Gmail, Google search integration not seen as security risk

Security experts say Google's new "Gmail in personal search results" service, which crawls through a person's inbox and presents results relevant to a regular web search, is not a risk to businesses.

Google started testing the feature Thursday, opening it up to only the first 1 million signees, a fraction of Gmail's 425 million accounts. People who join the pilot program would start seeing the Gmail results on the right-hand column of regular search results.

In some cases, answers from the inbox would be highlighted at the top of the page. For example, typing "my flights" in Google's search box would get flight information if an airline had forwarded a user's future itinerary to Gmail.

[See also: 6 ways we gave up our privacy]

In general, Google is trying to add more personal information to search results. For example, if a person is searching for restaurants in San Francisco, then it might be helpful to also show that email a friend sent a long time ago, recommending a steakhouse in the city.

Security experts do not see the new feature opening up any new doors to attacks. Rather, some people may object to having their private email searched, and opt out for that reason. "It's not necessarily a big security risk, but it's kind of creepily invasive," Dan Olds, analyst for the Gabriel Consulting Group, said.

Another possibility from having one's inbox searched is more targeted ads from Google advertisers, Olds said. "I would hate to suddenly be bombarded with particular advertising messages or spam based on what I'm searching for."

Whether any of that would happen is only speculative. For now, people have to sign up to participate, and Gmail results will be presented in a collapsed format that requires people to open to see the details.

Google's motive is to continue expanding a person's search capabilities, the company says. "We think you shouldn't have to be your own mini-search engine to find the most useful information -- it should just work," Amit Singhal, a senior vice president for Google Search, said in a blog post. "A search is a search, and we want our results to be truly universal."

Jeremiah Grossman, chief technology officer for WhiteHat Security, said that mission of organizing as much of the world's information as possible and making it accessible is why businesses should always place strict controls on the use of Google services when it comes to corporate information.

"Any data stored in the cloud, which includes online services like Gmail, should be considered public," Grossman said in an email. "That's the rule. With the exception of paid-for services like Google Apps, users are not customers and can only expect a limited amount of security and privacy."

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Antone Gonsalves

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts