Mounting scrutiny for Google security

Much as the ubiquity of Microsoft's Windows operating system and Office productivity tools has made the software giant a focal point of security research, search giant Google is facing new scrutiny as it diversifies its products and moves further into the business environment.

In a report to be published on July 16, researchers at Ponemon Institute will detail their findings about existing concerns among IT professionals regarding the overall security of Google Desktop, the company's PC search utility, specifically within the confines of business operations.

And while the research revolves around the only significant security flaw to be unearthed in the program thus far -- a cross-site scripting vulnerability reported and subsequently patched by Google in February -- authors of the report contend that their work illustrates a growing level of concern over the massive company's rapidly expanding footprint.

Google Desktop marries PC and Web-based technologies in a similar manner as many other products the company has launched in the last several years, such as its Google Apps document system, which competes directly with Microsoft Office.

If the company is to succeed in its plans to replace Office with Google Apps and drive other applications such as Desktop further into businesses, Ponemon researchers said, the company must be ready to face a wave of inquisition over the potential security impact those products will have.

In the Ponemon survey of more than 600 IT security specialists who indicated that they were familiar with the Google Desktop vulnerability, an overwhelming 71 percent said that they believe that the product likely harbors other security flaws.

The results gathered by Ponemon -- an Elk Rapids, Mich.-based firm that has gained acclaim in recent years for its studies regarding the cost and causes of data breaches -- illustrate the growing apprehension among businesses about the security implications of Google's applications, said Dr. Larry Ponemon, the research company's founder and chairman.

Google has moved to bolster its security skills via recent acquisitions of software makers GreenBorder Technologies and Postini, and has sought to become a thought leader via its sponsorship of malware research projects such as Stopbadware.org.

However, the company must prepare itself to face the daily assault from hackers and researchers previously reserved for Microsoft and other industry bellwethers if it succeeds in becoming a more central provider of business IT products, according to the expert.

"Google has a huge bull's eye on its back because of its position in the market and everything it wants to become, specifically to businesses," said Ponemon. "These recent acquisitions may point to steps to try and make it safer to use their applications, but it's likely that they will become a victim of their success as more hackers and researchers focus their efforts on finding flaws in its products."