Accidental Oversharing
The Basics:
If you have ever worked in a group, be it at work or at school, than we are confident that you have used a cloud service to share documents. We’ll get even more specific, you have almost certainly used google drive to share documents, spreadsheets, slideshows and other file types. At the threat of letting hackers know details of our personal workspace we will admit that we use google docs constantly. There is simply no easier way to share or work on the same doc with multiple people.
This all sounds great you say, so what is the problem? Well, we have encountered a problem with sharing “final” docs. In this instance a final doc is one that we have been working on for a while, making changes, removing information that we don’t want to share, taking time to edit and perfect it, then we share it out with the intended recipient. Can you spot the issue with this?
Initially we didn’t either, we’ve shared hundreds of documents this way, for work, school, and recreationally, it wasn’t until recently that we realized that in certain cases we were making a massive error. We’ll stop burying the lead here and tell you what the problem is: google history. This is a feature that we bet most of you don’t use, but it can be very handy in certain situations, such as if you delete a paragraph in an essay and decide to add it back a couple of days later. But what if you deleted that paragraph because it contained confidential information then shared it out with some external users? Chances are they aren’t going to go through the document history, but the point is that they could and then you have a security event on your hands. You also may never know if they accessed the history because, as of this post, we have not found a way to get that level of detail out of the google audit logs. The audit logs will tell you if the document was accessed by that user, but not if they went through the version history.
Our Recommendation:
Point is if you work with documents that you ever redact before you share them be careful how you do it. While we don’t have all the answers we can share what works for us. It is as simple as copying the contents of the documents and pasting them in a brand new document. It is critical that you don’t simply copy the whole document and share that because the version history is copied with it.
