Google Copies Corporate Data to Google's Servers? 295
Penguinisto writes "According to Silicon.com, some CIOs have been seeing their company data being transferred to Google's servers as part of Google Desktop's functionality." From the article: "Mark Saysell, IT director at Coutts Retail Communications UK, said he is planning a network audit to find rogue installations, which will then be de-installed. New security measures will also be put in place to prevent further downloads. He said: 'Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.'"
more sensationalism (Score:5, Informative)
IT'S DISABLED BY DEFAULT. You have to WANT to turn it on.
Lousy reporting, is what this is.
Re:more sensationalism (Score:2, Interesting)
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:5, Insightful)
Not really. The CIOs in the article are saying that it shouldn't be installed at all. What I'm saying is that the product itself is not "harmful", but simply a feature of the product that is turned off by default. So, there's no problem with allowing people to use the product, so long as they do not turn on the feature. The policy you write is that the feature can not be enabled, and that is what you audit.
If Google wanted to deflect this criticizm even more, they'd do a bit of extra code to allow Group Policy to disable the feature and keep users from enabling it. However, there's not much to criticize about it in the first place. It clearly states what happens if you turn on the feature (some files are stored on Google's Servers) and the feature is off by default. People who turn it on know what they're getting into here; it is very clear. If corporate IT/CIOs have problems with their users, then it is the user to blame, not the software feature.
This is like saying that Microsoft has overstepped the bounds by installing solitare and other games with Windows XP Pro, because it would be harmful to productivity.... The software's not the problem, the user is.
Re:more sensationalism (Score:5, Insightful)
If I install a FTP server app on my computer at work, set it to allow anonymous and share my whole hard drive, that's my fault when feces meets oscillating blades.
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:5, Insightful)
If anything goes wrong in IT at a company it is the IT departments fault, they choose the software, they choose the hardware and they implement both. Network and computer security is the IT departments responsibility and yes I know a lot of companies tend to treat security as a joke until there is a major failure, then blame the IT department.
This story is just another M$ beat up and doesn't relate to Google at all, it is really about the typical dysfunctionality of M$ windows and the difficulties in securing it properly whilst allowing users to make use of software on their computers with out being forced to allow them administrator access.
Re:more sensationalism (Score:3, Insightful)
There is a possibility that someone might not understand what they're doing, and accidentally enable this option, but similar possibilities exist with any Internet software, so there's no reason to single out Google Desktop specifically in this case.
Re:more sensationalism (Score:2)
What other internet software do you speak of that would be putting a companies internal documents out there for anyone to read?
**I've yet to see a corporate firewall that doesn't bloc
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:3, Insightful)
From a networking standpoint, Google Desktop is as easy to block as any other protocol. I have no problem with companies banning Google desktop on their systems, but isn't it a bit extreme to say Google
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:2)
It is not Google's fault that the CIO did not take "draconian" measures to prevent people from installing software that did "bad" things. If it wasn't google desktop, it would have been kazaa with C: shared or any of a myriad of other programs and trojans.
Re:more sensationalism (Score:4, Informative)
Perhaps "they" do a little research and determine that you can use GPO to disable the parts they don't want running?
They can, in fact, disable the installation in at least two ways: GPO from Microsoft (Google for "Software Restriction Policy") OR GPO from Google (http://desktop.google.com/enterprise/index.html [google.com])
The GPO from Google (part of the Enterprise download) is able to control many of the settings -- including the sharing of index data and encryption of the indexes -- on both the Enterprise Google Desktop and standard Google Desktop.
Of course, a competent network administrator would already know that, right?
Re:more sensationalism (Score:4, Insightful)
I see you've never worked in customer support. Rule #1: People f*** with stuff. If there's a way for users to screw things up, then users WILL screw things up. All it takes is one secretary in the wrong position to flip the switch and suddenly you have Ubersecret Documents flying out of your not-as-secure-as-you-thought network. Sure, I doubt Google is going to spray your documents all over the web, but if I was a CIO whose entire livelihood depending on locking down the network of a multi-billion dollar company, I wouldn't want this thing on my desktops, either. The "neat-o" functionality provided just isn't worth the risk that someone might sniff out the data somewhere in the chain.
Ubersecret? (Score:2, Redundant)
Really, Isn't this a bit of an amature hour effect here? If your security is that lax you probably also let people connect USB mass storage devices to your desktops as well. This is unlikely to be your greatest security hole.
