Google: Security Mishaps and User Trust

Update: Danny Sullivan disagrees with some of my points, and adds a few other security incidents to the list.

Google is pushing full steam ahead with their office strategy, and their hope is to convince a lot of individuals and businesses to trust Google enough to store their documents on Google’s servers instead of their own computers, or servers under their control.

The fact that unauthorized document access is a simple password guess or government “request” away already works against them. But the steady stream of minor security incidents we’ve seen (many very recently) can also hurt Google in the long run. Running applications for businesses is serious stuff, and Google needs to be diligent about security.

Another minor incident came up this evening – a Google employee intended to post on her personal blog and wrote on the official Google blog covering Blogger instead.

Earlier security incidents:

July 2004: Gmail security issue allows unauthorized access to others’ registration information.

January 2005: Gmail security flaw allows unathorized viewing of others’ emails.

November 2005: Gmail bug allowed hackers to take complete control of a victim’s Gmail account.

March 2006: Google accidentally deletes its main official blog. They write “We’ve determined the cause of tonight’s outage. The blog was mistakenly deleted by us (d’oh!)”

July 2006: Writely document appears that seems to show internal confidential Google information on the Platypus project.

October 2006: Google blog hacked and fake post published, quickly taken down.

October 2006: User complains that blog posts through the Blogger API are being published on someone else’s blog.

October 2006: Google accidentally releases Google Platypus software.

Google product teams work in cells, which allows them to quickly launch and iterate products. However, there could be a disadvantage to this as well with regard to security, as their does not seem to be one central policy or security group ensuring strict compliance across the entire company. Every security incident damages Google’s credibility and reputation. Microsoft has been dealing with security issues forever – Google may need to start fighting the same war.