Shark Bait

Knowledge Centers

Operating Systems

Networking & Internet

Mobile & Wireless

Security

Storage

Business Intelligence

Servers & Data Center

Computerworld Reports

Industry

See your link here

Seth Weintraub

Apple versus Google

Google Docs sharing issue causes concern for cloud computing

7 comments

TAGS:Cloud, error, Google Docs, permission, sharing
IT TOPICS:E-Business & Web 2.0, Enterprise Software & Services, SaaS & Cloud Computing, Security, Security Hardware & Software

Google today admitted to a potentially serious error in its Docs sharing system. While only .05% of all shared documents were affected, the potential for serious damage was significant for businesses.

The error amounted to wrongly sharing Google documents with someone "whom you, or a collaborator with sharing rights, had previously shared a document". The entire email from Google to Apps administrators is posted below.

It isn't hard to imagine how this could become a serious issue. For instance, it is common for people to share documents with their whole company. Imagine if you are writing a job description for someone who is going to be replaced soon. If the person to be replaced suddenly had access to and read that document, the company would be in deep trouble. Or what if the CFO has employee salaries and contracts in Docs (Google Spreadsheets weren't affected though some presentations were).

"The new guy is making double your salary?!"

It goes on from there.

Google took immediate action when it found out about the error by stripping all sharing privileges on the affected documents and sending an email to the affected users telling them that they would need to re-share the documents.

None of the companies I work for nor my personal documents were affected, however, and it seems that an extremely small percentage of users that were (1 out of 2000) affected. Even those that were affected probably didn't have their documents shared long enough for preying eyes to gleen any unintended information.

That doesn't mean this incident should be glossed over ... not by cloud customers and especially not by Google, Microsoft, Zoho, Zimbra or any of the other cloud vendors out there.

This is just one of many reasons businesses that are moving to cloud services should be wary of the issues that can come up that were'n't there before. While cloud computing does solve a lot of business IT issues, others can pop up without any warning.

No one ever said IT was easy.

The email from Google:

Dear Google Docs user,

We wanted to let you know about a recent issue with your Google Docs account. We’ve identified and fixed a bug which may have caused you to share some of your documents without your knowledge. This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations, but not spreadsheets.

To help remedy this issue, we have used an automated process to remove collaborators and viewers from the documents that we identified as being affected. Since the impacted documents are now accessible only to you, you will need to re-share the documents manually. For your reference, we’ve listed below the documents identified as being affected.

We apologize for the inconvenience that this issue may have caused. We want to assure you that we are treating this issue with the highest priority.

The Google Docs Team

Bonus: have a look at this episode of "To Tell the Truth" from 2001:

Email this

Digg this

What People Are Saying

Add new comment

Protecting data at it source

Submitted by Wasim on March 9, 2009 - 3:03 P.M.

I do think there is legitimate cause for concern here - not just at Google, but at all the other cloud services that are up and running. Mistakes happen, so does malicious hacking - the only way to reduce the risks of sensitive information getting 'leaked' is to encrypt it in a way such that even if it's exposed to the internet, it can't be accessed. This means encrpton, staggeringly scalable key management and a spitting of duties between the clouds providing collobaration and the keys to the encrypted data itself. The cloud service providers need to integrate these capabilities (which exist today) and consumers, business users, employees need to insist that their emails/documents/medical records are protected in the event of a filure/mistake/software glitch etc. The technology exists, now we just need to will to implement it.

Reply | Report this comment

Accuracy and Truthfulness in Reporting

Submitted by Michael Silverton on March 8, 2009 - 2:04 P.M.