Re:Ubersecret? (Score:2, Flamebait)
This is so naive I can't believe it. Sure, you can train people to do stuff, but people aren't network adminstrators, and shouldn't HAVE to be network administrators. They'll (naturally) assume that they can do anything they want with software authorized for their systems. Espec
Re:Ubersecret? (Score:2)
Anyways true but how does this make Googles software any new threat. Most corporate networks have ways to ban software like P2P you just mentioned. This is really a identical if less so threat than P2P software. It will be dealt with just the same. Only difference here is you have software that was once allowed now banned, and some people wanting to continue to use the old version. Reminds me of a discussion I had with a user of why they can't use bonsi buddy anymore.
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:2)
Most users don't f*** with stuff because most users have no idea how to.
Re:more sensationalism (Score:2, Insightful)
Re:more sensationalism (Score:2)
Re:more sensationalism (Score:2)
Many people who handle your personal or banking records aren't working in places that have sophisticated IT staff.
My identity was compromised by an temp in HR who started scanning in the records of new employees. Lucky for me, the cops caught the guy before he went on a shopping spree with my credit. The person who did it emailed the data home, which
Re:more sensationalism (Score:2, Insightful)
Zonk posted the article. Just like the completely misleadingly-excerpted Apple one earlier. Are you surprised?
-b
Re:more sensationalism (Score:2)
Slashdot's always seemed to need at least one editor that can stir up the crowd. Initelligent design? Fine. Global warming? Fine. Blame Google for allowing our employees to turn on a feature that's off by default? This is just fucking retarded.
Such obvious nonsense just leads to bitching about the editor instead of any meaningful discussion about the topic itself, because there is no meaningful di
Re:more sensationalism (Score:3, Insightful)
Who's to say that Google some day won't decide to enable this feature by defaul
Re:more sensationalism (Score:2)
This is dumb (Score:4, Insightful)
If CIOs don't want people using Google Desktop, then make it a policy that they should not use it. Enforce the policy. End of story. Don't blame Google for making a tool that a lot of people find useful. There are other ways to give your enterprise the same capabilities without compromising your data.
Enforcing IT policies (Score:2, Interesting)
I know one guy who got shitcanned for it, but he was a prick and HIS boss came to me looking for some additional crap to throw at him and I suggested "Oh, how about the three system rebuilds we've done due to his s
Re:Enforcing IT policies (Score:2)
I've never worked anywhere where IT policies like "no unauthorized software" were actually enforced. Hell, I've had HR people tell me they "won't" back terminations based on those policy violations because they're not severe enough. And if you're not firing people, you're not enforcing anything.
Ever work in a bank? How about with classified data? I would expect them to do it if anyone is. I have worked for USPS, which had such a policy, but developers were exempt because a) we needed the stuff to functio
Re:This is dumb (Score:2)
Here's what's dumb (Score:4, Insightful)
I use Google desktop, and find it very handy. It's quite possible I'll have to give up using it because of this issue. That doesn't make me feel well-disposed towards Google, or inclined to try any new products they might release.
Re:Here's what's dumb (Score:2)
Re:Here's what's dumb (Score:2)
Y
Re:Here's what's dumb (Score:2)
Re:Here's what's dumb (Score:2)
Overstepped? Why? (Score:2)
You are not required to use it. You do anyway.
Why is this overstepped? If you didn't want it to do this, you didn't have to use the tool.
This is not Google's problem. It is the companies who have bad computer security's problem. Google is not trying to hide what it is doing. If they can't avoid this, how are they supposed to avoid when someone is trying to hi
Re:Overstepped? Why? (Score:2)
If users need to share data between computers, there are these newfangled technologies called "CD-R", "USB Key" and "Email" that would probably work pretty well.
Re:Overstepped? Why? (Score:2)
It is not hard to argue that this does not help all that much however. Notice how Firefox, IE and pretty much all browsers warn the first time you want to submit a form on a webpage (google web search perhaps) that this action will transmit data over the internet? Or pretty much all registration procedures for software, and tons of other little things. The fact
Re:Overstepped? Why? (Score:2)
Come on, this is easy to refute. Spyware by its very nature (the "spy" part) tries to install itself silently, and returns data to a central point without telling you. Google Desktop Search discloses its actions fully in all documentation, does not install silently, and the controversial option is off by default. Now, IT managers may be right to call for restraint in use of this product, but it's easy to see why spyware can be branded "evil", an
That explains everything... (Score:3, Funny)
No wonder Google doesn't want to cooperate with the Justice Department's request for information. They're running warez servers!
