Google Desktop gets scarier

Google recently released Google Desktop 3, which includes a nifty new feature called "Search Across Computers." This function has an innocuous-sounding purpose -- it allows you to search any of the computers you own, linked by your Google account. The benefit is that you're able to search for a document on your desktop when you're on the road using your laptop or search your home PC from work, etc.

Wondering how this great service works? It maintains a centralized index of your files on Google's server farm. To quote from the Google Desktop Privacy Policy: "If you choose to enable 'Search Across Computers,' Google will securely transmit copies of your indexed files to Google Desktop servers, in order to provide the feature." By this point, you probably have a good idea why you don't want this product running unfettered in your enterprise. But, there's plenty more.

More Google information Learn how to block DSEs in this tip. Protect your business from a Google hack. Find out more about Google hacking.

Google's well-publicized philosophy is to "Do No Evil." However, even if you trust Google to be a responsible steward of your organization's data, you should consider these factors:

• Google accounts are owned by individuals, not companies. If one of your employees links a corporate desktop to his or her personal Google account, you're bound to have issues down the road. What happens when that employee leaves the company and still has access to cached data?

• You may have data that you're not entitled to share. Do you have customer data that's subject to privacy laws or policies? If so, does storing this information on Google place you in violation of those policies?

• Do you really trust Google? Their policy says that they will handle desktop search data as "personal information." However, in another policy document, they list acceptable uses of personal information and have some frightening clauses. Those include the ability to use your personal information to display customized content and advertising, and the use of this data for "auditing, research and analysis."

• Do you trust the countries in which Google does business? If you choose to use this application, you'd better. The Google privacy policy states that they reserve the right to process your information on servers outside of the United States. Remember, the search and seizure laws outside this country vary dramatically.

About the author
Mike Chapple, CISSP is an IT Security Professional with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Mike is a frequent contributor to SearchSecurity, a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.

Rate this Tip To rate tips, you must be a member of SearchSecurity.com. Register now to start rating these tips. Log in if you are already a member. BROWSE BY TAG Threat Monitor,   Application and Platform Security,   Securing Productivity Applications,   VIEW ALL TAGS Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Threat Monitor Cut down on calls to help desk with cybersecurity awareness training How to detect software tampering How to prevent phishing attacks with social engineering tests An enterprise strategy for Web application security threats How SSL-encrypted Web connections are intercepted How a corporate Twitter policy can combat social network threats Cyberwarfare and the enterprise: Is the threat real? Software security threats and employee awareness training Newest malware threats How to defend against rogue DHCP server malware Securing Productivity Applications Quiz: How to build secure applications How to detect software tampering Adobe fixes 29 flaws in Acrobat, Reader Adobe warns of critical update for Reader, Acrobat 9.1.3 Why should we place data files on a separate partition than the OS? Adobe updates ColdFusion, JRun, Flex Serious Adobe Flash flaw being exploited Adobe acknowledges serious Flash zero-day vulnerability Adobe issues security advisory for Flash zero-day flaw When to use the service features of the Metasploit hacking tool RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary sheepdip  (SearchSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.