Google takes Office to the Cloud, security issues remain

Google has begun testing an intriguing plugin for Microsoft Office. Google Cloud Connect is a devastatingly simple concept: rather than save your files to your computer's hard disk, it allows you to save them to your online Google Docs space.

Following the upload, the user can share docs with colleagues and more importantly, collaboratively edit them from within the Microsoft Office software window. In other words, the plugin brings the shared editing power of Google Docs -- its best selling point -- to Microsoft Office.

If you've never tried Google Docs collaborative editing, I'd advise you to give it a try. Right there in your browser you can see other invited people working on the document, and edits are shown almost in real time. It makes an extremely compelling case for embracing cloud computing.

Unfortunately, nowhere in its new product announcement does Google address the number one concern of businesses when asked about the cloud: data security.

Survey after survey shows that any mention of cloud computing goes hand-in-hand with concerns about data security. It's a mystery why companies such as Google don't make more of an effort to assuage fears. After all, we have to assume their setup is extremely secure and probably involves high levels of encryption every step of the way. Yet in the Google Cloud Connect official announcement, there wasn't one mention of security or encryption.

Would you upload a highly confidential document into the cloud -- one that could fatally wound your business if it fell into the wrong hands?

What about your clients' data? Are lawyers safe to use cloud services without running the risk of betraying client confidentiality? Data protection laws are also an issue. Could a business become liable, should data it stored in the cloud accidentally become available to others?

Not one of these questions are being answered by the majority of cloud service providers. Such reluctance turns using the cloud into something of a gamble. You'll probably be OK, but what if things go wrong?

Larger businesses that build their own cloud storage systems have complete freedom to incorporate encryption via bespoke software, of course. The incorporation of 256-bit AES will ensure that even if the data is picked up by another individual, it will be unreadable. However, smaller and medium-size businesses have to rely on third-party infrastructure, and that involves 100 per cent trust in service providers.

The only way companies like Google will encourage such businesses to embrace cloud services is to offer unequivocal guarantees about security and privacy.

I suspect this would have to involve some kind of insurance policy, such as promising a cash payout should data go astray -- effectively, a million dollar guarantee. This will not only engender confidence in cloud computing but may prove a necessity; should client data end up in the wrong hands and you find yourself sued because of it, it's not unreasonable to expect the cloud service provider that made the mess to help clean it up.

However, it's unlikely that any insurance underwriter could offer such a policy to cloud providers. Technical considerations aside, all an underwriter need do is search Google and discover the many instances over the years that supposedly 100 per cent secure systems have proven to be flawed.

The area of wireless networking provides classic examples. Security experts lined up to explain that WEP was considered the perfect method of protecting data. WPA was considered the bulletproof replacement -- until it was cracked. WPA2 replaced it and remains in use at the moment, but it's not overly cynical to wonder how long this will last.

Even now many corporate IT departments refuse to adopt wireless networking, sticking to ethernet cables despite the many advantages Wi-Fi offers. We can't blame them for their lack of trust but, fundamentally, it's no different with cloud services. They might claim to be 100 per cent secure, but for how long?

The hacking community comprises some of the most intelligent and devious people on the planet. Nothing will stop them. With any kind of data security, it's only a matter of time before its blow wide-open.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark