosting on your own private server that you control. It comes with the drawback of responsibility though (setup, maintenance, security, backups, etc.). From a (access) security and reliability perspective, I’d say Google is among the best providers there are. That being said, OpenVPN is a great and (if configured correctly) very secure way to access private networks and services. It comes down to personal preference in the end. I personally switched from Google Drive to self-hosting and synchronising with Syncthing.
1 Like
For our internal files and systems we use two different NextCloud servers.
One is totally private and not accessible unless you are on our office VPN.
The other server is secured, but public facing. It is for non super sensitive files that need to be accessed by clients etc.
Both of these servers are backed up just like our corporate systems, which is to two redundant servers at different sites many miles apart. They are running FreeNAS with one way outbound connections. These FreeNAS servers do a differential backups one on the top of the half hour the other on the bottom of the half hour. They store on ZFS file backends with RAIDZ2 vdevs. Also all of our storage that is locally on both is stored on a ZFS with a RAIDZ2 vdev and five minute snapshots. We have never had to recover from the offsite backups but do run tests at least quarterly. If there is either a backup failure or substantial changes to files the NOC is alerted as well as I. Also there is no way to access either of the offsite backups unless you are standing at its console, no SSH or web access allowed.
We offer the same type of setup to our clients and a lot of them don’t like the cost but after they see what ransomware can do and there is almost no way for it to get into this system they do it.
2 Likes
If you use cloud storage for sensitive documents, at a minimal I would encrypt them prior to uploading them.
2 Likes
If you are going this route, you might look at BoxCryptor as it seems to integrate pretty well with Google Drive.
It’s really the Security/Convenience Conundrum.
Your current route (OpenVPN) and self-hosting a server (be it FreeNAS, NextCloud, or both) would fall on the Security end if configured securely. I would say that would mean 2FA, sufficient logging and auditing, and security gateway at a minimum. That is in addition to the disaster recovery considerations that have been pointed out as well.
It certainly would be more convenient to have that hosted on Google Drive. I would at a minimum encrypt and enforce 2FA. The security consideration would be how much control and how much trust are you willing to put into an organization that makes a great deal of profit by “providing more relevant ads”.
1 Like