Google takes Office to the Cloud, security issues remain

Google has launched a plugin for Microsoft Office that saves documents to the cloud, but security issues remain unaddressed.

Google has begun testing an intriguing plugin for Microsoft Office. Google Cloud Connect is a devastatingly simple concept: rather than save your files to your computer's hard disk, it allows you to save them to your online Google Docs space.

Following the upload, the user can share docs with colleagues and more importantly, collaboratively edit them from within the Microsoft Office software window. In other words, the plugin brings the shared editing power of Google Docs -- its best selling point -- to Microsoft Office.

If you've never tried Google Docs collaborative editing, I'd advise you to give it a try. Right there in your browser you can see other invited people working on the document, and edits are shown almost in real time. It makes an extremely compelling case for embracing cloud computing.

Unfortunately, nowhere in its new product announcement does Google address the number one concern of businesses when asked about the cloud: data security.

Survey after survey shows that any mention of cloud computing goes hand-in-hand with concerns about data security. It's a mystery why companies such as Google don't make more of an effort to assuage fears. After all, we have to assume their setup is extremely secure and probably involves high levels of encryption every step of the way. Yet in the Google Cloud Connect official announcement, there wasn't one mention of security or encryption.

Would you upload a highly confidential document into the cloud -- one that could fatally wound your business if it fell into the wrong hands?

What about your clients' data? Are lawyers safe to use cloud services without running the risk of betraying client confidentiality? Data protection laws are also an issue. Could a business become liable, should data it stored in the cloud accidentally become available to others?

Not one of these questions are being answered by the majority of cloud service providers. Such reluctance turns using the cloud into something of a gamble. You'll probably be OK, but what if things go wrong?

Larger businesses that build their own cloud storage systems have complete freedom to incorporate encryption via bespoke software, of course. The incorporation of 256-bit AES will ensure that even if the data is picked up by another individual, it will be unreadable. However, smaller and medium-size businesses have to rely on third-party infrastructure, and that involves 100 per cent trust in service providers.

The only way companies like Google will encourage such businesses to embrace cloud services is to offer unequivocal guarantees about security and privacy.

I suspect this would have to involve some kind of insurance policy, such as promising a cash payout should data go astray -- effectively, a million dollar guarantee. This will not only engender confidence in cloud computing but may prove a necessity; should client data end up in the wrong hands and you find yourself sued because of it, it's not unreasonable to expect the cloud service provider that made the mess to help clean it up.

However, it's unlikely that any insurance underwriter could offer such a policy to cloud providers. Technical considerations aside, all an underwriter need do is search Google and discover the many instances over the years that supposedly 100 per cent secure systems have proven to be flawed.

The area of wireless networking provides classic examples. Security experts lined up to explain that WEP was considered the perfect method of protecting data. WPA was considered the bulletproof replacement -- until it was cracked. WPA2 replaced it and remains in use at the moment, but it's not overly cynical to wonder how long this will last.

Even now many corporate IT departments refuse to adopt wireless networking, sticking to ethernet cables despite the many advantages Wi-Fi offers. We can't blame them for their lack of trust but, fundamentally, it's no different with cloud services. They might claim to be 100 per cent secure, but for how long?

The hacking community comprises some of the most intelligent and devious people on the planet. Nothing will stop them. With any kind of data security, it's only a matter of time before its blow wide-open.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at

Join the CSO newsletter!

Error: Please check your email address.

Tags online securityfirewallsproductivitymobile securitymicrosoft officecloud computinginternetwireless securitynetwork securityGoogleMicrosoftsecurity

More about AES EnvironmentalGoogleMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Keir Thomas

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place