Re:That explains everything... (Score:2)
If google are copying the hard drives of millions of computer users, how many warezed copies of software do they actually own? Many terrabytes of it I'd guess..
Not googles fault (Score:4, Insightful)
Search across computers is disabled by default. It doesn't even ask you to enable it in the intaller. You have to hunt through the options to turn it on.
It's not google "overstepping the mark" it's incompetant users changing settings they don't understand.
On a different note, if I were a sysadmin, then I would not be letting them install GDS anyway, without authorisation. They are company machines, subject to company rules, and should only run company software.
Microsoft: Different Tune? You bet! (Score:4, Insightful)
If this had been a Microsoft product, the tune here would be different. Much different.
Rule of thumb (Score:2, Insightful)
You don't have a point at all.
Re:Microsoft: Different Tune? You bet! (Score:2, Interesting)
Re:Microsoft: Different Tune? You bet! (Score:4, Insightful)
Parent Moderation -1: False logic.
snort signatures for network admins (Score:3, Informative)
If you're really worried.
IT Maintaining Software (Score:3, Insightful)
Well you can probably blame management too.. thats always good.
From a healthcare perspective (Score:4, Informative)
Because of this, our desktop folks have decided that Google Desktop is not something that can be installed. It's a shame, too, as there's lots of "benign" features that we miss out on because of it.
Re:From a healthcare perspective (Score:2)
Re:From a healthcare perspective (Score:2)
Used to work IT at an insurance company.
Re:From a healthcare perspective (Score:2)
Doing what it's designed to do (Score:5, Insightful)
Google Desktop is doing what it's designed to do: keep user's data on central servers so it's accessible from anywhere. It's just that it makes the assumption that all of the computer belongs to the user. Obviously in a corporate environment that's not the case, but Google Desktop doesn't know what kind of computer it's on so it can't do anything about that. The company needs to be more emphatic about the "no unauthorized software" rule (they do have a "no unauthorized software" rule, don't they?).
Re:Don't just stick to policy. (Score:2)
Agreed. For a large percentage of employees there's no need to install software period. For them an X-terminal (no local storage) or X-server-only PC with all actual software on a central server would do fine. Put home directories on a filesystem mounted noexec, don't put $HOME in their default path and don't give them a shell from their normal desktop icons/menus and it's going to take a fairly persistent and knowledgeable employee to get around the barriers and install anything unauthorized (at which poin
google value (Score:4, Insightful)
Easy solution (Score:2, Insightful)
Re:Easy solution (Score:2)
Unfortunately it's not that easy. In the UK at least, it's the company's responsibility under the DPA to look after the data that it holds on a customer. If you as a company have not put adequate safeguards in place around data (and "I told him not to do it") is extremely unlikely to wash as 'adequate', then you (and more specifically, the directors) will be in rather a lot of legal hot water.
Re:Don't just tell them. Make it impossible. (Score:2)
Re:Don't just tell them. Make it impossible. (Score:2)
Solaris blows chunks anyway.
These CIOs should also (Score:2, Insightful)
They should also forbid/filter HTTP POST requests, IM file transfers, e-mail attachments, and any internet application that would allow the enterprise data to flow out of the company network.
This style of ruling totoally miss the point. You should teach your employers to generally avoid leaking enterprise data out of the company network and the risks of using certain applications. It is not to disable or to forbid the use of certain programs. Google Desktop Search is not built to compromise your data secu
Google has Overstepped the mark? (Score:3, Insightful)
Might as well say the people who wrote FTP overstepped the mark as it doesn't stop people from sending sensitive data outside the company.
WTF?! (Score:4, Insightful)
Google doesn't understand corporate IT (Score:4, Insightful)
The suggestion to fire users who turn on the data upload is also hated by IT managers. Corporations are full of clerks and other mid-level people who never read IT policy documents, don't really care about security, and like to turn on cool features. The IT manager is not going to look good if he tells HR "Sally who is otherwise a great employee checked this box because she didn't know she shouldn't, so now you have to fire her".
IT managers differ, but they generally want to give users as much functionality as possible, as long as they are sure it is safe and reliable. What an IT manager probably wants are network-level options to (1) forbid Google desktop entirely, (2) allow it but disable the data-sharing features, (3) leave it up to the user, or (4) do a mandatory (push) install to all desktops. Then the IT manager would want a web page or other report to see who had done what.
