Tuesday, August 04, 2009

Google apps for client documents?

Over on Slashdot someone posted a question on whether he should accede to his lawyer clients' desire to just use Google Apps for docs and email.

I have been a system administrator and a security consultant. There's a couple of questions one needs to ask oneself before making such a move:
  1. How bad would it be for me if one of my documents or emails became public? Or, specifically, they got into the worst possible hands? What's my risk?
  2. What are the likely consequences to my service provider if that happens? What's their incentive to keep my data secure?
  3. What measures are available to me to secure my data? What will it cost me to secure my data?
  4. Who has access to my data?

I don't even talk about threats, here. Whatever they may tell you, your service provider is a big black box to you, and you don't know about all the holes in that box.

As a system administrator, I had access to any data on our systems. Temptation.

Information security is about making your data cost more to access than it is worth to the person trying to steal it.

No comments: