SAC has always been controversial. The EFF (Electronic Frontier Foundation) urges consumers not to use this feature, because it will "make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password." Research firm Gartner Inc. issued a recommendation that the Search Across Computers option should be disabled or heavily managed by enterprises.
Google's Enterprise Team agreed with Gartner's recommendation, and said enterprises should use the Google Desktop for Enterprise edition immediately and restrict its use accordingly. The Enterprise edition includes a Group Policy Administrative Template so that administrators can disable features such as the Search Across Computers. Administrators also have the ability to set time-based retention policies for different types of documents.
Security concerns about Google Desktop security surfaced in early 2007 when Web application company Watchfire Corp. found a series of vulnerabilities that could allow a hacker to gain remote access to sensitive data, and in some cases, gain full-system control. As a result of this serious flaw, Google changed some of the internal workings in version 5. Since then, no other security flaws have surfaced, but concerns over privacy have been ongoing.
As with most Google applications, the disclaimers that you implicitly agree to allow future changes in the license agreement. Could Google start scanning your files in order to serve targeted advertising? At the end of the day, using SAC means that your personal or business data is being stored on a third-party server, and you need to appreciate the risks this involves. If your Google account is ever compromised, any data that has been indexed may be readable by whoever accesses your account.
For many mobile workers working from different machines, being able to access files on multiple machines makes life a lot easier. SAC could also be a life saver if a laptop is stolen or a PC's hard drive fails. Google does have a good track record of protecting users' data from the authorities, but even so, it may be too much of a risk for many enterprises. If so, either use Group Policy or configure your firewall to block access to http://sac.enable.desktop.google.com, which will completely block both incoming and outbound Search Across Computers activity.
Dig Deeper on Web application and API security best practices
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading