Feds look, but don't touch

Developers of free desktop search engines must tighten security on their products before federal agencies adopt enterprise versions en masse, analysts and government officials say.

Transportation and Agriculture department officials said they would likely purchase desktop search software when safeguards are in place. Google, Microsoft and Yahoo! are some of the leading vendors trying to gain a significant presence in this market.

Government employees are already using Google’s free downloads to search full-text contents on local hard drives, including e-mail messages, documents, bookmarks and Web pages. Food and Drug Administration employees use Google Desktop, even though FDA officials have not deployed the tool agencywide. Such use could be perilous depending on the situation, experts say.

Desktop searches create an image of files that is quicker and more effective than the current model in which users click around until they find something, said Whit Andrews, research director at Gartner. “That is great for enterprises and the intruder,” he added.

Andrews said two main problems plague all desktop search appliances. If security is breached, either by an intruder using an unattended machine or by theft of a desktop or laptop computer, prowlers can find sensitive information faster.

Employees of law enforcement agencies, the FDA and other regulatory bodies can easily expose confidential investigations. The second concern is that when employees use free software, agency officials cannot control the applications as much as they control enterprisewide deployments.

“These are issues for all desktop search [engines] and they need to be addressed,” Andrews said, adding that a free desktop search tool might be appropriate for select workers.

He also questioned privacy ramifications of desktop search tools that reveal information to third parties. The free programs are supported by advertisers on Web pages.

Andrews raised other significant concerns about agency officials’ adoption of free software, because government interests may not be aligned with the interests of corporations that offer the free resources.

Other analysts are critical of a specific Google desktop search flaw. By default, the Google tool indexes and searches cached copies of everything the users see so that they can view older versions of documents and Web pages, even off-line.

“I would be surprised if any federal agency was putting this on its desktops,” said Dave Goebel, president of Goebel Group, a search consulting company. If unauthorized individuals were to enter the keywords “password” or “e-mail,” the intruders could easily filch entry codes and private messages, he added.

For now, federal agencies are experimenting with the idea of desktop search. USDA officials are independently testing the Google desktop search product for broader use within the agency and will start working with Google in about 60 days.

DOT officials, major Google appliance customers, are not using any desktop search until protection improves. Bill Mosley, a DOT spokesman, said agency employees will eventually use such software “when security is more robust.”

Google officials admit their desktop search tool is not ready for enterprise use. “There are certain features that need to be built giving greater control to the administrator,” Google spokesman Nathan Tyler said, adding an enterprise version of the tool will meet the needs of government.

Until a better desktop search appliance arrives, enterprise search software might be a solution for federal agencies.

For instance, Verity’s new LiquidOffice 4.0 lets agency officials search reports, presentations or any form of information on all office repositories enterprisewide.

To guard security, the software lets administrators assign different access levels to employees, such as authorization to view only final copies. And the product tracks each time an employee views content.

“It’s more secure [than the free downloads] in that it totally enforces and respects your corporate policies with respect to information and document access,” said Creighton Grose, Verity’s director of corporate marketing, adding that the software knows which directories are off limits.

Security risks

Using free desktop search engines such as Google Desktop Search could pose some risks for users in shared computing environments. Information can be viewed by multiple users for several reasons:

  • The product automatically records e-mail messages read through Microsoft Outlook, Outlook Express and Internet Explorer.

  • It saves copies of Web pages viewed through Internet Explorer.

  • It copies content accessed during Secure Sockets Layer sessions, making it available to anyone using the same computer.

    — Aliya Sternstein

  • The Fed 100

    Save the date for 28th annual Federal 100 Awards Gala.

    Featured

    • computer network

      How Einstein changes the way government does business

      The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

    • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

      Mattis mulls consolidation in IT, cyber

      In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

    • Image from Shutterstock.com

      DHS vague on rules for election aid, say states

      State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

    • Org Chart Stock Art - Shutterstock

      How the hiring freeze targets millennials

      The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

    • Shutterstock image: healthcare digital interface.

      VA moves ahead with homegrown scheduling IT

      The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

    • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

      MGT Act poised for a comeback

      After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

    Reader comments

    Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

    Please type the letters/numbers you see above

    More from 1105 Public Sector Media Group