Google Take Your Pick: Enterprise-ready or Fun-and-Fancy-Free

March 26, 2009 at 3:26 pm | Posted in Content Management, Google | Leave a comment

Robin Wauters on TechCrunch reports on some security holes Ade Barkah found in Google Apps:

It appears that if you share a document carrying a diagram – a feature Google introduced yesterday – with anyone, this person will be able to view any version of any diagram that has been embedded in the document. That basically means that if you create a diagram with sensitive information and later decide to strip some of it away before sharing the document in view-only mode, the person you share it with will be able to revert to previously saved versions simply by tweaking the URL a bit, uncovering what you thought you were still hiding from him or her.

Thank you Google for providing a perfect example of the trend I call “content landmines” (see More on the Top 5 Trends for NextGen Authoring; content landmines was called “dangerous findability” at the time).  The idea is that the flipside of the “living documents” trend (that documents follow a meandering path through many versions before reaching their completion – if they are ever “done” at all) is that the old versions of documents can continue to live on, revealing information through changes that you thought were hidden in a “final” version.  A common example is tracked changes and comments that can be turned on and examined in Microsoft Word contract sent to a potential customer.  That would be the result of carelessness.  But with Google, the author did nothing wrong and the landmine can still blow up in their face.

I found the commentary on Robin’s blog post to be quite amusing.  A number of commenters shrugged it off with statements like:

• “If you want your files to be secure in the first place, just don’t share them on the cloud.”
• “The type of person that uses Google docs, don’t care about security.”
• “Doesn’t beta imply “This thing is buggy. Use it at your own risk” (DNA)
• “Simply put, Google Apps are a fun tool. Not really intended for business. Don’t put your secure/important files within Google tools.” (Greg)

Ah, if Google only publicly agreed with DNA and Greg and endorsed these statements then this indeed would just warrant a shrug of the shoulders.  Granted, the intention is clearly that security would work properly and when the outcome doesn’t match the developer’s specified behavior it’s a bug, pure and simple.  But a bug, in freebie, beta, “fun” software – <shrug>. 

But Google really sells this stuff.  It charges money to enterprises for Premier Edition (see product comparison).  There is a team (albeit a relatively small one) dedicated to enterprise applications.  They tell people this is appropriate for an enterprise to use despite the “beta” tag on it. 

So take your pick Google: you can have an enterprise development team and charge real money for GAPE or you can provide a fun, free, buggy, kinda secure (just through obscure URLs) web app.  But not both.

About these ads