Google continues to roll out new applications to make sharing information easier. Kudos to them for some really creative programming. From a security point of view, though, you have to wonder what they are thinking.
Their Google Apps Team Edition allows employees to sign up for the Google Applications without any assistance or oversight from IT. Team Edition contains the core applications and collaboration services like the word processor, spreadsheet, Start page, Talk instant messaging and calendar, but does not include Gmail.
In any regulated or litigious industry, this is a recipe for disaster. You might save a few bucks on word processing and spreadsheet software but you’re going to pay far more the first time you have to comply with an electronic discovery request or get into a dispute based on the Terms & Conditions of the application. No only are you putting your confidential data in someone else’s hands and trusting to the security of their data center with little or no evidence of their worthiness of that trust, you’re also still exposing all your data to the Google search indexing algorithms. (For more, see the Tip from April 2007.)
Luckily, you can block the worst aspects of the application/data sharing without having to block off all of the google.com domain. If your internet filter has a category for filesharing or for “Network Storage and Backup”, make sure that category is blocked. You should also strongly consider blocking any category about “Web chat” so you don’t have to worry about electronic discovery requests for instant messages that you didn’t properly control.
Read more about Google Apps latest attempt to bypass the business at ComputerWorld.com.
Update to Suing the scareware vendors (27 Oct 2008)
The Federal Trade Commission has gotten a restraining order against two companies who were marketing scareware software. It’s very good to see law enforcement successfully prosecuting these scammers. Remember, however, that there are lots more out there. Always be suspicious of pop-up ‘alerts’ and ads warning you about “illegal porn content” or “compromised software” on your computer. Read more at the FTC’s consumer alert page.