Virtualization & Cloud Security

Glitch Underscores Cloud Computing's Privacy Challenges

The new federal CIO, Vivek Kundra, is a big believer in cloud computing as an efficient read: taxpayer money-saving way to deploy and use applications for government workers. But security and privacy concerns have limited the use of Internet-accessed apps within the federal government, and a reported glitch in Google Docs reminds Kundra of the challenge he faces in deploying cloud computing solutions.

According to Tuesday's DHS Daily Open Source Infrastructure Report, Google discovered a privacy glitch that shared access to a small fraction of word-processing and presentation documents stored on the company's online Google Docs service without authorization. "We have identified and fixed a bug which may have caused you to share some of your documents without your knowledge," the company said in a note that the search giant sent to affected people. "This inadvertent sharing was limited to people with whom you, or a collaborator with sharing rights, had previously shared a document. The issue only occurred if you, or a collaborator with sharing rights, selected multiple documents and presentations from the documents list and changed the sharing permissions. This issue affected documents and presentations, but not spreadsheets."

Later, in a statement, Google said the problem affected only five in every 10,000 documents stored at the site and that affected Google Docs users had been notified.

"Though the documents were shared only with people whom the Google Docs users had already shared documents, rather than with the world at large, the problem illustrates one downside of cloud computing, in which Internet servers host software previously run on a person's own computer," the DHS report said. "The flip side of a cloud-computing advantage, that a person can get access to those documents from any Internet-connected computer or smartphone, is that technical problems or hacking attempts also can expose private information."

Legislation Would Limit P2P Abuse

A group of lawmakers introduced legislation this week to increase security awareness of peer-to-peer file sharing programs.

Known as the Informed P2P User Act, the measure would thwart P2P providers from stopping users who want to block installation of file-sharing programs or disable them once they are installed.

P2P networks have been behind some highly publicized breaches. Recent reports blamed a P2P network with the download of blueprints for the presidential helicopter, Marine One, to a computer in Tehran. Last year, some personal information of Supreme Court Justice Stephen Breyer was exposed through a filing network.

"A lot of folks connect to these networks and don't even realize that their most personal and private files are visible to everyone else on the network at any time," says Rep. John Barrow, D.-Ga., who is sponsoring the bill with Rep. Mary Bono Mack, R.-Calif., and Rep. Joe Barton, R.-Texas. "It's like they're posting their tax returns, financial records, and personal messages on the Internet, and they don't even know it. This bill will let them know, in a way they can understand, that the information on their computers could be at risk. We have truth in lending and truth in labeling-this is truth in networking, and we need it."


About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.