The search is on

Vendors apply speedy Web search techniques to desktop hard drives, raising security concerns

Today's super-size hard drives don't come close to storing the billions of gigabytes of information found on the Web, and yet federal workers often have a significantly easier time locating an obscure document in cyberspace than they do finding a dated but much-needed e-mail message in their inbox.

A simple reason explains this disparity. Web search tools build an index of content and then search that streamlined index using keywords. Most hard-drive search tools, however, are application-specific and rely on what's known as "raw search" or searching file by file, word by word.

As a result, "even the most organized workers can't find the information they're looking for — or at least not very quickly," said Susan Feldman, research vice president for content technology at IDC. "People end up spending hours and hours looking for their own information, and it makes for a huge waste of time and productivity."

That no longer has to be the case. Companies that brought dynamic, indexing search tools to the Web are finally focusing on the desktop.

They include Web search mainstays such as Google, Yahoo, America Online, Lycos, Microsoft and AskJeeves, and other niche players in the larger search market, such as Copernic Technologies, Blynkx, Intellext, X1 Technologies and Autonomy.

Often available free by download, desktop search tools promise to cut through the clutter of word processing documents, e-mail messages, spreadsheets, PDFs, locally stored Web pages, images and video files with toolbar-based functionality and a click of the mouse.

The price may be right, but before agencies turn these tools loose among their users, they should understand how they work and their potential security implications, which can be significant for the risk-averse.

Building an index

Desktop search programs differ in the types of applications they support, but they basically work in the same manner as their Web-based counterparts. They scan hard-drive contents first and build an index of the information by keyword or phrase.

User queries are then run through the index, returning results in seconds or less. Most of the programs present the information by file type, date and relevancy. Users can immediately see a summary and then double-click on the result to open the file.

"We actually index your machine and then update it as new things get added or deleted to allow even faster access," said Justin Osmer, product manager for MSN Toolbar Suite, Microsoft's desktop search product. "Really, it's almost instant, immediate access."

Moreover, proponents say, desktop search tools reduce the time workers spend naming files and organizing them to easily locate them on their hard drive.

"All of a sudden, I don't have to take all that time to organize everything into a hundred different folders and then maintain them and update them," said David Burns, chief executive officer of Copernic. "Now, I can just go in, type a few keywords into a search box and hit 'go.'"

Despite the speedy results, potential time savings and enhanced productivity benefits, desktop search tools may not be ready for widespread use within the government market, observers say.

"The big push for government right now is information sharing, but that should be across many different client locations, not just within your own desktop," said Ray Bjorklund, senior vice president and chief knowledge officer at the market research firm Federal Sources.

Other obstacles exist, not the least of which is security. "Any time that you make information more available and more searchable, then you're essentially helping hackers," said Andreas Antonopoulos, senior vice president and founding partner of Nemertes Research.

"If it makes it easier for you to find information, it also makes it easier for anyone who compromises your machine to find information," Antonopoulos said.

Information at risk includes copies of Web pages, even supposedly secure ones that have been saved or cached, on a user's local hard drive.

Also, because the search function is typically located on the main toolbar and because some search tools can bypass application passwords, he added, it is even easier for a would-be hacker to walk up to a laptop or desktop computer and grab the desired information while a worker has stepped away for a coffee refill.

"It changes the time frame of an attack," he said.

Others worry that companies like Google and other Web search firms, which earn their money from Web advertising, are collecting the results of both local and Web searches and incorporating findings from the desktop into a broader Web database.

If a user wants to receive both local and Web information, they can do so, and the results are brought together on the screen. But, Antonopoulos said, "it's a misnomer to think that they mix them together out on the Web."

Timothy Hickernell, an analyst at the META Group, said organizations can't discount the possibility that desktop search tools could open the door to hackers via Internet connections and cached versions of Web content kept on hard drives and departmental servers.

He recommended taking a cautious approach and warned information technology managers to "adopt appropriate end-user guidelines based on testing within standard corporate end-user environments."

