SAC has always been controversial. The EFF (Electronic Frontier Foundation) urges consumers not to use this feature,...
because it will "make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password." Research firm Gartner Inc. issued a recommendation that the Search Across Computers option should be disabled or heavily managed by enterprises.
Google's Enterprise Team agreed with Gartner's recommendation, and said enterprises should use the Google Desktop for Enterprise edition immediately and restrict its use accordingly. The Enterprise edition includes a Group Policy Administrative Template so that administrators can disable features such as the Search Across Computers. Administrators also have the ability to set time-based retention policies for different types of documents.
Security concerns about Google Desktop security surfaced in early 2007 when Web application company Watchfire Corp. found a series of vulnerabilities that could allow a hacker to gain remote access to sensitive data, and in some cases, gain full-system control. As a result of this serious flaw, Google changed some of the internal workings in version 5. Since then, no other security flaws have surfaced, but concerns over privacy have been ongoing.
As with most Google applications, the disclaimers that you implicitly agree to allow future changes in the license agreement. Could Google start scanning your files in order to serve targeted advertising? At the end of the day, using SAC means that your personal or business data is being stored on a third-party server, and you need to appreciate the risks this involves. If your Google account is ever compromised, any data that has been indexed may be readable by whoever accesses your account.
For many mobile workers working from different machines, being able to access files on multiple machines makes life a lot easier. SAC could also be a life saver if a laptop is stolen or a PC's hard drive fails. Google does have a good track record of protecting users' data from the authorities, but even so, it may be too much of a risk for many enterprises. If so, either use Group Policy or configure your firewall to block access to http://sac.enable.desktop.google.com, which will completely block both incoming and outbound Search Across Computers activity.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.