Cloud File Access: Google & Microsoft Employees

TL;DR

Generally, individual employees at Google or Microsoft cannot directly access your files stored in cloud services like Google Drive, OneDrive, or SharePoint unless specifically authorised by you (through sharing permissions) or required by legal processes. However, there are exceptions related to system administration and security investigations.

Understanding Access Control

Cloud providers implement robust security measures to protect your data. Here’s a breakdown of how access works:

1. Standard User Access

1. Sharing Permissions: You control who can see and edit your files by explicitly sharing them. This is usually done via links or direct invitations.
2. Employee Restrictions: Regular employees (e.g., a software engineer, marketing person) do not have the ability to browse all user data. Their access is limited to their assigned tasks and systems.
3. Account Isolation: Each cloud account is isolated from others. An employee’s login credentials only grant them access to resources they are authorised for.

2. System Administrators & Support

1. Limited Access for Troubleshooting: System administrators and support staff may have limited, temporary access to your data if you request assistance or if there’s a technical issue requiring investigation. This is usually logged and audited.
2. Auditing: Cloud providers maintain audit logs that track who accessed what data and when.

3. Security Investigations & Legal Compliance

1. Lawful Requests: Google and Microsoft are legally obligated to comply with valid legal requests (e.g., warrants, subpoenas). In such cases, they may be required to provide access to your data.
2. Security Breaches: If a security breach is suspected, security teams will investigate the incident, which might involve accessing user data to identify and mitigate the threat.

4. How to Check Your Sharing Settings (Google Drive)

1. Sharing with Specific People:
   • Go to Google Drive.
   • Right-click on the file or folder you want to check.
   • Select “Share”.
   • Review the list of people with access and their permissions (Viewer, Commenter, Editor). You can remove access here.
2. Sharing via Links:
   • In the “Share” window, look for a section called “Link”.
   • Check who has access with the link (Anyone with the link, Restricted).
   • Change the permissions as needed. Consider setting it to ‘Restricted’ if you only want specific people to have access.

5. How to Check Your Sharing Settings (Microsoft OneDrive/SharePoint)

1. Sharing with Specific People:
   • Go to OneDrive or your SharePoint site.
   • Right-click on the file or folder you want to check.
   • Select “Manage access”.
   • Review the list of people with access and their permissions (Can edit, Can view). You can remove access here.
2. Sharing via Links:
   • In the “Manage access” window, look for a section called “Links”.
   • Check who has access with the link (Anyone with the link, People in your organization).
   • Change the permissions or disable the link as needed.

6. Additional Security Tips

• Strong Passwords: Use strong, unique passwords for your cloud accounts.
• Two-Factor Authentication (2FA): Enable 2FA to add an extra layer of security.
• Regularly Review Permissions: Periodically check who has access to your files and revoke unnecessary permissions.
• Be Cautious with Public Sharing: Avoid sharing sensitive information publicly unless absolutely necessary.