UK IT bosses are already taking measures to ban employees from downloading Google’s Desktop search software on PCs and laptops because of the security risk to corporate data.
Analyst Gartner last week warned that the ‘search across computers’ feature on the latest version of Google Desktop poses an “unacceptable risk” to many organisations because it allows people to share information and also stores some of that data on Google servers.
Google claims the enterprise version of the software includes security management controls to address corporate security concerns but a sample of UK IT bosses in silicon.com’s 12-man CIO Jury user panel said they had already banned or planned to ban any use of Google Desktop within their organisation.
Phil Young, head of IT at Amtrak Express Parcels, said his organisation’s policy is to ban any third-party software that presents a security risk.
He said: “If found by our software auditing tools such installation will be removed and our policies and procedures will be updated accordingly. I think Google is playing with fire in the corporate arena with this latest software.”
Mark Saysell, IT director at Coutts Retail Communications UK, said he is planning a network audit to find rogue installations, which will then be de-installed. New security measures will also be put in place to prevent further downloads.
He said: “Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.”
The London Borough of Newham is about to update its information security policy in light of Google Desktop with a recommendation that the software must not be downloaded onto any Newham PC.
Richard Steel, head of ICT at Newham, said: “This is because Newham data will be copied onto Google servers and kept there indefinitely. There is no contract in place between Newham and Google for secure data handling, and under their terms and conditions, they retain the right to search the data for their own purposes.”
It is a view backed by Nicholas Evans, European IT director at Key Equipment Finance. He said: “Google has crossed the line from Desktop as a personal search engine to being a tool that can be used to exploit security weaknesses. The sending of data back to the servers only confirms the security risk.”
Steve Noyes, CTO at the Met Office, said it isn’t just Google Desktop that poses a problem for his organisation. “We have recently stopped people using Google Earth because it has adverse impacts on our networked desktops,” he said.
John Odell, group IT director at the BBA Group, described it as a “necessary consequence” of managing “consumer tech” in the enterprise.
Today’s CIO Jury was…
Neil Bath, IT director, Brewin Dolphin Securities
Ben Booth, IT director, Mori
Les Boggia, IT division head, Carole Nash Insurance
Nicholas Evans, European IT director, Key Equipment Finance
Mark Foulsham, head of IT, eSure
Christopher Linfoot, IT director, LDV Vans
Steve Noyes, CTO, the Met Office
John Odell, group IT director, BBA Group
Andy Pepper, director of business information systems, Tetley
Mark Saysell, IT director, Coutts Retail Communications UK
Richard Steel, head of ICT, London Borough of Newham
Phil Young, head of IT, Amtrak Express Parcels
If you are a CIO, IT director or equivalent at a large or small company in the private or public sector and you want to be part of silicon.com’s CIO Jury pool, or you know an IT chief who should be, then drop us a line at email@example.com.