Is there any reason for the average enterprise to be concerned about data leaks as a result of the Google Street View controversy? How do I know if
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Google certainly has access to corporate data it isn't intended to have, such as search queries, email of employees using Gmail accounts against policy and, potentially, indexes of misconfigured internal sites. In this case, Google might have captured all corporate Wi-Fi traffic when it mapped near corporate locations, Google, however, should probably be the least of companies' Wi-Fi security concerns.
The privacy impact could potentially be a larger issue, but from a security perspective, whatever Google captured, an attacker could also easily capture and use maliciously. If an enterprise's wireless network security was not sufficient to prevent Google from collecting data using this Wi-Fi sniffing method, then an attacker could have just as easily identified the insecure setup and exploited it to attack the enterprise's systems. The data is of questionable value to Google, and the odds of the company using it to attack an organization are very low.
Enterprises concerned about the Google Street View controversy and the data collected should be more concerned about the use of an unencrypted or insecure wireless setup on their network. An enterprise could assume all users are going to connect to its network securely via VPN or some other encrypted connection before accessing corporate data, but then its concerns over the data Google potentially captured would be minimal. Enterprises that are concerned with potentially captured data may want to review Google's privacy FAQ to see how the company stores and uses the data.
This was first published in November 2012