Are business documents in the cloud secure?
If you’re following any tech news today at all, you’ve probably heard about the hacking of Twitter’s Google Apps account. Some have suggested that this is some kind of “wake-up call for cloud computing.”
Twitter responded and said not to blame Google or cloud computing in general.
I agree… mostly. In my opinion, this isn’t a problem with storing your documents on a hosted “cloud” service like Google Apps. It is, however, a problem with not enforcing (at the corporate level) the same kind of security requirements that have become common for on-premises document storage. That means password complexity requirements, regular password expirations, and very very strict account retrieval options (if you allow such an option at all).
Does Google allow Google Apps customers to enforce such restrictions? Actually, I can’t tell. I went to the Google Apps site and looked around and couldn’t find any indication, even in their Security FAQ page. I even did a search for “password” on the Google Apps Premier site, and got no results! (same for words like “security” – hmm). Maybe someone should tell them to switch to Bing for searching their site 😉
A web search on Bing or Google returns this story, which seems to indicate Google does or at one time said it would support such restrictions. But I don’t see any other sites mentioning it, nor any indication from Google itself. If they don’t offer that ability, they certainly should!
But as Twitter said, this was really a failure on their part, not Google’s. On the bright side, hopefully all of the attention they’re getting will result in others fixing these kind of problems before they suffer the same fate.