Desktop Search: The Ultimate Security Hole?

By Matthew Hicks  |  Posted 2004-12-02 Print this article Print

While uncovering lost e-mails or past Web page visits may appeal to some users, analysts are warning enterprises that desktop search makes it possible to reveal personal and confidential information on corporate computers.

Desktop-search tools have become one of the industrys hottest trends, promising to extend the ease of searching for Web pages to the finding of hard-drive files and data. While end-users may jump at the chance to uncover their lost e-mails or past Web page visits, analysts and IT executives are warning enterprises to think twice about desktop search because of its potential to reveal personal and confidential information on corporate computers. The problem, they say, isnt necessarily the technology behind desktop search, but rather the unintended consequences of being able to instantly locate previously hard-to-find data such as e-mails and cached Web pages.
The retrieval of Web history is the biggest cause for concern, said Timothy Hickernell, a vice president at IT research company The META Group Inc. Hickernell issued a client advisory last month warning IT departments about the risks of desktop search.
In particular, Googles desktop search client, released in a beta in October, can index cached Web pages, including pages from secure sites that display corporate data from Web-based enterprise applications or personal information such as financial-services accounts and medical records. Read more here about how Google Desktop Search retrieves cached Web pages. Googles tool is only the beginning of the onslaught of new desktop-search downloads expected to be released in coming months. Microsoft Corp.s MSN division and Ask Jeeves Inc. both have said they plan to launch desktop search products this month. Yahoo Inc. and America Online Inc. also are working on a desktop search offerings. "Theres no way IT is going to stop this," Hickernell said. "For power users in particular, this is a valuable tool. "We are not recommending that IT outright ban the tools but that departments have to test the tools, get out ahead of this trend and understand what the tools are doing in their own corporate desktop environment." One Silicon Valley hospital and medical group went so far as to warn the users of its online medical records system about the risks of Google Desktop Search. The Palo Alto Medical Foundation issued an advisory within weeks of the Google Desktop Search release after IT officials realized that the search tool, by default, would index the encrypted Web pages from its patient system called PAMFOnline, said Dr. Paul Tang, the medical groups chief medical information officer. "When I downloaded desktop search, it dawned on me that its very powerful but sounds like it could also be accessing caches for things you may not want to be findable," Tang said. Rather than telling users not to install Google Desktop Search, the hospital explained in its advisory how users could changes the tools settings to ensure that encrypted Web pages (HTTPs), such as those served by its medical-records system, were excluding from searches, Tang said. "I like Google a whole lot, but this was just a matter of trying to keep people informed of the other potential implications [of desktop search]," Tang said. Next Page: Consumer technology making its way to the enterprise.

Matthew Hicks As an online reporter for, Matt Hicks covers the fast-changing developments in Internet technologies. His coverage includes the growing field of Web conferencing software and services. With eight years as a business and technology journalist, Matt has gained insight into the market strategies of IT vendors as well as the needs of enterprise IT managers. He joined Ziff Davis in 1999 as a staff writer for the former Strategies section of eWEEK, where he wrote in-depth features about corporate strategies for e-business and enterprise software. In 2002, he moved to the News department at the magazine as a senior writer specializing in coverage of database software and enterprise networking. Later that year Matt started a yearlong fellowship in Washington, DC, after being awarded an American Political Science Association Congressional Fellowship for Journalist. As a fellow, he spent nine months working on policy issues, including technology policy, in for a Member of the U.S. House of Representatives. He rejoined Ziff Davis in August 2003 as a reporter dedicated to online coverage for Along with Web conferencing, he follows search engines, Web browsers, speech technology and the Internet domain-naming system.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel