Google confessed to a serious bug in its Docs sharing system over the weekend, but downplayed the security cockup by claiming only a tiny number of users had been affected. The internet search kingpin said that less than 0.05 per cent of Google Docs accounts were hit by a privacy breach after documents were shared “inadvertently …
the beauty of cloud computing... :) you store all your sensitive files, up somewhere... right next to everyone elses and hope who ever you entroust your secrets to rembers to turn off the lights and lock the doors when they leave...
I always like to know where my data is.. and thats in my locked bunker under the office...
Ted and Fail
Ironic that this happens just after the article on Schmidt, clouds and netbooks.
"However, this latest bug could lead some businesses to conclude that pushing their personal information up into the clouds simply poses too big a security risk"
I came to that conclusion when Google first proposed this system. Even if completely bug free and totally secure, I still wouldn't trust Google with any data that wasn't already in the public domain.
The moment any data is uploaded to the Google cloud, despite any reassurance Google may offer, it is no longer personal nor private. Some Google staff will have access to this data, and we all know how trustworthy, honest and beyond corruption humans are. The promise of shiny baubles is enough for some humans to sell their mother.
To paraphrase a popular saying and at the risk of sounding like a broken record... A fool and their data are soon parted.
Security through unpopularity
Presumably this didn't affect many users because Google Docs don't have many users...
How much damage can it do?
We use Google Docs as it's an easy way to collaborate when your company has less than a dozen people and they're scattered around the country.
However, we never put any client data anywhere near it and the general rule is; If you'd be worried about someone seeing it over your shoulder on the train, don't put it online.
Your parting sentence...
"However, this latest bug could lead some businesses to conclude that pushing their personal information up into the clouds simply poses too big a security risk."
Which businesses would that be then? Anyone with more than 2 nano-clues already *knew* that you don't entrust critical data or services to either external parties or (particularly) freebies, and anyone with less than 1.9 nano-clues probably *still* doesn't get it.
On which subject, perhaps we could persuade Wacky Jacky and Crash Gordon to set up a PFI deal with Google to host the Uberbase in a very large spreadsheet.
From the very beginning I said that 'outsourcing' your docs was a very bad idea. Service reliability, availability and security -- who you gonna trust?
I'll be the first to admit
I haven't tried Cloud-Aid yet, but if not/why not isn't all data encrypted?
As all the other guys here...
"this latest bug could lead some businesses to conclude that pushing their personal information up into the clouds simply poses too big a security risk."
Just wanted to insist on the fact that any biz not fully aware of that from the very first day "facility cloud computing" was mentionned desserves to die in horrid tortures.
Could at least a modest measure of security be reached by uploading only encrypted files to the cloud, particularly files strongly encrypted?
"we were affected by this bug ourselves"
Hmm, given the total lack of internal documents showing how Google's "secret sauce" ad algorithms *really* work being displayed for all to see on Wikileaks, we can draw one of two conclusions.
1) That's a lie.
2) Google themselves don't trust their document sharing services with anything sensitive.
Question: Is touting a service to others that you don't trust yourselves more or less evil than lying?
"2) Google themselves don't trust their document sharing services with anything sensitive."
Yeah well, now that would be stupid, wouldn't it?
"touting a service to others that you don't trust yourselves"
I'm not familiar with Google's advertising machine, but I don't seem to recall anyone touting Google Docs for sensitive or confidential material.
Yes. But the docs are still in the possession of Google and their staff. Admittedly 1024 & 2048 bit PGP encryption is a pretty tough nut to crack. And most likely documents encrypted in such a way would at this time be secure.
But if one is using this for business and one has to rely on others(IT illiterate staff) to actually encrypt data before giving it to Google could one be 100% certain that all sensitive data is in fact being properly encrypted.
What one ends up with is another layer of administration/policy/practice to add to a businesses current security measures, another potential point of failure.
For a single individual uploading his/her own data who encrypts first then yes the data maybe secure from prying eyes and remain confidential, but then there are the other two concepts of the CIA triad to consider namely integrity and availability.
I don't doubt Googles security professionals are far more skilled/knowledgeable than I but using Google for sensitive information, to me is a no no.
Google announced that they would sign up resellers for biz apps, but have they actually signed any up?
Does anyone know a Google apps reseller?
It's the way of the future...
I bet half the people here saying they'd never put critical data on this type of service are using hosted server or email solutions, supported by some 3rd party with full admin/remote access system. The truth is it will become to cost prohibitive to do it any other way over time.
IT people very rarely realise it but we are like TV repair men. One day we will be all but gone.
Ah the cloud
Where security isn't
Where if it breaks, your company is dead
Go ahead, hand your survival to some dipshit corporation
security flaw scaring customers away
No one has mentioned how this article purports that some people who might have considered GoogleDocs for their solution will be giving it second thoughts now because a security flaw has been found, but any software, of any type will have security flaws found and fixed. The only way to make sure that doesn't happen is to never change the code (never offer new features) once you've fixed every existing security flaw. Also you'd need to make sure the operating system and other pieces in the puzzle never change (impossible). Finally, this is making a huge assumption that all old security holes have been found and no new ones will be found.
Computers never stay the same, software is always updated, so there will always be flaws.
Whether that is in a cloud or in your own data center or your own desk doesn't change that fact.
Silly that the writer of this article insinuates otherwise.
I store a few server password documents on google docs (probably pretty stupid but hey - anything to make life simpler.).