That means that updates will appear automatically, and the burden will not fall on users – or network administrators - to keep their applications patched, said Amol Sarwate, manager of vulnerability research at Qualys, which provides software-as-a-service(SaaS) solutions.
"You never have to patch anything, so hackers would be reluctant to target," he told SCMagazine.com. "You won’t even know if a patch is released. Whenever you log in, you’ll get the newest version they have."
Eric Ogren, an analyst at Enterprise Strategy Group, told SCMagazine.com that Google will protect the software in its data centre, and it will not be vulnerable to typical client-side vulnerabilities.
"I think it’s kind of a cool idea," he said. "I think we’re going to see a lot more stuff like it."
Sarwate stressed, though, that because the Google package, which costs US$50 annually per user and offers support for Gmail on BlackBerry devices, could be vulnerable to an emerging set of web-based threats such as cross-site scripting and SQL injections.
He also warned users that the product likely will not contain as rich of features as Microsoft Office.
But less functionality might mean more security, said David Smith, a Gartner analyst.
"When you add more functionality, you add more vulnerabilities," he said.
.png&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
_(1).jpg&h=140&w=231&c=1&s=0)
