This may come as a shock to some IT people, but end users are sharing sensitive corporate information over public cloud services such as Google Docs. A recent survey conducted by International Data Corp. (IDC) found that about 20 percent of the end users surveyed reported that Google Docs was widely used within their organization.
The reason people do this is because the alternatives for setting up ad hoc collaboration across multiple workers is painful. It usually involves calling an IT person, setting up permissions and filling out all the licensing paperwork to pay for it. All the end user really wants to do is share a document with a few co-workers, so even though they know there are potential risks, they do it anyway.
But, there are obvious security issues with any cloud application, as evidenced by news that some students were able to see each others' Gmail inboxes.
The good news is that Google is starting to get a little more serious about security. For the premier edition of Google Apps, the company now supports multi-factor authentication schemes from TriCipher and Verisign. These systems make it easier for Google to challenge users trying to access documents from unknown machines, thereby adding another layer of security beyond just the basic password most people use today.
None of this provides a foolproof approach to Google security. But given the tendency of end users to rely on the same passwords across multiple Software-as-a-Service (SaaS) applications, it would definitely be worth an ounce of prevention to add another layer of security. After all, if a user's password is compromised anywhere on the Web, chances are good that will come back to haunt you sooner than you think.