Opinion: Time for Google to bring us a trustworthy cloud

Powered by SC Magazine
 

Why is Google so bad at information security?

For the sake of a trustworthy cloud, it’s time for Google to get its information security act together.

Like most IT journalists I tend to pay a lot of attention to what happens at the ad-search giant. It's a consequence of its weight in the market and history of influencing society and business, often for the better.

And, of course, because Google has created so many cool gadgets with which to amuse us.

So it has been with dismay bordering on incredulity that I have often been gobsmacked by its ambivalence to information security and trust.

Hardly a week has gone by recently when Google hasn't made the headlines - not for a flashy new technology, its social good deeds or insatiable appetite for acquisition but because it has screwed the pooch on some security issue or other.

These are uber-smart people, these Googlers. I have seen them trounce a room of hundreds of very smart people -- including a few game show winners and pub-trivia regulars -- in IQ tests and I suspect there are enough geniuses at the company's Sydney headquarters to form their own chapter of Mensa.

So why does Google do such a poor job of keeping people's information secure?

It's true that Google has bought some great hosted security services and over the New Year added email domain keys for Apps but that can't right the crooked tilt of the organisation's halo.

A saying I heard as a kid was: "Fool me once, shame on you; fool me twice, shame on me"; what do I say to being repeatedly fooled?

Whether it's malware it allowed to sneak on the Android Market, losing 150,000 Gmail subscribers' email accounts and data, losing calendar data, relying on antiquated disaster recovery methods, hitting the top malware charts, or infractions incurred on its behalf, Google's security stance is not consistent with its dominance.

Frankly, it's just slack and no longer acceptable.

And it's a big worry for anyone who considers the cloud a viable option for their organisation or personal data or that of their customers. Because, as a market leader, Google's approach to security, trust and compliance is the standard that other providers feel they must meet, and little more. And, right now, that standard should give you pause for thought before moving into the cloud.

The penny dropped for me that Google wasn't serious about security when Germany's data protection commissioner outed it for snarfing packets from open wi-fi networks as its Street View cars rolled down our boulevards, streets and lanes.

I love Street View, the ability to see where you're going before you get there is a great comfort especially when you're in a strange part of town or an entirely new city. And because there are legitimate concerns over the use of images, Google came around to the view that people had a right not to be included in Street View after many expressed their outrage.

But it was the collective shoulder-shrug, dissembling over, at first, whether Google had grabbed people's free-to-air packets, whether it had the right to, blaming the victims (it's not our fault your wi-fi network was open, you should be more careful), what it did with the information and why, in the first place, it had collected them at all that set off warning bells.

Security. Governance. Reliability. Risk. Compliance. Trust. Privacy.

It seems an uncomfortable, even boring, fit to Google's lightspeed engineers intent on changing the world a line of code at a time. And in some ways maintaining our privacy, at least, is a difficult proposition for a company that revolves around selling us ads and making money off our activities.

And although Google properly commissioned a report into its Street View debacle, it would have been happy to see the matter go away by deleting the information before fuller inquiries could be conducted.

My worries were heightened at the time when I put questions to Google's head of engineering in Australia, Alan Noble (remember, Google Maps originated here). Noble knew, or ought to have known, who the wi-fi culprit coder was but no sanction would be taken, he said.

Although Google eventually came around to the point of view that capturing people's private information and storing it without their permission or knowledge was unacceptable and possibly illegal, I feel that in its DNA there's a cognitive dissonance and a sense, still, that it did nothing wrong despite its public statements.

There was another technology company that dominated IT that once had a similar attitude.

More than 10 years ago, after the first surge of modern, internet-enabled malware hammered the credibility and stock price of software behemoth and Google-of-its-day, Microsoft's Bill Gates in one of his last major acts as chief executive officer initiated the Trustworthy Computing scheme.

Gates was talking not just about patching technologies after the fact but a fundamental and radical change to sew security into the fabric of software written at the desktop and applications maker and extending that appreciation to the wider industry.

At the time, open source and free software made much of the "many-eyes" approach to security; that is, with lots of people viewing code, it will be inherently more secure than a proprietary system or "security through obscurity". This is the approach Google, at its core an organisation that believes in free-software principles, chose for its Android Market smartphone app store.

While information security at Microsoft is still a day-by-day proposition, it has made big advances in software architecture to protect users' data and the weave of society as we become more connected with every device we slip into our pockets, slide on to our desktops or nurse in our possessions.

And Microsoft has spearheaded cross-vendor industry consortiums to further that dialog; a step Google was reluctant to make.

It's time for Google to wake from its slumber, to amp up the volume on information security and make the net safer for us all.

I call on Google to update Microsoft's vision with its own initiative, let's call it "Trustworthy Cloud".

This isn't an engineering task - a task Google with its likely genius-level median IQ is more than up to - as much as it is one of recrafting the culture of the organisation to put security first in everything it does.

Google needs to understand that information security must be built in at the outset of every project and is integral to its long-term success, that of their customers and partners and our path to the cloud.

Copyright © iTnews.com.au . All rights reserved.


Opinion: Time for Google to bring us a trustworthy cloud
Google's Street View was a high-profile case of the giant's lax information security but there are other examples.
 
 
 
Top Stories
Frugality as a service: the Amazon story
Behind the scenes, Amazon Web Services is one lean machine.
 
Negotiating with the cloud email megavendors
[Blog post] Lessons from Woolworths’ mammoth migration.
 
Qld govt to move up to 149k staff onto Office 365
Australia's largest deployment, outside of the universities.
 
 
Google's Street View was a high-profile case of the giant's lax information security but there are other examples.
Sign up to receive iTnews email bulletins
   FOLLOW US...

