Google sets aside $1 million to keep Drive safe

Google announced it will make $1 million in research grants available next year to security researchers to examine Drive for vulnerabilities. Google Drive has never been hacked, but the company wants to make sure it stays ahead of the bad guys.

Marcio Jose Sanchez/AP/File
A sign is shown at Google's headquarters in Mountain View, California, on October 20, 2015.

Google wants to be sure that it finds bugs in its services before the bad guys do. The company announced on Friday that it’s setting aside $1 million next year to fund independent security research into Drive, its cloud storage product. Google has more than 500 security experts on its staff, but it also works with independent researchers to try to make sure it isn’t overlooking any vulnerabilities.

“Keeping files safe in Google Drive is super important,” Kevin Nelson, product manager for Google Drive, wrote in the announcement. “That's why Drive uses Google’s highly-secure, custom-built data centers to store your photos, videos, and other documents. But it’s not just fences, cameras, and lasers that keep things safe — it’s people.” Google has been trying to woo businesses over to its cloud storage, where it competes with companies such as Microsoft and Carbonite, and it wants to show that Drive is a secure place to put sensitive business data.

The grants range from $500 to $3,133.70 and are awarded to “top performing, frequent vulnerability researchers” who will poke and prod at Google Drive to see if there are any flaws in its security. The money is part of Google’s Vulnerability Research Grants program, launched earlier this year, which extends to other services including YouTube and Blogger. Researchers don’t have to identify specific vulnerabilities after receiving a grant – Google just wants to incentivize experts to better understand its architecture.

Google has also had a separate “bug bounty” program since 2010, which rewards security researchers for identifying vulnerabilities and reporting them to Google. In January, Google reported that it had paid more than $1.5 million in bounties in 2014 to experts who found code execution flaws, authentication errors, and other vulnerabilities in its services. Many of the vulnerabilities were in developer and preview builds of programs, which meant that Google was able to fix them before those programs made it out into the wild. 

Google Drive itself has never been hacked on a large scale, although last year more than 5 million Gmail usernames and passwords were posted on a Russian web forum. Almost all of those accounts proved to be out of date, and Google reset the passwords of those affected just to be sure, but in theory the hack could have affected Drive since all Google services are linked to a single user account. Google recommends that users employ two-step verification, which uses a code sent to a smartphone as an additional layer of security when logging on from a new device.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Google sets aside $1 million to keep Drive safe
Read this article in
QR Code to Subscription page
Start your subscription today