When Microsoft figured out requirements like these, they invented Active Directory and its Group Policy component. Look at products like Symantec Antivirus Corporate, where you can look at all desktops and verify their antivirus status from a central console, or Microsoft's own free WSUS which lets you make sure everybody in the corporation has installed all critical patches.
These are the kinds of solutions that work in the real world as opposed to firing people, and as soon as Google figures this out they will be a lot more popular on corporate desktops.
Blaming Google is Bullshit (Score:5, Insightful)
$ORGANIZATION is about to update its information security policy in light of Google Desktop with a recommendation that the software must not be downloaded onto any
For heaven's sake, what planet do these people that are allegedly responsible for IT come from? Let's see:
I've worked as an IT director in a few financial services companies over the last ~20 years, and everyone employed there, on their first day, had to read and sign something like this:
We would install or make available external software if it was useful and appropriate, after testing it. Otherwise, no dice. Will some people complain? Absolutely! Tough shit.How about a version without upload? (Score:4, Interesting)
Yes, it's off by default.
Yes, you have to go out of your way to turn it on.
Yes, they keep track of what's installed on everyone's machine.
Yes, there are ways around that -- but for safety's sake, I now use MSN's local search.
Google's product is forbidden.
So google (you listening?) -- how about local-only version for us corporate folks, with the upload option completely removed?
We get a version that can be blessed by IT, you keep your user base.
Seems like a winner to me.
Let HR sort it out (Score:2)
sure blame someone else. (Score:2)
No you confused knucklehead. That's something your IT should have been doing all along. Why was your IT department allowing end users to install whatever software they wanted? There's nothing draconian about that.
Goolge has over stepped nothing. You just have some lousy sysadmins.
Aside from the bitching, I have a real question. (Score:2)
Google provided a way to disable it, corporate-wid (Score:5, Informative)
HKLM\Software\Policies\Google\Google Desktop\Enterprise -> disallow_ssd_service
as a REG_DWORD to '1'
Google Desktop won't let you use the "Search Across Computers" feature. (I tried it.) You can set that key in the group policy scripts relatively easily.
Re:Google provided a way to disable it, corporate- (Score:3, Insightful)
If they really do not want to be evil, they should:
Re:Google provided a way to disable it, corporate- (Score:3, Informative)
The 'hard to dig up' bit was because I had to download their Enterprise version, read its documentation, and interpret the Group Policy Template to figure out what the registry key was. If it was actually trying to roll something out company-wide they've gone to great lengths to make it easy.
Re:CIOs, come on, go(ogle) for it! (Score:5, Interesting)
I work in a bank and while I don't have files relating to customer information on my PC, I'm pretty sure I'd contravene some kind of law if I were to install Google Search & some files were transferred to Google. If I did have customer files, I'm almost certain some law would be broken if those files were sent to Google.
If CIOs or others want the kind of functionality & productivity that Google desktop search can provide, let Google sell local servers (same as they do for web search engines) so these companies can buy them and get the tools that way without the data ever leaving their networks & control.
Re:Also depends on the law (Score:3, Funny)
I submit to you that the second and third people this happens to will also be unhappy.
The fourth, however will be thrilled to death, (as a result of his kids not paying the bounty).
-nB
Re:CIOs, come on, go(ogle) for it! (Score:4, Insightful)
Re:CIOs, come on, go(ogle) for it! (Score:3, Insightful)
Re:CIOs, come on, go(ogle) for it! (Score:2)
Google Desktop is a liability to many corporations. It may be a good tool for some companies, but I would definitely review it for a specific company before allowing it t
Re:CIOs, come on, go(ogle) for it! (Score:2, Interesting)
Do No Evil Unless It's A Good Business Action
re: China
Re:CIOs, come on, go(ogle) for it! (Score:2)
woops. (Score:2)
Re:CIOs, come on, go(ogle) for it! (Score:2)
9001 really only means you follow your own guidelines. so if you don't have a guideline for data retention or tracking you're fine. Stupid, but fine.
-nB
Re:CIOs, come on, go(ogle) for it! (Score:5, Informative)
But maybe they should default to disabled and not offer the choice during install. Just put it somewhere in the preferences where people who can't read won't go.
Re:CIOs, come on, go(ogle) for it! (Score:3, Interesting)
And uploading my data to a server controlled by a company that employs some of the most talented people in data mining is just asking for trouble.
