Are business documents in the cloud secure?
If you’re following any tech news today at all, you’ve probably heard about the hacking of Twitter’s Google Apps account. Some have suggested that this is some kind of “wake-up call for cloud computing.”
Twitter responded and said not to blame Google or cloud computing in general.
I agree… mostly. In my opinion, this isn’t a problem with storing your documents on a hosted “cloud” service like Google Apps. It is, however, a problem with not enforcing (at the corporate level) the same kind of security requirements that have become common for on-premises document storage. That means password complexity requirements, regular password expirations, and very very strict account retrieval options (if you allow such an option at all).
Does Google allow Google Apps customers to enforce such restrictions? Actually, I can’t tell. I went to the Google Apps site and looked around and couldn’t find any indication, even in their Security FAQ page. I even did a search for “password” on the Google Apps Premier site, and got no results! (same for words like “security” – hmm). Maybe someone should tell them to switch to Bing for searching their site 😉
A web search on Bing or Google returns this story, which seems to indicate Google does or at one time said it would support such restrictions. But I don’t see any other sites mentioning it, nor any indication from Google itself. If they don’t offer that ability, they certainly should!
But as Twitter said, this was really a failure on their part, not Google’s. On the bright side, hopefully all of the attention they’re getting will result in others fixing these kind of problems before they suffer the same fate.
Comments are closed.
Hi Brandon,
Thanks for the interest in Apps. I wanted to share some more info. Since it launched more than 2 years ago, Google Apps has offered a SAML-based Single Sign-On service that provides companies with full control over the authorization and authentication of hosted user accounts. They can definitely enforce the same kind of security requirements in the cloud, including regular password expiration and much more. For more details, check out http://bit.ly/GjNg2. You may also be interested in the info we shared on password protection here: http://bit.ly/KclWh
You’re probably looking for Google’s FAQ on Security and Privacy for Google Apps, or more importantly, information about their single sign on implementation, which is only available in the paid (Premier) SKU of their service. But if you really want to have 3-factor authentication forcing you to change it every 5 minutes, you can write your own implementation to do so; it looks like some of the more common setups (ie: integration with an existing AD forest) are already productized as addons you can buy.
Not sure if you saw this, but apparently the password they “cracked” was … drum roll … password. Yes, the real problem is that Twitter didn’t do some common-sense things to stay secure.
Wouldn’t the same issue apply to Office Web Applications? Btw, do you want to know why the world values Microsoft Windows XP? Go here: http://users.forthnet.gr/pat/efotinis/programs/explviewfix.html That’s because neither Windows 95/98 nor Windows Vista/Windows 7 can provide this feature.
@Anonymous –
The same would apply to any internet document storage service. The Office Web Apps, as far as I can tell, are separate from the storage service, and if I understood the announcements, they’ll be offered with various options for internet or intranet (i.e. SharePoint) based storage.
Windows Vista and Windows 7 display the size of selected files in the details pane. The status bar is disabled by default and is basically deprecated, I believe it only still exists for some specific accessibility cases. Its functionality has moved elsewhere.
Windows 7doesn’t display the size in the details pane without selection and don’t display it robustly enough for 15+ files (requires clicking “Show more details” every single time the selection changes) Moreever the size of different file types is not even shown in a single consistent location before other metadata occupies the location where size is for some file types. The whole experience is beyond horrible and Microsoft Technet forums are littered with about 100 posts about this issue. FAIL. Which XP all does without any IFs and BUTs. The status bar also showed free space which the details pane doesn’t show. The status bar also showed the zone (Local Computer, Intranet etc) which the details pane doesn’t. BIG FAIL. I don’t wanna upgrade to an OS that deliberately hides file sizes and takes huge steps back for file management.