Google Apps optimize

Poll: Does Google Docs' security glitch make you less likely to store documents in the cloud?

Google has acknowledged a software bug that allowed unauthorized individuals to view a small percentage of documents stored on company's Google Docs platform. Does Google Docs' security glitch make you less likely to store documents in the cloud? Take our quick poll and let us know what you think.

Cloud computing may very well change the IT landscape, but the technology still has significant security challenges to overcome. On Saturday, Google acknowledged that a small percentage (less than 0.05%) of documents stored on the company's Google Docs platform were accessible by people who should not have had access.

In a post on the Company's Google Docs blog, Jennifer Mazzon, Google Docs Product Manager, wrote the following:

As we noted in the Google Docs Help Forum yesterday, we've identified and fixed a bug where a very small percentage of users shared some of their documents inadvertently. The inadvertent sharing was limited to people with whom the document owner, or a collaborator with sharing rights, had previously shared a document. The issue affected so few users because it only could have occurred for a very small percentage of documents, and for those documents only when a specific sequence of user actions took place.

I applaud Google for notifying its users of the glitch and security implications, but the incident illustrates the significant security hurdles cloud computing platforms must overcome. I'm still leery of trusting a third-party with my private documents. What about you?

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

33 comments
Spiritusindomit
Spiritusindomit

"For the time being" I'm sure they'll fix it eventually, and when they do, I have no issue storing medium-sensitive data online.

timmyjohnboy
timmyjohnboy

Umm, when it comes to "private" documents, we should ALWAYS be leery about how we share them. I'm not that worried about sharing docs on Google Docs because I don't have any "classified" or private information in them. It's the same idea as if you don't leave anything of value in your car, someone won't bust the window to rob junk.

laurie.passini
laurie.passini

The security glitch didn't influence whether or not I would use google docs because I already don't use google docs for this very reason!

charleswdavis6670
charleswdavis6670

If you think that docs on Google would be a problem, think of Intuit's QuickBooks Online... Your Company's financial documents online... Your customer list online... Your project list on line...

groobiecat
groobiecat

It's not just security, there are a LOT of other reasons why cloud-based docs aren't ready for primetime. One is simple: formatting. If you're a professional putting together serious, well designed documents, online document development is the rough equivalent of WordPerfect circa 1994. Not good. Me? I think that "mini-clouds," where homes or micro-regions access applications through dumb terminals would be interesting. But no way I'd develop any real, mission-critical docs via google. It's purely for recipes and kids' homework projects at this point. Also, what happens when your Internets goes down? You need to still work on that doc. Yeah, it's an ideal years away from being realized.

techgecko
techgecko

I replied no. Just better informed. I am selective about what and with whom I would trust the info. Compared to the way other companies treat user security and their response Google has earned the right to store certain stuff for me. Where do I want to go today?

jasonemmg
jasonemmg

I would never trust an outside company such as Google to store my employers most important documents!!

robo_dev
robo_dev

You already trust many outside companies to store all the data of you,your employer, and your employees. Who hosts your payroll, ADP? Insurance? Aetna or United Healthcare? Your tax and social security data? (IRS) Who handles your offsite backup tapes? Iron Mountain? Those are all outside companies, right? My point is not that google is especially good or bad, my point is that everybody has a kneejerk reaction with respect to storing their documents online, that may not be based in reality. My point is that Google is no different....

kenneth.kelley
kenneth.kelley

That's information about me - but it is not my data. I may be inconvienced (as in a particular transaction may be delayed) if the cloud isn't available, but I'll always have my data. I may have serious problems if my personal information is compromised, but there is always legal recourse of some kind or another if that happens. Bottom line - I'm not putting my stuff in any cloud!

beldar33
beldar33

I must be missing what segment of folks believe the cloud is a stable enough entity to put their business's productivity and lifeblood(data) there. Until any ISP can guarantee the five 9's of uptime...(99.999%)on a single pipe then cloud computing will remain a NOVELTY for folks who have a small amount of technical understanding.

JackOfAllTech
JackOfAllTech

Only an idiot would store an unencrypted sensitive document in a non-secure environment.

SKDTech
SKDTech

but my answer is still yes, I am less likely to store documentations in the cloud.

CharlieSpencer
CharlieSpencer

There is nothing less than 'Not gonna happen', and I was already there.

Dumphrey
Dumphrey

I never thought this was a good idea to begin with. Have flash drive, will travel.

santeewelding
santeewelding

The (Hell's Angels) injunction of that two can keep a secret if one is dead. If kept anywhere but between your ears, it is not a secret. To begin with your own steampunk apparatus, you are no longer in the realm of "secret". You are, as Tony points out, in the village; the commons of the village. Drop the pretense. Maybe we all get somewhere.

Tony Hopkinson
Tony Hopkinson

Anyone surprised by this event needs to find another job, village idiot would be a good start.

seanferd
seanferd

so, "What he said." I don't much care for Google's practices anyway, nor am I much interested in a "public cloud".

boxfiddler
boxfiddler

But then I wasn't likely to store ANY documents in the cloud in the first place. And I am pushing very hard to move my organization away from GoogleApps. I would have voted, but neither Yes nor No was sufficient.