Re:CIOs, come on, go(ogle) for it! (Score:2)
Only if you download Google Desktop, and install it, and root through the configuration options, and explicitly enable the one permitting Google to do that.
I think "Google taking it upon itself" might just be the wrong term to use for such behavior.
Re:CIOs, come on, go(ogle) for it! (Score:2)
Plenty of users have multiple computers and would find searching across them useful. CPS workers, insurance adjusters, salespeople and other workers who use laptops and desktops would say "Wow, this will make it easier to find stuff on both computers" and enable the feature.
Re:CIOs, come on, go(ogle) for it! (Score:2)
Re:CIOs, come on, go(ogle) for it! (Score:2)
It might be safe computer-geek types to use, but allowing general users to use it is just asking for trouble.
Re:CIOs, come on, go(ogle) for it! (Score:2)
That may be, but I can fully understand companies not trusing any outside company without a express written agreement between the two on how the data should be handled. In some cases the "sharing" of this information with Google may not only be against company policy, but may actually be illegal in the case of some companies that handle sensitive personal information (health related companies).
Do no evil (Score:2)
But wait didn't they defend the same stance hand in hand with Microsoft in the "obeying local law" case in China? If Microsoft is an evil what is Google then? Or is the Google evil and Microsoft good? Or are they both evil... or good? And wait what is "evil" and what is "good"? Oh, sure, just brand. It soun
SARBOX 'nuff said (Score:2)
Disclosure (Score:2)
However, if Google is going to vacuum up the contents--in any amount--of my local drive from software that from all appearances is meant to be LOCAL, they damned well better have a huge flashing 87pt type warning to that effect. It's disturbing enough that, owing largely to Google, the web has become such an indelible medium, but if I don't inte
Re:CIOs, come on, go(ogle) for it! (Score:2)
You can trust Google all you want, with those nice shiney license plates I'm sure you will. But I don't trust so easily. Especially not after Google doing censoring for the Chinese government.
Re:CIOs, come on, go(ogle) for it! (Score:4, Insightful)
This is the crucial difference between shooting someone into the heart vs. letting a careless person to borrow your handgun. In former case you do the deed. In latter case you set up the trap and wait until someone falls in. You don't even care who, as long as enough people enable this feature. In a large company 999 employees may be wise, but it takes only one stupid secretary to publish the whole company's network shares that she can read - and Google says that they can't promise that the data - any data - will be ever fully deleted. Technically that might be true (due to backups, distributed storage, etc.)
Re:Parent = Classic Dumbass + FUD to play with (Score:2)
Yes, however, the difference here being
1) Google doesn't trick you into installing the "spyware"
2) Google tells you exactly what the "spyware" feature does
3) Google has the "spyware" feature turned off by default
Re:Parent = Classic Dumbass + FUD to play with (Score:2)
Alternatively
If you double click "The Internet", go to the address bar, type in desktop.google.com, Agree to the terms of use that you say you've read that state that if you click some checkbox that you have to find first it might
Re:Google Desktop = Classic Spyware + Brand Name (Score:2)
Why Doesn't Google Do It Right? (Score:5, Insightful)
Here's how it ought to work. Everything is encrypted client-side before being sent up to the google servers in a way that google can't decrypt based on your user account password guarding public/private keys you generate per machine in the GDS front-end. Only the public keys are shared across the network, the data is completely encrypted everywhere except the endpoints. What's the problem?
Ah ha!, you say, the problem is that they mine that data on their servers for information they can use to advertise at you. First, is this true? I haven't been able to confirm it, though it seems in line with their advertising model. Second, assuming it is true, there's no reason GDS can't create some kind of index over your data client-side and then send up the statistical summary of the info it mined. That way, there's no way the docs could be reconstructed, google gets their ad revenue, and users get their functionality without having to worry about data on google's servers.
Anyone have any notion of why this wouldn't work?
Re:Wait a Second (Score:2)
Re:A little biased are we? (Score:2)
So Google copies data and the /. community supports them, But what if Bill G had started to copy deasktop data. The /. foums would melt from teh flames and anger. Hmmm - a little biased are we?
So long as the feature was off by default, I would not have any problem with MS distributing software that did the same thing. This whole article is mindless sensationalism. Workers e-mail company documents to their home accounts! Quick blame the authors of the e-mail programs. Nonsense. Google can't be responsi