Rumours started as far back as March 2006 about a new online storage solution planned by Google that would allow users access to a remote file hosting service from any device or platform. It has been speculated since then that Google’s new service would provide infinite storage of user’s emails, web history, pictures, bookmarks and files. Over the last few days, the mist has started to clear on all the guesswork and hearsay with a recent post on blogoscoped.com. It reveals that a Google Pack related javascript file has surfaced which has referenced the much rumoured GDrive. So does this mean that we can declare the service no longer officially secret? And with the main criticisms of GDrive being issues with privacy – do we realise how far these issues stretch?
Web 2.0 sites are very much about internet users as a community and the way in which we interact with content and information, so the concept of making our information available to others is nothing new. People have been turning to free social networking and media storage sites in increasing numbers, sharing photos (Flickr and Picasa), Video (Youtube, Vimeo, Google Video, etc) as well as personal profiles (Facebook, Bebo, Myspace, etc) and of course email (Hotmail, Gmail).
Remote storage solutions are also nothing new with similar services currently available from Yahoo (YDrive), AOL (XDrive), Microsoft (Live Mesh), Apple (MobileMe), Amazon (S3) as well as box.net. It is thought that Google are hoping to distinguish themselves from their competitors by simplifying the process for transferring and opening files. Skeptics feel that nothing in life is free and that Google may offer a certain amount of storage for free, with additional gigabytes of space coming at an additional fee. Or even more cynically perhaps at the cost of being exposed to adverts?
‘A hard drive that is handy at all times’ has obvious benefits and the opportunity for everyone to have access to exceptional computing power is very appealing, however the main issues over such a service have come in the shape of concern over user privacy.
• Would you be comfortable with someone being able to see everything on your computer?
• Are you comfortable with someone having unprecedented control of your data?
• Would Google hang onto web searches and index email?
• Will we see contextual adverts whilst browsing, matching uploaded content?
• One exploit/bug is all that could be required to access private/important documents.
• Security measures could make GDrive annoying to use remotely.
It is these last 2 points on security that I think desperately need to be addressed as GDrive could be a data breach nightmare. Like most large organisations, Google will have it’s weaknesses. A case in point would be the breach suffered by MySpace in January 2008 where a file containing ½ million supposedly private photos was uploaded to a bit torrent site. Bearing in mind that any users aged under 16 registered to MySpace automatically have accounts set to private, you can see just where the problems start and how serious they can be.
Information security has been shown to be the primary concern of cloud computing customers. Security is about maintaining an acceptable level of perceived risk and in terms of cloud computing there are no magic bullets, there is no such thing as ‘check mate’ and security is a process that must be constantly maintained and never ignored.
Usually when a customer engages a vendor providing a cloud service, there is an agreement as to which elements of risk are being taken on. If Google were to take on 100% of the user’s data then there is no question as to who is to blame in the case of a data breach. If this is the case then Google will need to generate significant levels of trust in its users. But how can the users go about verifying that trust?
It isn’t obvious how Google can prove itself and although IBM released its Cloud Certification Programme last year which could provide accreditation, there are still no best practice guides for cloud computing. Some discussions regarding security measures must occur behind closed doors as need dictates, but surely Google will need to do something special to show its potential users that it can be trusted.
Of course, all of this is pure speculation. It may just be that GDrive is, as some think, a private service for Google employees to share files. If not and it sees the light of day as a service for mass use then it could be a revelation, provided it is used purely for non-critical non-privacy-issue files. But if it is, as rumours from some corners of the press would have you believe, an attempt to kill off the PC then Google could have all its work very much ahead of itself.
What are your thoughts?
Useful links:
Craig Balding’s Cloud Computing Security Blog
Blogoscoped.com article on Gdrive javascript file
Link:
