Securing Google Applications

Michael Vizard

This may come as a shock to some IT people, but end users are sharing sensitive corporate information over public cloud services such as Google Docs. A recent survey conducted by International Data Corp. (IDC) found that about 20 percent of the end users surveyed reported that Google Docs was widely used within their organization.

The reason people do this is because the alternatives for setting up ad hoc collaboration across multiple workers is painful. It usually involves calling an IT person, setting up permissions and filling out all the licensing paperwork to pay for it. All the end user really wants to do is share a document with a few co-workers, so even though they know there are potential risks, they do it anyway.


But, there are obvious security issues with any cloud application, as evidenced by news that some students were able to see each others' Gmail inboxes.

The good news is that Google is starting to get a little more serious about security. For the premier edition of Google Apps, the company now supports multi-factor authentication schemes from TriCipher and Verisign. These systems make it easier for Google to challenge users trying to access documents from unknown machines, thereby adding another layer of security beyond just the basic password most people use today.

None of this provides a foolproof approach to Google security. But given the tendency of end users to rely on the same passwords across multiple Software-as-a-Service (SaaS) applications, it would definitely be worth an ounce of prevention to add another layer of security. After all, if a user's password is compromised anywhere on the Web, chances are good that will come back to haunt you sooner than you think.

Add Comment      Leave a comment on this blog post
Oct 19, 2009 7:48 AM tstewart tstewart  says:

GoogleApps is too cool to slap on re-hashed legacy authentication soltuions.    SecureAuth is able to perform two-factor authentication that is more flexible and stronger than Verisign (and all the "cloud" start-ups like MyOneLogin trying to compete).  However, SecureAuth does not replicate your enterprise datastore.  Don't outsource your identitites!  In addition, SecureAuth is the only solution I know of that can authenticate cloud apps as well as on-premise enterprise apps AND VPNs in one solution.   SecureAuth large enterprise customers are using it as a migration path to secure cloud computing.   Do check it out.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.