Another issue for enterprises is the fact that the tools are still in their infancy. The first products came out last fall, and Google, which got a lot of market buzz in December 2004 with the release of a beta version of Google Desktop Search, released the first official version of the product this month.

Most tools are targeted at consumers and limited in their ability to search a wide number of applications. For example, Microsoft's MSN Toolbar Suite can't support IBM Lotus Notes, and others can search only e-mail messages created in Microsoft Outlook or Outlook Express.

As a result, most desktop search products lack the features that enterprises need, including robust security features and centralized IT control. A few companies are working to develop features that would attract that market.

For example, Autonomy's IDOL Enterprise Desktop Search provides role-based authentication and Secure Sockets Layer encryption and enables searches across corporate networks, intranets, local data sources and desktop computers.

For its part, X1 Technologies' new X1 Desktop Search Enterprise Edition provides centralized deployment and administration tools and a centralized index and search server.

Long way to go

Government IT managers are taking a cautious approach to desktop searching. Several say they have no plans to even test the products, while others who have looked at them have, at least momentarily, dismissed their applicability for widespread deployment.

W. Hord Tipton, chief information officer at the Interior Department, said he has tried a few of the products and doesn't think they add any real value for his employees, "just more opportunities for [software] driver conflicts and another door for problems with security."

"Even if they did impress me," he added, "we are moving more and more toward enterprise applications and trying to get away from these separate, small-time buys that just add to the complexity of the configuration."

Likewise, technicians at the Washington State Information Services Department tested Google Desktop Search, and though they were impressed with its features and thought it was fun, they ultimately decided not to recommend it for use within their department.

"It doesn't functionally add any more capability than what we already have through our search capabilities that come with the operating system," said Nancy Jackson, a spokeswoman for the Washington department.

Feldman said officials should at least consider the use of desktop search tools on a situational basis. For example, users with expansive e-mail archives, mobile users who keep a lot of data on laptop computers, home-based workers and employees who deal with numerous versions of the same file could benefit from such tools.

"We've done research on what people spend their time doing in the workplace, and the major tasks are e-mail and finding and analyzing information," she said. "Any time you can automate and speed even a small piece of that, the productivity gains for an organization can be huge."

Hayes is a freelance writer based in Stuarts Draft, Va. She can be reached at hbhayes@cfw.com.

Sizing up the options

Most desktop search tools use a similar indexing approach for basic searching, but they vary in other features. Before you choose a tool, think about the following:

  • Application coverage. Does it only index Microsoft files? What about PDFs and compressed files? Does it work with all e-mail packages or only the most popular? Does it support other Web browsers, such as Mozilla Firefox, or only Internet Explorer?
  • Security. The product should have solid encryption and password protection. It also should give users control over what files they want indexed and allow them to segregate desktop searches from Web searches.
  • Ease of use. Is the interface intuitive? Do you have to open a program to get to the search function, or is it integrated into your main toolbar? Does the product conduct background indexing while you work, and if so, will it significantly slow computer performance?
  • Presentation. Can results be displayed as you need them, such as by date, file type, relevancy and other criteria? Can you preview files as they should look, meaning a PDF should look like a PDF and a spreadsheet should look like a spreadsheet? Can you open a document or play audio and video files without launching the application or media player?

    — Heather B. Hayes

  • Before you start searching

    Thinking about giving your users desktop search tools? Before taking the plunge, consider these tips.

  • Test and evaluate the products using employees from several departments, such as accounting, publications and training, because people search for the same information in different ways.
  • To guard against potential physical attacks, information technology departments should think about enforcing the use of desktop passwords and using a second security mechanism for laptops, such as a fingerprint scan system.
  • IT managers should find a way to integrate desktop search applications into enterprise systems management software to avoid manually updating, upgrading or patching applications.
  • Invest in task-oriented training and awareness campaigns for users to maximize the tools’ benefits and minimize their risks.

    — Heather B. Hayes

  • Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above