Security threats Toolkit

Google admits Desktop security risk

Tags:
Desktops,
Beta

Tom Espiner ZDNet.co.uk

Published: 20 Feb 2006 16:40 GMT

Businesses have been warned by research company Gartner that the latest Google Desktop Beta has an "unacceptable security risk".

Google Desktop allows indexing and searching of PCs' hard drives, and sharing of information through a feature called Search Across Computers. This enables users to search for information within a network such as an intranet.

The risk to enterprises, according to Gartner, lies in how this shared information is pooled by Google. The data is transferred to a remote server, where it is stored and can then be shared between users for up to 30 days.

Gartner said in a report on Thursday that the "mere transport [of data] outside the enterprise will represent an unacceptable security risk to many enterprises", as intellectual property could be transported out of the business.

Google told ZDNet UK on Monday that it recognised the risk, and recommended that companies take action. "We recognise that this is a big issue for enterprise. Yes, it's a risk, and we understand that businesses may be concerned," said Andy Ku, European marketing manager for Google.

Google confirmed to ZDNet UK that data was temporarily transported outside of businesses when the Search Across Computers feature was used, and that this represented "as much of a security risk as email does".

"Theoretically any intellectual property can be transferred outside of a company," said Ku. "We understand that there are a lot of security concerns about the Search Across Computers feature, but Google won't hold information unless the user or enterprise opts in [to the feature]."

Google said that security was the concern of individual businesses. "The burden falls on enterprises to look after security issues," said Ku. "Companies can disable the Search Across Computers facility."

Gartner said that sensitive documents may be inadvertently shared by workers, who may not have specialist knowledge of regulatory or security restrictions.

Google said it was unable to comment on the risks posed when individuals sharing sensitive information. "Some users may, and some users may not be able to," said Ku, adding that companies should follow their own policies.

"At the end of the day, each company should make its own decision. If they are uncomfortable, they shouldn't enable the feature," Ku said. "It's about what a company deems to be best corporate policy."

Gartner has recommended that businesses use Google Desktop for Enterprise, as this allows systems administrators to centrally turn off the Search Across Computers feature, which it said should be "immediately disabled".

Companies "must also evaluate what they are allowing to be indexed, and whether they are comfortable that they can adequately bar the sharing of data with Google's servers," said Gartner.

Google agreed that Google Desktop Enterprise would better mitigate security risks. "If you're given a choice, choose Enterprise," said Ku.