Slashdot Mirror
Google Copies Corporate Data to Google's Servers?
Penguinisto writes "According to Silicon.com, some CIOs have been seeing their company data being transferred to Google's servers as part of Google Desktop's functionality." From the article: "Mark Saysell, IT director at Coutts Retail Communications UK, said he is planning a network audit to find rogue installations, which will then be de-installed. New security measures will also be put in place to prevent further downloads. He said: 'Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.'"
This article is a joke. It's all about quoting people talking about how dangerous the new version of Google Desktop is when Google is very up-front about telling you what features will result in data being copied, and how to turn it off.
IT'S DISABLED BY DEFAULT. You have to WANT to turn it on.
Lousy reporting, is what this is.
If CIOs don't want people using Google Desktop, then make it a policy that they should not use it. Enforce the policy. End of story. Don't blame Google for making a tool that a lot of people find useful. There are other ways to give your enterprise the same capabilities without compromising your data.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
I work in a bank and while I don't have files relating to customer information on my PC, I'm pretty sure I'd contravene some kind of law if I were to install Google Search & some files were transferred to Google. If I did have customer files, I'm almost certain some law would be broken if those files were sent to Google.
If CIOs or others want the kind of functionality & productivity that Google desktop search can provide, let Google sell local servers (same as they do for web search engines) so these companies can buy them and get the tools that way without the data ever leaving their networks & control.
Except, as we've seen, even the great google has software vulnerabilties. Whether they are trying to be good citizens is irrelevant. What happens when hackerX finds a hole and has access to * corporations NDA type information. I know I'd rather have it stored away on an internal server behind a vpn and several firewalls with IP based filtering than on google's network, but that's just me.
You;re forgetting crucial items, such as payroll and customer information like personal info and credit card info, for example. These two things alone would convince me to lock down my workplace from using Google Desktop. That is data I don't want easily distributed in any fashion.
... CIOs have been seeing their company data being transferred to Google's servers ...
No wonder Google doesn't want to cooperate with the Justice Department's request for information. They're running warez servers!
I still submit they honor their "do no evil" credo.
Do No Evil Unless It's A Good Business Action
re: China
Your hair look like poop, Bob! - Wanker.
This isn't an issue with google. It's an issue with the users.
Search across computers is disabled by default. It doesn't even ask you to enable it in the intaller. You have to hunt through the options to turn it on.
It's not google "overstepping the mark" it's incompetant users changing settings they don't understand.
On a different note, if I were a sysadmin, then I would not be letting them install GDS anyway, without authorisation. They are company machines, subject to company rules, and should only run company software.
Snort signatures for the google desktop and download of google desktop can be found here.
If you're really worried.
Your sig(k) has been stolen. There is a puff of smoke!
Is it really asking too much of an Admin to maintain good software installation permissions and policies? If untrustworthy users have been given high enough authority to install their own software then Admins have no one to blame but themselves.
Well you can probably blame management too.. thats always good.
Are you nuts? The spreadsheet on your desktop might contain important customer data, sensitive personal communication, or god knows work. And Google is taking it upon itself to upload it, unencrypted, over the internet.
And uploading my data to a server controlled by a company that employs some of the most talented people in data mining is just asking for trouble.
Conformity is the jailer of freedom and enemy of growth. -JFK
There are certain laws in place that regulate how confidential patient information is passed around (HIPPA). I'm fairly certain that should an employee have such information on their desktop and it's copied up to Google, that would constitute a breach of those laws.
Because of this, our desktop folks have decided that Google Desktop is not something that can be installed. It's a shame, too, as there's lots of "benign" features that we miss out on because of it.
Google Desktop is doing what it's designed to do: keep user's data on central servers so it's accessible from anywhere. It's just that it makes the assumption that all of the computer belongs to the user. Obviously in a corporate environment that's not the case, but Google Desktop doesn't know what kind of computer it's on so it can't do anything about that. The company needs to be more emphatic about the "no unauthorized software" rule (they do have a "no unauthorized software" rule, don't they?).
