February 20, 2006 9:50 AM PST
Google admits Desktop security risk
On Feb. 9, Google unveiled Google Desktop 3, a free, downloadable program that includes an option to let users search across multiple computers for files. To do that, the application automatically stores copies of files, for up to a month, on Google servers. From there, copies are transferred to the user's other computers for archiving. The data is encrypted in transmission and while stored on Google servers.
The risk to enterprises, according to Gartner, lies in how this shared information is pooled by Google. The data is transferred to a remote server, where it is stored and can then be shared between users for up to 30 days.
Gartner said in a report on Thursday that the "mere transport (of data) outside the enterprise will represent an unacceptable security risk to many enterprises," as intellectual property could be transported out of the business.
Google told ZDNet UK on Monday that it recognized the risk, and recommended that companies take action. "We recognize that this is a big issue for enterprise. Yes, it's a risk, and we understand that businesses may be concerned," said Andy Ku, European marketing manager for Google.
Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as e-mail does."
"Theoretically any intellectual property can be transferred outside of a company," Ku said. "We understand that there are a lot of security concerns about the Search Across Computers feature, but Google won't hold information unless the user or enterprise opts in (to the feature)."
Google said that security was the concern of individual businesses. "The burden falls on enterprises to look after security issues," Ku said. "Companies can disable the Search Across Computers facility."
Gartner said that sensitive documents may be inadvertently shared by workers, who may not have specialist knowledge of regulatory or security restrictions.
Google said it was unable to comment on the risks posed when individuals share sensitive information. "Some users may, and some users may not be able to," said Ku, adding that companies should follow their own policies.
"At the end of the day, each company should make its own decision. If they are uncomfortable, they shouldn't enable the feature," Ku said. "It's about what a company deems to be best corporate policy."
Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled."
Companies "must also evaluate what they are allowing to be indexed, and whether they are comfortable that they can adequately bar the sharing of data with Google's servers," said Gartner.
Google agreed that Google Desktop Enterprise would better mitigate security risks. "If you're given a choice, choose Enterprise," said Ku.
Tom Espiner of ZDNet UK reported from London.
18 commentsJoin the conversation! Add your comment