Blog‎ > ‎

How secure is Google Apps ?

posted Mar 5, 2010, 9:26 AM by Francois Tricot   [ updated Feb 21, 2011, 6:15 AM ]
From time to time, I receive emails of people who want to share content (mostly documents) and would like to know if CevApps is secure enough for their project.
I will try to answer shortly hereafter.

Firstly, I'd like to say that no system is risk free.

Most security issues come from staff leaving the company and saving documents before leaving. Against this, there is quite no solution. Even if we put a technology that prevent people from saving a document, they still can screenshot / make a movie / print or any other idea.

If we compare CevApps mail and Lotus mail, the risks are quite different.
  • With Lotus, it was quite easy to backup one single file containing all staff emails and decrypting it. However you would have first to access the server, which was easy if you are inside a Ceva building anywhere in the world.
  • With CevApps, this is quite impossible, however it is possible that someone has a compromised password and that someone from access the compromised account by Internet. The hacker does not need to be in Ceva buildings, but he may only compromised one account. He would be granted the same permissions the account owner has.
CevApps mail, contacts, calendar and documents are relatively safe except if someone having access to a confidential document has a compromised account.
As all these tools use HTTPS protocol, the content can't be seen by anyone except the one behind the browser and displaying the page.

Google datacenters are continuously monitored and the risk that data is stolen from their datacenter is very low. It is much lower than the risk of having one of our servers hacked. We have less money to put in security than Google has, for sure.

At this stage, the only documents we recommend not to put on CevApps are documents from Research and Development or Corporate Marketing such as new vaccines / new molecules projects.
We are at this moment in a selection process to buy and roll out a Document Management System which will be dedicated to these projects.

Talking about security, there is no IT system risk free, there is no organisation risk free, there is no set of policies at risk free. Google Apps is OK for what we know today, and we recommend to focus on better (even if controlled) collaboration rather than security policies that would prevent us from collaboration and communication.

Be careful when sharing documents, sites, when sending emails, or any other kind of communication that you understand what is involved and what is the impact of the technical action you have to do to share. If you are not confident with the technology, ask a colleague, email the hotline.
---
tag:security
Comments