Bill Detwiler
Bill Detwiler

I debated about throwing in a third option for the situation you describe, but I thought it might confuse people. That's what the discussion thread is for.

Datacommguy
Datacommguy

Call me paranoid, but I have no plans to ever leave anything of mine out there in the "Cloud". And as far as work is concerned, with the massive regulatory oversight and audits from all directions taking place in the banking industry lately, I suspect it would be highlighted as a "Safety and Soundness" issue. Would have been even more interesting to see how the poll would have turned out if there's been a "Not now, not ever" choice though.

Bill Detwiler
Bill Detwiler

Google acknowledged on Saturday, that a small percentage of documents stored on the company's Google Docs platform were accessible by people who should not have had access. Original post: http://blogs.techrepublic.com.com/itdojo/?p=380 Does Google Docs' security glitch make you less likely to store documents in the cloud? Take our quick poll, and let us know.

mjc5
mjc5

Respectfully, anyone who would use the cloud probably thinks a sub-prime loan is a good thing. Unfortunately, the outcomes will be the same. a disaster. If your data is out there, it can and will be read.

chris
chris

have you tried to actually use docs? it's so slow. not worth it.

wcallahan
wcallahan

I think the answers should have allowed for the response "Were you ever likely to store documents in the cloud?" Cloud computing may be fine for some, but who in their right mind would put sensitive corporate documents outside of their control. Cyber theives now have a one stop shop for obtaining sensitive data. I have never been, nor will I ever be likely to store any document in the cloud.

steve
steve

To answer the poll question honestly, I would have to say no, I would not be less likely to store documents in the cloud. However, that overlooks an important factor. The factor is that I would not store documents in the coud to begin with. I also do not store documents on my laptop, in case it should be lost or stolen. I am sure that the cloud storage facilities are on the radar of crackers, and will eventually be cracked allowing that sort of person access to at least a certain amount of information that the owners would rather not have accessed by others.

robo_dev
robo_dev

I chortle every time I get an email from by co-worker, I'll call him Bill. Bill is pretty much afraid of everything. Video cameras in the digital TV box? No, Bill. Are food riots going to erupt in the streets of America? No, Bill, put the shotgun down. Is Google going to destroy my life and share my personal data with the world? No, Bill. This whole fear of cloud computing is nonsense. Your whole life already depends on data hosted on other people's computers, so what is so special about Google? Let's say you have a word document with a letter to mom 'in the Google Cloud'. This document is on a hard drive, in a data center, with certain security controls to allow access to one person, you. In a data center next to google, there is the server used by your health insurance company. Those records are in a database, on a hard drive, with certain security controls to allow access to one person, you, (and your doctor, your insurance company, and possibly your employer). Same thing applies to your credit data, your banking data, your drivers license data, your tax data, your credit card data, and so on and so on..... So what's the difference? And further, if you're looking to steal juicy and valuable data, what target do you go after? The server with the credit card numbers, or the server with 14 trillion word documents, including your letter to mom? And the bitter irony is this: my observation is that many of the people who mistrust any online data storage tend not to have the greatest protection on their home PCs. The current malware threat environment requires the very best software, tools, and even surfing practices. Using a script-blocking browser plug-in? Nope. Using the most secure email client? Nope. Using search-safety plug-ins like WOT or LinkScanner? Nope. So is that document safer on their local hard drive than in the nice warm google data center? I say no. First of all, unless you have a RAID-5 disk array on your home PC, or run a daily backup, one little power surge and POOF, your hard drive is a paperweight, and your document is in 'data heaven'. One good trojan-zombie-rootkit and now some script-kiddie in Amsterdam is browsing your hard drive. The Google Docs security glitch had to do with privilege escalation, not authentication. Therefore if you shared a doc with four Google users, then a couple of other authenticated Google users *could* have viewed it. Big waaaah..... But that's just my opinion, I could be wrong.....

boxfiddler
boxfiddler

I have to authorize it.

chris
chris

and share all your info and photos too? your argument is....odd

boxfiddler
boxfiddler

is that it is not there with my permission or authorization, and that if I had a choice I would not permit or authorize it. I've no choice, it's rhetoric, but it's rhetoric of immediacy.

robo_dev
robo_dev

Can I choose which server stores my driver license data, and what security controls protect that data? No. Where I live my fingerprint is on the back of my driver's license as a secure barcode. That data can be viewed by local, state, or federal law enforcement. My point is, like it or not, our personal data is already in the clouds.....

MarkCLewis
MarkCLewis

Spreadsheet of family birthdays - no problem. Company P&L - not on your life!

bboyd
bboyd

Personally Identifiable information usable for getting access to monetary accounts. Name, DOB and Social security number. Two out of three is a good start. Not on your life. Paranoia is your friend when it comes to PII