Internet: Has Google opened a hole in your company's IT security policy?

InfoTech

Friday 03 February 2012

Several weeks ago, M logged into his company's AdSense account at Google.com to monitor the advertising revenue generated from advertisements Google.Com places on their websites. Later the same day, he visited YouTube - and noticed that, although he had never set up a YouTube account, and did not want one, he was marked as signed in. Now Google has started writing to all of its users explaining a new policy which it says it is going to put into force. Is your company at risk?

The situation is simple: say, for example, that someone logs into any part of Google for business purposes using, say, their phone or a tablet while out of the office. Now assume that that person moves onto e.g. youtube and is automatically logged in. Then loses the phone or tablet. Because of the "keep me logged in" feature, the person finding the device now has access to all company accounts in that name.

That might include e.g. file storage, shared documents including presentations, spreadsheets or any other collaborative document including, say, proposals or even product development information.

The risk to commercial information is clear.

The question for companies is now whether to use Google's online services not because they are inherently insecure but because people are people and the opportunity for a security breach is, by reason of the new policies, greatly increased.

Tip a friend

Download PDF version of this page

Internet: Has Google opened a hole in your company's IT security policy?

Most Recent - This Section

Most Recent - Whole Site

Most Recent - BankingInsuranceSecurities.Com