The Business Controls Caddy

Permalink Looking At The Business Risk of Google Software




Google has made some interesting strides in software tools that it offers on-line. One of these tools is the Google calendar. This tool allows people to post private and shared calendars on Google servers, and the tool is indeed pretty swift. This may be something ideal for individuals to use, but may come at high risk to business entities. This risk is highlighted by an article featured by Ed Brill on his blog. Some private company data was exposed to the public in the calendars. This is something that was to be expected. What is more interesting to me is the response thread to Ed's posting. Some were saying that Ed might be accused of spreading fear, uncertainty and doubt (FUD). No, he is not. He is highlighting a very real business risk. Others said that what happened on the Google site was no more dangerous than people sharing their calendars in Lotus Notes or other corporate calendaring solutions.

These people have missed the point. There is a world of difference between sharing information in a Lotus Notes calendar inside a corporate firewall and using a Google-hosted calendar where the data sits on someone else's server. This incident has nothing to do with the enterprise-level offering Google will be offering down the road. It has to do with companies, or individuals within companies, choosing to utilize public tools like Google calendars and spreadsheets. The intentional use, coupled with the potential for human error, provide for an environment fraught with risk. There are risks that organizations should make before deciding to put corporate data on a service such as that offered by Google. Questions that need to be asked include, but are not limited to:

What kind of data are we going to put out there?
Is the data sensitive or data we do not mind being potentially exposed?
What is the dollar impact to the company if confidential data does get exposed?
What is the risk of employee's making mistakes and inadvertently exposing the data?
Is there information that can be exposed that could lead to sanctions by the Securities and Exchange Commission?

This is not to say that mistakes are not made behind corporate firewalls. Data could be inadvertently shared that lead to risk. But taking data to a public server increases this risk greatly. We do not know what Google does with this data internally. We do not know how this information might be coupled with data people have foolishly entrusted Google Desktop Search with by storing search data on the Google servers, We do not know what the implications will be if Google is allowed to go forward with their acquisition of DoubleClick.

There is clear FUD out there in the world. I have never known Ed to spread out and out FUD. What he has done here is provide information on an important topic addressing corporate risk. The FUD will come from other vendors who will use this incident to hype their latest security or compliance offering without recognizing that risk is relevant.



Comments

No documents found

Add Your Comments



Email addresses provided are not made available on this site.





You can use UUB Code in your posts.

[b]bold[/b]  [i]italic[/i]  [u]underline[/u]  [s]strikethrough[/s]

URL's will be automatically converted to Links


:angry: :-( :-p :lips: :laugh: :-o :rolleyes: :huh: :-D :grin: :cool: :cry: :-) :-\ ;-) :-x :emb:






Remember me    

Add Manual Trackback
Please enter the details of the trackback post. Your trackback will not appear on the site until it has been verified. This may take up to 10 minutes.

Site Name

Permanent URL of TrackBack Post

Title of Post ( If Any )

Excerpt of Post ( Max 250 Chars )



free html hit counter