Google: The Limits Of Security

In Part One of this report, Google’s Eran Feigenbaum dismissed suggestions that cloud apps have a security problem – they are the solution, not the problem, he said.

In this part, we addressed user problems. Why won’t Google let users run Google Apps on their own servers, to create their own cloud? And if passwords are a problem, why isn’t Google pushing other security methods?

Don’t even think of asking to run Google Apps yourself!

One thing users often ask for – according to eWEEK columnist Jason Brooks – is the ability to run Google Apps on their own servers. If users are scared of the cloud, it might reassure them to run their own cloud on servers which belong to them.

Feigenbaum looked shocked when we suggested this to him – and not surprisingly. The concept is completely counter to everything he’s been saying, and if the cloud really is more secure than the data centre, would be a betrayal of his vision: “A traditional CISO can get called in the middle of the night with an emergency. You don’t get that with cloud.”

The fact that Microsoft plans to offer exactly this feature with its Office Web cloud version of Office 2010, predictably cuts no ice with him.

Passwords are not enough

Despite his assertions that the cloud is objectively better, that is not the perception among most people. The big objection to cloud apps – and what hit Twitter – boils down to the fact that data is available from anywhere, and is only protected by a password. These can be found with key-loggers, guessed or retrieved by other devious means – and the best response to this is to use two-factor authentication, so hackers can’t get hold of a password.

“The reality is most security on the Internet today depends on knowing the user’s password,” he said. “We offer stronger levels – we support single sign-on and SAML [the Security Assertion Markup Language. We have clients that use two-factor authentication, with one-time passwords through things like RSA SecurID, smartcards or cellphones.”

He recommends using stronger authentication, and Google offers a tool to help users choose better passwords: “We show admins the strength of each password, based on the attacks we are seeing on the net at that time.”

Google – apparently it relies on passwords

But does Google itself use two-factor authentication, eWEEK asked

“I don’t think I can comment on that,” he said – looking very uncomfortable indeed, and claiming Google’s security would not allow him to answer. The group pointed out that it would not be a breach to simply know whether Google uses two-factor techniques, but Feigenbaum stuck to his rigid “no comment,” leaving us pretty sure that Google relies on passwords.

Page: 1 2

Peter Judge

Peter Judge has been involved with tech B2B publishing in the UK for many years, working at Ziff-Davis, ZDNet, IDG and Reed. His main interests are networking security, mobility and cloud

Recent Posts

US Widening AI Lead Over China, Finds Stanford Report

US widening lead over China on AI development, as UK places third in Stanford index…

2 hours ago

Amazon To Pump Another $4bn Into AI Start-Up Anthropic

Amazon to invest a further $4bn into AI start-up Anthropic, doubling its investment as it…

3 hours ago

The Cost of Tech Skills

The demand for tech skills is surging, driving economic growth but revealing challenges. Financial costs,…

3 hours ago

Supreme Court Says Meta Must Face Multibillion-Dollar Fraud Lawsuit

US Supreme Court tosses Meta's appeal over Cambridge Analytica-linked investor lawsuit, meaning case must proceed

3 hours ago

Uber Seeks $10m Stake In Pony AI Via IPO

Uber reportedly seeks $10m stake in Chinese autonomous driving firm Pony AI via US IPO,…

4 hours ago

Apple Developing ‘LLM Siri’ AI For 2026

iPhone maker reportedly developing next-generation AI large language model for Siri for spring 2026 as…

4 hours ago