Latest VideosSee all videos »

The great data centre opportunity on Australia's doorstep
The great data centre opportunity on Australia's doorstep
Scott Noteboom, CEO of LitBit speaking at The Australian Data Centre Strategy Summit 2014 in the Gold Coast, Queensland, Australia. http://bit.ly/1qpxVfV Scott Noteboom is a data centre engineer who led builds for Apple and Yahoo in the earliest days of the cloud, and who now eyes Asia as the next big opportunity. Read more: http://www.itnews.com.au/News/372482,how-do-we-serve-three-billion-new-internet-users.aspx#ixzz2yNLmMG5C
Interview: Karl Maftoum, CIO, ACMA
Interview: Karl Maftoum, CIO, ACMA
To COTS or not to COTS? iTnews asks Karl Maftoum, CIO of the ACMA, at the CIO Strategy Summit.
Susan Sly: What is the Role of the CIO?
Susan Sly: What is the Role of the CIO?
AEMO chief information officer Susan Sly calls for more collaboration among Australia's technology leaders at the CIO Strategy Summit.
Meet the 2014 Finance CIO of the Year
Meet the 2014 Finance CIO of the Year
Credit Union Australia's David Gee awarded Finance CIO of the Year at the iTnews Benchmark Awards.
Meet the 2014 Retail CIO of the Year
Meet the 2014 Retail CIO of the Year
Damon Rees named Retail CIO of the Year at the iTnews Benchmark Awards for his work at Woolworths.
Robyn Elliott named the 2014 Utilities CIO of the Year
Robyn Elliott named the 2014 Utilities CIO of the Year
Acting Foxtel CIO David Marks accepts an iTnews Benchmark Award on behalf of Robyn Elliott.
Meet the 2014 Industrial CIO of the Year
Meet the 2014 Industrial CIO of the Year
Sanjay Mehta named Industrial CIO of the Year at the iTnews Benchmark Awards for his work at ConocoPhillips.
Meet the 2014 Healthcare CIO of the Year
Meet the 2014 Healthcare CIO of the Year
Greg Wells named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at NSW Health.
Meet the 2014 Education CIO of the Year
Meet the 2014 Education CIO of the Year
William Confalonieri named Healthcare CIO of the Year at the iTnews Benchmark Awards for his work at Deakin University.
Meet the 2014 Government CIO of the Year
Meet the 2014 Government CIO of the Year
David Johnson named Government CIO of the Year at the iTnews Benchmark Awards for his work at the Queensland Police Service.
Q and A: Coalition Broadband Policy
Q and A: Coalition Broadband Policy
Malcolm Turnbull and Tony Abbott discuss the Coalition's broadband policy with the press.
AFP scalps hacker 'leader' inside Australia's IT ranks.
AFP scalps hacker 'leader' inside Australia's IT ranks.
The Australian Federal Police have arrested a Sydney-based IT security professional for hacking a government website.
NBN Petition Delivered To Turnbull's Office
NBN Petition Delivered To Turnbull's Office
UTS CIO: IT teams of the future
UTS CIO: IT teams of the future
UTS CIO Chrissy Burns talks data.
New UTS Building: the IT within
New UTS Building: the IT within
The IT behind tomorrow's universities.
iTnews' NBN Panel
iTnews' NBN Panel
Is your enterprise NBN-ready?
Introducing iTnews Labs
Introducing iTnews Labs
See a timelapse of the iTnews labs being unboxed, set up and switched on! iTnews will produce independent testing of the latest enterprise software to hit the market after installing a purpose-built test lab in Sydney. Watch the installation of two DL380p servers, two HP StoreVirtual 4330 storage arrays and two HP ProCurve 2920 switches.
The True Cost of BYOD
The True Cost of BYOD
iTnews' Brett Winterford gives attendees of the first 'Touch Tomorrow' event in Brisbane a brief look at his research into enterprise mobility. What are the use cases and how can they be quantified? What price should you expect to pay for securing mobile access to corporate applications? What's coming around the corner?
Ghost clouds
Ghost clouds
ACMA chair Chris Chapman says there is uncertainty over whether certain classes of cloud service providers are caught by regulations.
Was the Snowden leak inevitable?
Was the Snowden leak inevitable?
Privacy experts David Vaile (UNSW Cyberspace Law and Policy Centre) and Craig Scroggie (CEO, NextDC) claim they were not surprised by the Snowden leaks about the NSA's PRISM program.
Latest articles on BIT Latest Articles from BIT
Another phone with Telstra's Blue Tick: The Samsung Galaxy S5
Apr 8, 2014
Samsung's latest flagship phone joins Telstra's list of recommended handsets for customers in ...
Run an online shop? This might be worth bookmarking
Mar 28, 2014
Things like Australian safety standards are probably the last thing on your mind, but just ...
Vodafone switches on 4G in Tasmania: list of locations
Mar 28, 2014
See a list of locations in Tasmania that now have access to 4G via Vodafone's network.
Samsung Galaxy S5 on sale from Telstra next month for $912
Mar 27, 2014
It's not cheap, but if you are looking to upgrade your phone then the Samsung Galaxy S5 could be ...
What Australian workplaces actually rely on tablet computers?
Mar 14, 2014
If you're curious about where tablets are being used at work, here are three examples.
Latest Comments
Polls
Which bank is most likely to suffer an RBS-style meltdown?





   |   View results
ANZ
  21%
 
Bankwest
  9%
 
CommBank
  11%
 
National Australia Bank
  17%
 
Suncorp
  24%
 
Westpac
  19%
TOTAL VOTES: 1455

Vote