Company Blog

How Safe is the Google Cloud?

Recently a bug (now fixed) was uncovered where Google inadvertently shared certain GoogleDocs files with users unauthorized to view them. While the security breach affected only a small number of accounts, it does point out the potential danger in cloud computing services offered by Google and other service providers.

Applications like Google docs help foster collaboration within teams working on a common project. They are also generally believed to be secure. Yet, Google’s own terms of service ”disavow any warranty or any liability for harm that result from Google’s negligence, recklessness, malintent, or even purposeful disregard of existing legal obligations to protect the privacy and security of user data.”

In other words, Google says it is safe but the company will not guarantee the safety of your information. Guarantees or not, it is advisable to have a very specific policy in place regarding what documents can or should be stored in Google Docs or any other cloud computing environment. In addition, review both the terms of service and the privacy policy to ensure what you understand what the cloud entity can, will and will not do. For example, from Section 11.1 of Google’s Terms of Service:

You retain copyright and any other rights you already hold in Content, which you submit, postor display on or through, the Services. By submitting, posting or displaying the content yougive Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license toreproduce, adapt, modify, translate, publish, publicly perform, publicly display and distributeany Content which you submit, post or display on or through, the Services. This license is forthe sole purpose of enabling Google to display, distribute and promote the Services and maybe revoked for certain Services as defined in the Additional Terms of those Services.

Best practices suggest you also employ the following when considering or using cloud computing:

  • Inventory what corporate intellectual property or sensitive customer data may already beout on such services.
  • Review your password policy with employees and only allow the use of strongpasswords.
  • Employ technical safeguards that provide automatic alerts on all connection attempts toGoogle Docs or other cloud environments.
  • Develop a written policy dealing with storing company documents anywhere outside ofthe organization.
  • Consider use Google Docs only for non-sensitive company documents

Tags: , ,

Comments are closed.