Sorry Seth, but you've set yourself up for this little lecture and call for more adult oversight of your work at Computerworld. This headline and article are so antithetical to the actual email from Google that it approaches outright lying. Google "admitted" to exercising excruciating detail in finding and fixing things, not to an ongoing threat, as implied and described in the headline and post. Moreover, the original problem -- with such a low probability of impact -- was less significant a threat to information breaches than the baseline stupidity or maliciousness inside of any organization. Parenthetically, given the positive trend toward business transparency, it's probably good if people find out when a clique inside a company is firing people who's shoes they don't like so that they can hire a friend at twice the rate, right? The "hide the salaries" games that serve the old hierarchies are more and more coming to an end. In sum, this post would be perfectly acceptable as a fact-spinning rant on a personal opinion blog, but in this context, it's a black eye to the Computerworld brand, which most readers hold to a much higher standard of accuracy and truthfulness in reporting. We know you can do better. Please do.

Reply | Report this comment

Actually, you haven't proven

Submitted by Seth H. Weintraub on March 8, 2009 - 8:48 P.M.

Actually, you haven't proven anything I said wrong, nor that I spun anything. Google messed up, there are consequences.

Reply | Report this comment

Really?

Submitted by Michael Silverton on March 9, 2009 - 9:49 A.M.

Ok. You're apparently the one with the degree and the credentials. Good luck with that.

Reply | Report this comment

Again, if you have issues

Submitted by Seth Weintraub on March 9, 2009 - 10:07 A.M.

Again, if you have issues with any of the facts or implications specifically, list them so they can be addressed.

Reply | Report this comment

Please

Submitted by Michael Silverton on March 9, 2009 - 10:23 A.M.

Seth, it's better to just stop while you're behind. List? What are you talking about? There is nothing unclear about the original comment; however, there is now a false sense of interest in this post with five tit-for-tat comments. This too is below CW. I understand the emotional need to posture and position for the high ground, but it only makes things worse for you in cases like this. Let it go and do better next time.

Reply | Report this comment

no more secrets! i want my salary public. oh wait, I'm laid off!

Submitted by google apologist on March 9, 2009 - 3:23 P.M.

3 cheers to google for improving transparency and solving all privacy and security technology issues once and for all by eliminating the root cause of all of these concerns -- SECRETS!

Yes folks, with one brilliant stroke -- no doubt gleaned from the 20% of free time that self-satisfied Googlers get to brag about (if they are engineers!) as they are driving past the soup kitchens in their WiFi-enabled short bus -- Google has solved the entire problem domain of security and privacy concerns by showing us the error of our ways.

As Mr. Silverton properly points out in his concise and accurate criticism of this article, Google has done us all a great service by sharing our private and potentially business-critical competitive information, including those useless powerpoints showing next years' strategic planning, or the document about the upcoming layoffs -- with anyone at that might be interested such as competitors and employees.

Yes, Google, thank you again for freeing the worlds' information from the pesky limitations of copyright and non-disclosure agreements, from so-called 'proprietary' knowledge and artifically constructed 'intellectual property' laws.

Just as long as those secrets don't include for example, the Adwords algorithms that may or may not secretly squelch competitors adwords from showing vs. google docs, or perhaps the board meeting minutes when Google abolished their "do no evil" mission statement.

Yes, information just WANTS to be free after all. Google is just giving our information the freedom that we ALL deserve.

Reply | Report this comment

What it means to be "Going Google"

News flash - the Cloud is probably better than your data center

Cloudy clouds and standards

Windows goes rental

Editor's Picks

Attacks likely against Windows, PowerPoint, researchers say

Google Buzz takes the fight to Facebook, Twitter

Micron acquires flash memory maker Numonyx

Judge dismisses Windows anti-piracy software lawsuit

New Russian botnet tries to kill rival

Microsoft e-health research taps Xbox, mobile phones

Hot Posts

Google Buzz -- and you thought Facebook had privacy issues?

Posted by Barbara Krasnoff | 1 comment

Hands on with the Facebook facelift

Posted by Mitch Wagner | 28 comments

Will Apple's new Core i5 and i7 MacBook Pros have 3G?

Posted by Seth Weintraub | 10 comments

White Papers & Webcasts

Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance
Learn seven steps operators can take to meet IT configuration requirements set forth in the NERC-CIP standards.