Google Drive Sync Encryption

Question

So I got some terabytes of free GD from google workspace of my organization. I do realize that, it's intended for organization stuff therefore they can see my personal data if I store on it.

Is there idea that I can encrypt my personal data and obfuscate it with "Organization_Stuff_Backup_Archive.zip"?

Instead of manually zipping, is there a method that it's encrypted every I synced it to my google drive?

So I mounted google drive desktop to my laptop. I want sync a folder in my laptop to google drive desktop.

Answer 1

Look this diagram of 3-2-1 secure sync strategy where BACKUP-SKRIPSI is encrypted folder:

1. Primary Storage (D:\ssd-sync):

   • This is your primary data storage, where your active and working data is stored on an SSD (Solid State Drive).

2. Sync Process:

   • Syncing to VHD:
     • Data from the primary storage (D:\ssd-sync) is synced to the VHD located in E:\vhd-sync\ using SyncToy. This sync process occurs every 5 minutes.
     • The folder BACKUP-SKRIPSI within D:\ssd-sync\ is an encrypted folder (vault) managed by Cryptomator.
     • When you access BACKUP-SKRIPSI, it is mounted as an unencrypted folder on the local drive B:\ using WinFsp. This allows you to interact with the files in an unencrypted form.
     • The files masterkey.cryptomator and vault.cryptomator, related to the encryption, are excluded from the sync to ensure security.

3. Encryption Keys:

   • The encryption keys (masterkey.cryptomator and vault.cryptomator) are stored securely in another location to ensure that they are protected and accessible if needed.

4. Virtual Hard Disk (VHD):

   • E:\vhd-sync\ contains the VHD file (H:\hdd-sync\hdd.vhd). This VHD is mounted on drive E:\ and is used to store the synced data from the primary storage.
   • There is a dedicated partition (H:) specifically for storing this VHD file.

5. Google Drive Sync (GD):

   • Google Drive is mounted to the local system, enabling direct sync of the VHD from E:\vhd-sync\ to GD:\vhd-sync\ without delay.
   • Since BACKUP-SKRIPSI is an encrypted folder, the encrypted version is also synced to Google Drive. This ensures that the data stored in the cloud is secure.

6. Local Backup (H:\hdd-sync\hdd.vhd):

   • This is your secondary local backup stored on an HDD (Hard Disk Drive). The VHD in H:\hdd-sync\hdd.vhd is periodically mounted to E:\vhd-sync\ for syncing operations.
   • The VHD ensures that a secure local copy of the data is maintained.

Summary:

• Three Copies of Data:

  • Primary: D:\ssd-sync\
  • Local Backup: H:\hdd-sync\hdd.vhd (mounted on E:\vhd-sync)
  • Off-Site Backup: GD:\vhd-sync\ (Google Drive)

• Two Different Types of Media:

  • SSD for primary storage.
  • HDD and VHD for local backup.

• One Off-Site Copy:

  • The copy stored in Google Drive ensures that there is a backup available off-site.

Additional Notes:

• Sync Operations:

  • Data is periodically synced from D:\ssd-sync\ to E:\vhd-sync\ every 5 minutes using SyncToy.
  • BACKUP-SKRIPSI is an encrypted folder managed by Cryptomator and mounted as an unencrypted folder to B:\ for interaction.

• Direct Cloud Sync:

  • The direct sync to Google Drive from the mounted VHD (E:\vhd-sync) ensures immediate off-site backup without delay.

• Encryption:

  • The encryption of BACKUP-SKRIPSI ensures that sensitive data is protected during the sync process and when stored in the cloud.
  • The encryption keys are stored securely elsewhere for additional protection.

This strategy helps in protecting data against loss due to hardware failures, theft, disasters, or other unforeseen events by maintaining multiple copies, using encryption for sensitive data, and storing one copy off-site.