November 27, 2006 12:15 PM PST

Security from A to Z: Google

What's Google got to do with security?

Well, rather a lot, when you consider the amount of data the search engine makes available to anyone with an Internet-connected PC and a curious mind.

roundup
The A to Z of security
Read the first part in our rundown of hot security topics, from antivirus to zero-day threats.

Phishers, for instance, are using it to get more sophisticated in targeting their victims (a technique that became prominent in 2005, known as "spear phishing"). In addition, a bit of quality Google time can unearth a surprising amount of data on an individual or company.

But when it comes to corporate security, it's Google Desktop that's keeping techies awake at night. The search application extends the Mountain View muscle to all the files contained on a PC's hard drive. That puts corporate data security at risk, U.K. heads of IT polled by Silicon.com said.

And they are not alone in that view. At the start of this year, a university and a manufacturing company in the U.S. banned Google Desktop for the risk it posed to sensitive data and the fear it might be trampling on U.S. privacy regulations.

Natasha Lomas reported for Silicon.com in London.

See more CNET content tagged:
Google Desktop, Google Inc., phishing, security, U.S.

1 comment

Join the conversation!
Add your comment
What is forbidden, is not allowed. What is allowed, wasn't forbidden.
Security used to be based on the latter; what's not nailed down is fair game. Leave everything open then lock it down or put a rule against it when an issue arises. Your users can connect to the internet but when browsing time outweighs work productivity, internet browsing policies get written.

Security needs to be based on the former; if it's nailed down, don't try and pry it up. Block everything then open things up only as needed. Not every work possition needs to access the Internet. Really, it's true. The receptionist doesn't need access to google though they may need an internal phone listing website or external office supply website. The data entry clerk doesn't need internet access to transcribe information from print too database (they still exist in banks if no where else); it's been observed directly, productivity jumps when you can install a workstation without an internet browser.

The more recent focus on information security is causing some tensions as users are suddenly not able to do everything they could yesterday. It's easy to give rights but damn near impossible to take them away without complaints. This is more apperent where the CIO must answer to budget approving executives that force uneducated decisions; "No. We want windows because we recognize it. We don't care if a faster, more secure and completely capable workstion is available. We're afraid of things we don't know."

- sidenote; the worst report I've heard so far is a CIO with his hands tied because the budget authority doesn't want the staff to have a better "computer expierience" at home than they do at work. It's a security effecting information system decision made purely on "keeping up with the neibours". Workstations are for work. They shouldn't have anything on them that's not needed for the job. Idealy, user storage shouldn't even be on the local machine, it should be on your business' network storage shares. I don't envy that poor CIO at all.

But the connection too the article is that users should not be able to (forget "allowed" to, we're past that) install software on there work machines. They log-in, they work, they log out. It is the responsibility of the IT department to do things to the machine so users can do withings with the machine.

The issue shouldn't be *if* users install Google Desktop or similar software on there workstations, it should be *why* where they able to in the first place.
Posted by jabbotts (492 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.