G Suite is doing a lot of work in the background to prevent hacking attempts on your organization’s Google accounts, monitoring for suspicious access attempts and incoming email to your domain. But to provide these services, Google needs enormous visibility into how you use your account.

When users connect to Google services, the connection is protected by strong encryption, making it unreadable to eavesdroppers as their data moves across the web to Google’s data centers — a global network of facilities for storing backups of user data. Similarly, data at rest on Google’s servers is stored in an encrypted format so that it can’t be read unless someone with the necessary access needs to unscramble it.

Google has many reasons why they might end up reading your data.

G Suite is a little different than other Google services. You might expect Google to use your G Suite data to target ads. In fact, they say that they do not use G Suite data for advertising. Instead Google leverages G Suite user data for several purposes, including filtering for spam, malware or targeted attack detection, spellcheck and for assisting with search within a user’s Google account. They may scan for content that is illegal, or in violation of Google’s policies.

We've seen examples where journalists' work has been inadvertently flagged in violation of Google's terms of service, even when there were no violations.

Has anyone had @googledocs lock you out of a doc before? My draft of a story about wildlife crime was just frozen for violating their TOS. — Rachael Bale (@Rachael_Bale) October 31, 2017

Google may also be compelled to share relevant user data as part of law enforcement investigations.

Though G Suite can be configured to comply with dozens of standards for storing sensitive data (e.g., HIPAA for protected health information) these protections do not promise end-to-end encryption, meaning that your data is usually still stored in a format legible to the company.

Physical protections

Google says that they provide several protections for their data centers. Employees need an authorized key card, and approval from their manager and the data center director to enter authorized parts of the building. Closed-circuit TV cameras are inside and outside of these buildings, recording at all hours of the day, every day of the week. They provide some interesting details, down to the number of days these recordings are retained. (It’s 30 days.) They log and audit access. Their servers detect and remove unexpected modifications to the software, so both physical and remote attacks would be tough to pull off.

While we have a lot of details about their infrastructure, we don’t know as much about the humans behind the infrastructure. That is, we don’t know much about how many people at Google have access to user data, nor how that access is determined. What kind of user data might they have access to, and under what circumstances? How many people can actually pull user data, say, responsive to a legal request? We don’t know.

What we can say is that Google has said in their security documentation that they constrain the number of employees who have access, log employee access to user data, and conduct both internal and external audits on employee access. Employees caught abusing their access would likely be fired, and may face legal action.