Is desktop search secure?

Related Links

"The search is on"

A popular free desktop search tool poses several security threats to federal agencies, analysts say.

Government employees have been using Google Desktop Search to sift through the full-text contents of their local hard drives, including e-mail messages, documents, bookmarks and Web pages. Microsoft and Yahoo! also offer free, downloadable applications for desktop search.

Desktop search tools create an image of files that is quicker and more effective than the “I think I’ll click around until I find something” model, said Whit Andrews, a Gartner research director.

“That is great for enterprise -- and the intruder,” Andrews said.

Two main problems plague all desktop search appliances, he said.

If security is breached on machines using desktop search, prowlers can find sensitive information faster. Computers at law enforcement agencies, the Food and Drug Administration, and other regulatory bodies can easily expose confidential investigations.

In addition, when users download free software, agencies do not have the same level of control as with purchased applications installed by information technology personnel. Agency officials cannot claim the company is not supporting the search tools properly, nor can they administer the software from a console.

“These are issues for all desktop search and they need to be addressed,” Andrews said, though he added that free desktop search could be appropriate for some workers.

He said he is concerned about the search tools’ potential for revealing private information to third parties, since the desktop searches generate Web pages with targeted advertising. And government interests may not be aligned with those of the corporations making those resources freely available, Andrews said.

“There is an enormous difference between the interests of Linus Torvalds and the interests of Coca-Cola or Microsoft or Google,” he said.

Other analysts point to a specific Google Desktop Search flaw. By default, the tool indexes and searches cached copies of everything the users see, so they can view older versions of documents and Web pages, even off-line. If an unauthorized individual were to enter the password or e-mail, the intruder could easily filch entry codes and private messages, said Dave Goebel, who runs Goebel Group, a search consulting company.

“I would be surprised if any federal agency was putting this on its desktops,” he said.

But some federal agencies are experimenting with Google’s application. Agriculture Department officials are independently testing the product for broader use within the agency and will start working with Google in about 60 days. Some Food and Drug Administration employees use Google Desktop Search, but there is no agencywide deployment of the tool.

Company officials say the product is not ready for enterprise use yet. “There are certain features that need to be built giving greater control to the administrator,” said Nathan Tyler, a Google spokesman, adding that an enterprise version of the tool will meet government’s needs.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.