Feds look, but don't touch

Developers of free desktop search engines must tighten security on their products before federal agencies adopt enterprise versions en masse, analysts and government officials say.

Transportation and Agriculture department officials said they would likely purchase desktop search software when safeguards are in place. Google, Microsoft and Yahoo! are some of the leading vendors trying to gain a significant presence in this market.

Government employees are already using Google’s free downloads to search full-text contents on local hard drives, including e-mail messages, documents, bookmarks and Web pages. Food and Drug Administration employees use Google Desktop, even though FDA officials have not deployed the tool agencywide. Such use could be perilous depending on the situation, experts say.

Desktop searches create an image of files that is quicker and more effective than the current model in which users click around until they find something, said Whit Andrews, research director at Gartner. “That is great for enterprises and the intruder,” he added.

Andrews said two main problems plague all desktop search appliances. If security is breached, either by an intruder using an unattended machine or by theft of a desktop or laptop computer, prowlers can find sensitive information faster.

Employees of law enforcement agencies, the FDA and other regulatory bodies can easily expose confidential investigations. The second concern is that when employees use free software, agency officials cannot control the applications as much as they control enterprisewide deployments.

“These are issues for all desktop search [engines] and they need to be addressed,” Andrews said, adding that a free desktop search tool might be appropriate for select workers.

He also questioned privacy ramifications of desktop search tools that reveal information to third parties. The free programs are supported by advertisers on Web pages.

Andrews raised other significant concerns about agency officials’ adoption of free software, because government interests may not be aligned with the interests of corporations that offer the free resources.

Other analysts are critical of a specific Google desktop search flaw. By default, the Google tool indexes and searches cached copies of everything the users see so that they can view older versions of documents and Web pages, even off-line.

“I would be surprised if any federal agency was putting this on its desktops,” said Dave Goebel, president of Goebel Group, a search consulting company. If unauthorized individuals were to enter the keywords “password” or “e-mail,” the intruders could easily filch entry codes and private messages, he added.

For now, federal agencies are experimenting with the idea of desktop search. USDA officials are independently testing the Google desktop search product for broader use within the agency and will start working with Google in about 60 days.

DOT officials, major Google appliance customers, are not using any desktop search until protection improves. Bill Mosley, a DOT spokesman, said agency employees will eventually use such software “when security is more robust.”

Google officials admit their desktop search tool is not ready for enterprise use. “There are certain features that need to be built giving greater control to the administrator,” Google spokesman Nathan Tyler said, adding an enterprise version of the tool will meet the needs of government.

Until a better desktop search appliance arrives, enterprise search software might be a solution for federal agencies.

For instance, Verity’s new LiquidOffice 4.0 lets agency officials search reports, presentations or any form of information on all office repositories enterprisewide.

To guard security, the software lets administrators assign different access levels to employees, such as authorization to view only final copies. And the product tracks each time an employee views content.

“It’s more secure [than the free downloads] in that it totally enforces and respects your corporate policies with respect to information and document access,” said Creighton Grose, Verity’s director of corporate marketing, adding that the software knows which directories are off limits.

Security risks

Using free desktop search engines such as Google Desktop Search could pose some risks for users in shared computing environments. Information can be viewed by multiple users for several reasons:

  • The product automatically records e-mail messages read through Microsoft Outlook, Outlook Express and Internet Explorer.

  • It saves copies of Web pages viewed through Internet Explorer.

  • It copies content accessed during Secure Sockets Layer sessions, making it available to anyone using the same computer.

    — Aliya Sternstein

  • The 2014 Federal 100

    FCW is very pleased to profile the women and men who make up this year's Fed 100. 

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above