Google Take Your Pick: Enterprise-ready or Fun-and-Fancy-FreeMarch 26, 2009 at 3:26 pm | Posted in Content Management, Google | Leave a comment
Robin Wauters on TechCrunch reports on some security holes Ade Barkah found in Google Apps:
It appears that if you share a document carrying a diagram – a feature Google introduced yesterday – with anyone, this person will be able to view any version of any diagram that has been embedded in the document. That basically means that if you create a diagram with sensitive information and later decide to strip some of it away before sharing the document in view-only mode, the person you share it with will be able to revert to previously saved versions simply by tweaking the URL a bit, uncovering what you thought you were still hiding from him or her.
Thank you Google for providing a perfect example of the trend I call “content landmines” (see More on the Top 5 Trends for NextGen Authoring; content landmines was called “dangerous findability” at the time). The idea is that the flipside of the “living documents” trend (that documents follow a meandering path through many versions before reaching their completion – if they are ever “done” at all) is that the old versions of documents can continue to live on, revealing information through changes that you thought were hidden in a “final” version. A common example is tracked changes and comments that can be turned on and examined in Microsoft Word contract sent to a potential customer. That would be the result of carelessness. But with Google, the author did nothing wrong and the landmine can still blow up in their face.
I found the commentary on Robin’s blog post to be quite amusing. A number of commenters shrugged it off with statements like:
- “If you want your files to be secure in the first place, just don’t share them on the cloud.”
- “The type of person that uses Google docs, don’t care about security.”
- “Doesn’t beta imply “This thing is buggy. Use it at your own risk” (DNA)
- “Simply put, Google Apps are a fun tool. Not really intended for business. Don’t put your secure/important files within Google tools.” (Greg)
Ah, if Google only publicly agreed with DNA and Greg and endorsed these statements then this indeed would just warrant a shrug of the shoulders. Granted, the intention is clearly that security would work properly and when the outcome doesn’t match the developer’s specified behavior it’s a bug, pure and simple. But a bug, in freebie, beta, “fun” software – <shrug>.
But Google really sells this stuff. It charges money to enterprises for Premier Edition (see product comparison). There is a team (albeit a relatively small one) dedicated to enterprise applications. They tell people this is appropriate for an enterprise to use despite the “beta” tag on it.
So take your pick Google: you can have an enterprise development team and charge real money for GAPE or you can provide a fun, free, buggy, kinda secure (just through obscure URLs) web app. But not both.