In addition to existing concerns among the general public regarding the amount of data retained by search engine providers about people's individual Web queries, products such as Desktop and Google Apps are raising significant questions among business users about the ability for the company to keep hackers from finding a way to break in and use the tools to steal sensitive corporate data, he said.
Another finding of the report was that 81 percent of respondents familiar with the Desktop cross-site scripting security problem said that they do not feel that users who have sensitive data on their computers should utilize functions of the program that allow them to run remote queries on their machines.
Such data provides evidence of the growing fear of Google's plans to foster "deep integration" between desktop and Web-based tools, the researcher said.
"Based on the people we talk to in the world of security, many believe that Google's products could present a serious risk; that if someone can get in, they can find a lot of sensitive data very quickly," Ponemon said. "Google is becoming such a major presence on so many computers that if people are looking for attack vectors that can get them the most information, Google has become an attractive target."
While conceding that Google has encountered very few serious security issues in its products, especially when compared to other major IT companies such as Microsoft, the researcher said that concerns about the search giant's technologies are nonetheless going to increase if more business users begin working with its tools.
Ponemon denied that his company was attempting to "lead witnesses" with the Google survey by reminding them of the Desktop vulnerability before posing its questions.
"To Google's credit, they haven't had many major security problems, but people clearly believe that they may still be vulnerable and that the bad guys will eventually find a way to break in," Ponemon said. "People are scared because they are wondering if this is just the tip of the iceberg in terms of bugs and if the bad guys really are ramping up their activities around attacking Google products in general."
Google representatives complained that the Ponemon report was too narrow and suggestive in trying to provoke people's concerns about their company's overall security standing.
Executives with the company said that the search giant is working as hard as it can to ensure that there are no problems in either its existing or future technologies.
The firm has long considered its ability to foster trust among users regarding the privacy of their search habits as key to its overall success, said Douglas Merrill, Google's CIO and vice president of engineering.
"Search is the oxygen of today's information economy, but we don't believe that search works without users trusting in us to protect their information, so we're focused constantly on improving security and privacy and have been since day one," Merrill said. "That was long before Desktop or our other forays into the enterprise, and it continues with Google Apps; we run our own business on these applications, and I wouldn't be able to recommend them to other CIOs if I didn't know that they were truly secure."
Merrill said that Google engages in rigorous examination of the underlying code in its products to eliminate potential vulnerabilities both during their production and after the tools have gone live.