Thursday, March 12, 2009

Google Docs, Security and respect of access rights: is the possibility of a leak acceptable?

As published by TechCrunch, Google Docs has shared docs without permission. So it seems Google Docs has had a security leak. Some users were able to see what others had produced, despite the sharing and access rules in place. It is true that technology bugs are common, but is this kind of problem serious or not?

I think there are two issues: one is factual and related to what has been unduly shared and the damages occurred. The other is more intangible, it is the lack of confidence generated by the room for error. How can an individual work confidently if the fruit of their labor and their intellectual property rights are likely to be violated? How can we accept from the enterprise point of view, that confidential information is subject to leaks?

The principle of the Enterprise 2.0 is the sharing and exchange of information. This works because there is confidence in the tools available and particularly with one underlying condition: respect for the integrity of all user data. Several CIOs of Sinequa customers, particularly in banking, consulting and administration sectors, have rightly chosen our solution because it guarantees the respect of security rules. Conversely, I know a bank that installed a search solution (that I will not name) for their shared directories: the first day when the service went live, an employee searched for "executive bonus" and got the list of the bonuses of the executive team...

When it comes to security, we must demand zero risk. If for example the search solution is not designed to manage security at both the application and document levels, if the user access rights are not taken into account at the heart of the index, but "a posteriori", we are in danger. This is one reason that led Sinequa to develop its own application connectors. If the search solution does not permanently refresh user access rights in conjunction with new security rules (user profile changes, a public document that is now confidential...), there will always be a security risk leading to periods in which users can ask a question and get information that they should not see...

Personally, I think that non-compliance with user access rights and the risk of security leaks is unacceptable. And you, what is your opinion?


No comments:

Post a Comment