Google: The Limits Of Security

In Part One of this report, Google’s Eran Feigenbaum dismissed suggestions that cloud apps have a security problem – they are the solution, not the problem, he said.

In this part, we addressed user problems. Why won’t Google let users run Google Apps on their own servers, to create their own cloud? And if passwords are a problem, why isn’t Google pushing other security methods?

Don’t even think of asking to run Google Apps yourself!

One thing users often ask for – according to eWEEK columnist Jason Brooks – is the ability to run Google Apps on their own servers. If users are scared of the cloud, it might reassure them to run their own cloud on servers which belong to them.

Feigenbaum looked shocked when we suggested this to him – and not surprisingly. The concept is completely counter to everything he’s been saying, and if the cloud really is more secure than the data centre, would be a betrayal of his vision: “A traditional CISO can get called in the middle of the night with an emergency. You don’t get that with cloud.”

The fact that Microsoft plans to offer exactly this feature with its Office Web cloud version of Office 2010, predictably cuts no ice with him.

Passwords are not enough

Despite his assertions that the cloud is objectively better, that is not the perception among most people. The big objection to cloud apps – and what hit Twitter – boils down to the fact that data is available from anywhere, and is only protected by a password. These can be found with key-loggers, guessed or retrieved by other devious means – and the best response to this is to use two-factor authentication, so hackers can’t get hold of a password.

“The reality is most security on the Internet today depends on knowing the user’s password,” he said. “We offer stronger levels – we support single sign-on and SAML [the Security Assertion Markup Language. We have clients that use two-factor authentication, with one-time passwords through things like RSA SecurID, smartcards or cellphones.”

He recommends using stronger authentication, and Google offers a tool to help users choose better passwords: “We show admins the strength of each password, based on the attacks we are seeing on the net at that time.”

Google – apparently it relies on passwords

But does Google itself use two-factor authentication, eWEEK asked

“I don’t think I can comment on that,” he said – looking very uncomfortable indeed, and claiming Google’s security would not allow him to answer. The group pointed out that it would not be a breach to simply know whether Google uses two-factor techniques, but Feigenbaum stuck to his rigid “no comment,” leaving us pretty sure that Google relies on passwords.

Page: 1 2

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

VW, Rivian Launch Joint Venture, As Investment Rises To $5.8 Billion

Volkswagen and Rivian officially launch their joint venture, as German car giant ups investment to…

54 mins ago

AMD Axes 4 Percent Of Staff, Amid AI Chip Focus

Merry Christmas staff. AMD hands marching orders to 1,000 employees in the led up to…

4 hours ago

Tesla Recalls 2,431 Cybertrucks Over Propulsion Issue

Recall number six in 2024 for Tesla Cybertruck, and this time the fault cannot be…

5 hours ago

Bitcoin Surges To Above $93,000 For First Time

Bitcoin price reaches new record, amid hope that incoming Trump administration will implement crypto-friendly policies

22 hours ago

Users Flock To Bluesky Post Election, As Guardian Leaves X

Bluesky briefly tops download charts in UK and US, as Guardian newspaper says it is…

23 hours ago