Encryption and Google docs

We’ve recently started providing staff training on using Google apps and one of the questions that always comes up is around privacy and security. Following one of our sessions, one member of staff is using Google docs to manage a large number of sensitive documents, with several other colleagues. The sharing of folders and documents with different people is proving very useful. Recently, that member of staff asked me about whether it was possible to encrypt files stored on Google docs so I had a look around to see what the situation is. I knew that transport encryption is available (i.e. https) and that there was no feature in Google docs to encrypt a file, but wanted to provide a thorough response to my colleague.

As I said, Google doesn’t provide the facility to encrypt data held in Google docs. You can however, encrypt a file and upload it to Google docs for online storage only. To read the file, it has to be downloaded and decrypted. I tested this with a .pgp file.

I searched around on the web for a few more clues and there’s the suggestion (last comment) that the data is ‘sharded’ across multiple servers and when you click on the name of a file, the data is brought together into the file for you to work on. I haven’t found any official confirmation of this technique being used.

There’s a Google docs employee on Get Satisfaction that has responded a few times to people’s questions around this area. These replies offer some clarity:

In summary, there is no encryption of data on Google’s servers, but Google are using the same systems to manage their private corporate data and they comply with international (including the UK) data privacy policies. Introducing encryption is technically feasible but would introduce many negative consequences to the features they provide (slower, no collaboration, etc.)

If you’ve got any other, officially confirmed, information on the security of Google docs, please do leave a comment. Thanks.