Gartner warns over Google Desktop

By Steve Malone

Posted on 21 Feb 2006 at 10:37

Research firm Gartner is the latest company to warn organisations of the security risk presented by Google's Desktop 3. In a report, Gartner concludes that the danger of company confidential data being intercepted outside the corporation's firewall represented an 'unacceptable risk'.

Version three of the Desktop file management tool includes a controversial 'Search Across Computers' feature which allows a user to set certain files held on a particular machine to be made available as part of the search results from another PC. The problem is that the information is actually held and indexed on Google's own machines for up to 30 days and is transported across the Internet, potentially making it vulnerable to interception.

Google admits that while the data on its servers will be encrypted with only a handful of employees able to read the files and virtually none permitted to do so, the data itself will be in text form while it travels across the Internet. The search engine points out that this makes it as secure or as insecure as the typical email. Nevertheless some companies will have data that they definitely wish to keep within the confines of the organisation itself.

Gartner recommends that corporations that have company sensitive information and have users who wish to use Google Desktop should upgrade to the Enterprise version that allows the 'Search Across Computers' feature to be turned off for all employees. The analysts also suggest that company's conduct an audit of the data they are allowing be indexed, and decide whether they are happy that they can adequately bar the sharing of data with Google's servers.

Earlier this month the digital civil rights group the Electronic Frontier Foundation pointed out that the mere fact that Google held the shared information on its own servers made it an easier target for Government or anyone else with the appropriate legal subpoena to demand access. The point has been underlined by Google's battle with the DoJ, which has demanded to see search logs as part of its investigations into paedophilia.