This is where Google's greatest value really lies: data mining. The possible advertising revenue pales in comparison to the value of the corporate (and even consumer) intelligence that Google collects. Simply being able to detect that persons in company x are suddenly interested in company y and that investment bank z is also interested in company y would allow one to predict things like mergers. Increased specific searches around the holidays might help predict which retail chain might do well. The power of Google should not be underestimated.
Woverly Harris Gooch, IV CTO American Fire and Bomb, LLC
Tell your employees not to install the software. Its not that hard. And if the employee does install it, hold that person liable for the data transfered.
Click Click Bloody Click PANCAKES!
They should also forbid/filter HTTP POST requests, IM file transfers, e-mail attachments, and any internet application that would allow the enterprise data to flow out of the company network.
This style of ruling totoally miss the point. You should teach your employers to generally avoid leaking enterprise data out of the company network and the risks of using certain applications. It is not to disable or to forbid the use of certain programs. Google Desktop Search is not built to compromise your data security, especially when this contradictionary function is turned off by default. It is your disloyal employer who you should be careful about. Your employ will always find a way if he wants to leak the enterprise data.
By doing what? Releasing a software package which does exactly what it says it does?
Might as well say the people who wrote FTP overstepped the mark as it doesn't stop people from sending sensitive data outside the company.
If you liked this thought maybe you would find my blog nice too:
I use Google desktop, and find it very handy. It's quite possible I'll have to give up using it because of this issue. That doesn't make me feel well-disposed towards Google, or inclined to try any new products they might release.
If these people have such sensitive data on their machines why the hell are they allowed to install any random software off the web onto them?? You can get "software" that does waaaaaaay more than just cache some of your files online, and you might not even know you installed it.
It seems to me that Google is in the same position that Microsoft was years ago, when corporations all ran Netware or IBM servers because Microsoft products were naive about corporate reqirements. Google will probably climb the learning curve faster than Microsoft did, but they aren't there yet. /. readers who make suggestions like "forbid installing the software" or "fire users who do it" also don't understand corporate IT. Some corporations have desktops locked down so users can't install software, but some don't because their users are higher level and need to install selected applications.
The suggestion to fire users who turn on the data upload is also hated by IT managers. Corporations are full of clerks and other mid-level people who never read IT policy documents, don't really care about security, and like to turn on cool features. The IT manager is not going to look good if he tells HR "Sally who is otherwise a great employee checked this box because she didn't know she shouldn't, so now you have to fire her".
IT managers differ, but they generally want to give users as much functionality as possible, as long as they are sure it is safe and reliable. What an IT manager probably wants are network-level options to (1) forbid Google desktop entirely, (2) allow it but disable the data-sharing features, (3) leave it up to the user, or (4) do a mandatory (push) install to all desktops. Then the IT manager would want a web page or other report to see who had done what.
When Microsoft figured out requirements like these, they invented Active Directory and its Group Policy component. Look at products like Symantec Antivirus Corporate, where you can look at all desktops and verify their antivirus status from a central console, or Microsoft's own free WSUS which lets you make sure everybody in the corporation has installed all critical patches.
These are the kinds of solutions that work in the real world as opposed to firing people, and as soon as Google figures this out they will be a lot more popular on corporate desktops.
$ORGANIZATION is about to update its information security policy in light of Google Desktop with a recommendation that the software must not be downloaded onto any
For heaven's sake, what planet do these people that are allegedly responsible for IT come from? Let's see:
I've worked as an IT director in a few financial services companies over the last ~20 years, and everyone employed there, on their first day, had to read and sign something like this:
We would install or make available external software if it was useful and appropriate, after testing it. Otherwise, no dice. Will some people complain? Absolutely! Tough shit.I'm confused...google could have its cake and eat it too if they did this feature right.
Here's how it ought to work. Everything is encrypted client-side before being sent up to the google servers in a way that google can't decrypt based on your user account password guarding public/private keys you generate per machine in the GDS front-end. Only the public keys are shared across the network, the data is completely encrypted everywhere except the endpoints. What's the problem?
Ah ha!, you say, the problem is that they mine that data on their servers for information they can use to advertise at you. First, is this true? I haven't been able to confirm it, though it seems in line with their advertising model. Second, assuming it is true, there's no reason GDS can't create some kind of index over your data client-side and then send up the statistical summary of the info it mined. That way, there's no way the docs could be reconstructed, google gets their ad revenue, and users get their functionality without having to worry about data on google's servers.
Anyone have any notion of why this wouldn't work?
but have you considered the following argument: shut up.
My company now forbids using Google Desktop because of this feature.
Yes, it's off by default.
Yes, you have to go out of your way to turn it on.
Yes, they keep track of what's installed on everyone's machine.
Yes, there are ways around that -- but for safety's sake, I now use MSN's local search.
Google's product is forbidden.
So google (you listening?) -- how about local-only version for us corporate folks, with the upload option completely removed?
We get a version that can be blessed by IT, you keep your user base.
Seems like a winner to me.
If this had been a Microsoft product, the tune here would be different. Much different.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
"The first person who gets kidnapped because their financial data was copied by Google and then accidentally leaked by the secret service will not be happy."
I submit to you that the second and third people this happens to will also be unhappy.
The fourth, however will be thrilled to death, (as a result of his kids not paying the bounty).
-nB
whois gawk date unzip strip find touch finger mount join nice man top fsck grep eject more yes exit umount sleep dump
But maybe they should default to disabled and not offer the choice during install. Just put it somewhere in the preferences where people who can't read won't go.
Slashdot anagrams to "Sad Sloth"
If in order to make your point you have to make up an imaginary viewpoint that would occur under an imaginary situation, and then accuse other people of holding that imaginary viewpoint under your imaginary situation...
You don't have a point at all.
It took a bit to dig this up, but it turns out that if you set the registry key:
HKLM\Software\Policies\Google\Google Desktop\Enterprise -> disallow_ssd_service
as a REG_DWORD to '1'
Google Desktop won't let you use the "Search Across Computers" feature. (I tried it.) You can set that key in the group policy scripts relatively easily.
How about this. Why doesn't google pick some obscure port for getting this data, make it public, and if the corp security guys want to stop the google copy, block the port on the F/W, problem solved!!!!
MrJynxx
"He said: 'Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.'" My favorite part of the story.. Draconain eh? why was the install allowed in the first place? Ever hear of group policy?
This is the crucial difference between shooting someone into the heart vs. letting a careless person to borrow your handgun. In former case you do the deed. In latter case you set up the trap and wait until someone falls in. You don't even care who, as long as enough people enable this feature. In a large company 999 employees may be wise, but it takes only one stupid secretary to publish the whole company's network shares that she can read - and Google says that they can't promise that the data - any data - will be ever fully deleted. Technically that might be true (due to backups, distributed storage, etc.)
Microsoft doesn't copy local files to their server.
Justice is the sheep getting arrested while an impartial judge declares the vote void.
If they really do not want to be evil, they should:
In other words, I would like to see Google Desktop use e.g. a specific source and/or destination port that can be blocked at packet filter level, and I would like to see this documented. I haven't verified whether it does so already, though.
http://erichsieht.wordpress.com/category/english/
I actually sent out communication to our employees last week requiring users to disable the "Search Across Computers" functionality (which we're monitoring) rather than requiring them to remove it completely. Additionally, I have the Windows administrators investigating the possibility of using the GDS Enterprise solution, which has full AD support and the ability to disable Search Across Computers through Group Policy.
There is an Enterprise version of Google Desktop that you ask for, except maybe #2. But I don't think they use a specific port - I assume it's all web service-based.
The 'hard to dig up' bit was because I had to download their Enterprise version, read its documentation, and interpret the Group Policy Template to figure out what the registry key was. If it was actually trying to roll something out company-wide they've gone to great lengths to make it easy.