Google Office enterprise security snafu

Google Office enterprise security snafu

Summary: APRIL 17, 2007: While Google is feted for its pre-announcement of a future planned integration of a “presentations” style feature into its Microsoft Office competitor, Google Apps, enterprise users are worried about corporate security risks stemming from the existing Google Apps Calendar application.

SHARE:
TOPICS: Google
2

APRIL 17, 2007: While Google is feted for its pre-announcement of a future planned integration of a “presentations” style feature into its Microsoft Office competitor, Google Apps, enterprise users are worried about corporate security risks stemming from the existing Google Apps Calendar application. 

McKinsey & Company employees do not use Google Apps Calendar on a regular basis, but when they do, they risk putting sensitive corporate information at risk, such as dial-in numbers and passcodes for company meetings, according to IDG News reports. 

Proprietary corporate information of many businesses may be returned through the “Searching for Events” feature of Google Calendar.

Google announced the option last November: 

After Google Calendar launched in April, we saw a surge in the number of public calendars being shared. We thought if we made public events searchable, we could find interesting events with little effort by encouraging people to share interesting events. 

“Interesting” information about private corporate events is being shared, unwittingly or not.

Google CEO Eric Schmidt disclaimed his ambitions for Google Apps to displace nemesis Microsoft's Office Suite by telling the Web 2.0 Expo audience today:

We're not as fully functional as MS Office, we're more in line with how people use the Web than how they use the desktop.

Schmidt may very well need to make Google Apps more in line with how enterprises “use the desktop.”

After all, the free Google Apps for Enterprise trial period ends in a matter of days.

SEE: Google vs. Microsoft Office? Yay! Google Spreadsheets gets charts

ALSO: Google aims to usurp campus email systems and Google undercuts Microsoft Office and Google Apps data risks: Security vs. privacy

Topic: Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • Google Calendar events

    Hi, I posted some comments on this issue on Computerworld (http://www.computerworld.com/comments/node/9016920):

    Hi, I'm the product manager for Google Calendar, and we on the Calendar team take user privacy very seriously. This is exactly the type of mistake we help IT administrators in organizations prevent through the business version of Google Calendar, which is part of the Google Apps platform of hosted applications. In the cases cited, each worker had taken their business event information and put it on a personal calendar that they chose to make publicly accessible. This behavior actually fits a pattern that led us to develop Google Apps in the first place -- users want the same convenience and useful features (like the ability to share calendars with their spouse) in the products they use at work as in the ones they use in their personal lives. If businesses deploy Google Calendar through Google Apps, IT administrators can choose settings so that users can only share free/busy information with outside viewers, or nothing at all.

    As for those individuals who are out there using Google Calendar for their personal calendar, their calendar information is private unless they specify otherwise. We make it clear to users what each sharing setting means. Users can grant a great degree of access -- entire calendars or certain events to friends, family, colleagues, etc -- without making the information fully public and searchable on the web. Currently, if you do decide to make your calendar public, a dialog box appears -- "Are you sure you want to share this calendar with everyone? Public calendars appear in Google Calendar searches" -- at the time you try to click "Share all information on this calendar with everyone." You cannot proceed without acknowledging that box. We also have FAQs to make sure our users understand what "public" really means (for example, see http://www.google.com/support/calendar/bin/answer.py?answer=34577).

    Again, we take the privacy of our users very seriously. Please be assured that if your calendar is marked as private, which is the default sharing setting, then it will not show up in our search index.

    Thanks,
    Shirin Oskooi, Google Calendar
    soskooi
  • They will get it right

    I trust Google to make great inroads regarding security in the future. They are not so big as to expect they can deal with security issues in-house as big brother MS still mistakenly believes. I also expect that they have already sought the help of those in this industry who have the most to offer them, instead of buying up cheesy security companies and trying to incorporate them in the MS product mix. Who was that company MS bought for their expert "Enterprise Security Solutions". Exactly, what I thought, no one even remembers as that product was far from the top of the line for AV security.
    SecurityExpert