By Andy McCue, 2 March 2006 13:20
NEWS
UK IT bosses are already taking measures to ban employees from downloading Google's Desktop search software on PCs and laptops because of the security risk to corporate data.
Analyst Gartner last week warned that the 'search across computers' feature on the latest version of Google Desktop poses an "unacceptable risk" to many organisations because it allows people to share information and also stores some of that data on Google servers.
Google claims the enterprise version of the software includes security management controls to address corporate security concerns but a sample of UK IT bosses in silicon.com's 12-man CIO Jury user panel said they had already banned or planned to ban any use of Google Desktop within their organisation.
Phil Young, head of IT at Amtrak Express Parcels, said his organisation's policy is to ban any third-party software that presents a security risk.
He said: "If found by our software auditing tools such installation will be removed and our policies and procedures will be updated accordingly. I think Google is playing with fire in the corporate arena with this latest software."
Mark Saysell, IT director at Coutts Retail Communications UK, said he is planning a network audit to find rogue installations, which will then be de-installed. New security measures will also be put in place to prevent further downloads.
He said: "Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access."
The London Borough of Newham is about to update its information security policy in light of Google Desktop with a recommendation that the software must not be downloaded onto any Newham PC.
Richard Steel, head of ICT at Newham, said: "This is because Newham data will be copied onto Google servers and kept there indefinitely. There is no contract in place between Newham and Google for secure data handling, and under their terms and conditions, they retain the right to search the data for their own purposes."
It is a view backed by Nicholas Evans, European IT director at Key Equipment Finance. He said: "Google has crossed the line from Desktop as a personal search engine to being a tool that can be used to exploit security weaknesses. The sending of data back to the servers only confirms the security risk."
Steve Noyes, CTO at the Met Office, said it isn't just Google Desktop that poses a problem for his organisation. "We have recently stopped people using Google Earth because it has adverse impacts on our networked desktops," he said.
John Odell, group IT director at the BBA Group, described it as a "necessary consequence" of managing "consumer tech" in the enterprise.
Today's CIO Jury was
Neil Bath, IT director, Brewin Dolphin Securities
Ben Booth, IT director, Mori
Les Boggia, IT division head, Carole Nash Insurance
Nicholas Evans, European IT director, Key Equipment Finance
Mark Foulsham, head of IT, eSure
Christopher Linfoot, IT director, LDV Vans
Steve Noyes, CTO, the Met Office
John Odell, group IT director, BBA Group
Andy Pepper, director of business information systems, Tetley
Mark Saysell, IT director, Coutts Retail Communications UK
Richard Steel, head of ICT, London Borough of Newham
Phil Young, head of IT, Amtrak Express Parcels
If you are a CIO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com's CIO Jury pool, or you know an IT chief who should be, then drop us a line at editorial@silicon.com.
Comments
There are 7 comments. Join the discussion
1. anonymous
why no comment from Google? Kind of a one sided story yes?
2. Gars Deville
It's my understanding that data doesn't egress the corporation UNLESS the advanced feature is specifically enabled.
In my corporate environment, any http requests would provoke an authentication popup. I have been using GDS Enterprise for some time now wiothout any adverse effects.
3. Robert Rak
I'm 17 years old and I'm smarter than all of your IT Directors, amazing...
In regedit (I hope you guys can get there) find HKLM\Software\Policies\Google\Google Desktop\Enterprise and set disallow_ssd_service to '1'
4. Eric Peterson
CEOs and CIO's how about you RTF license agreement? That's what its there for... don't ban software because you are ignorant, ban it for a reason. I am so sick of these huge corporations downplaying Google. Google is a great business, they suppport open source and provide all kinds of great services for FREE. I don't see many other corporations offering those kinds of deals... instead they sell inferior software for outrageous prices. Somehow Google's stock seems to have been doing a lot better than anyone elses too... The next time I hear something like "Google has definitely over-stepped the mark..." or "Google has crossed the line..." I think I'lb be sick. And what are you IT people doing letting employees install arbitrary software on work computers anyways?
5. Dean Mitchener
If google didnt try it someone else would have, Global information enteprises will die unless they continually push the envelope. In any case I agree with a lot of the comments. Companies should have measures preventing the installation of any third party software with emphasis on browser installs.
6. Phil Young
It's a good job CIO's employee good people like your good self then! ;-)
I would like to add that going around xx thousand PC's to stop a security breach by making the change you have given may mean that the security has already been breached? if you get what I mean (chicken and egg).
7. Phil Young
Like you say, until now Google has been a great business tool. Our positions are one of governance and ensuring security. Anything seen as a potential threat has to be stopped and a review of it taken.