FORT LEE, N.J., Nov. 15, 2004 (PRIMEZONE) -- Google Desktop Search raised a security red flag for enterprises using SSL VPNs for remote access, industry analysts said on Monday.
While lauding Google's latest technology for its ability to index a user's email, computer files, chats and web pages, analysts warned businesses against delivering SSL VPN remote access from computers running Google Desktop Search, saying this information would be cached and posed a potential security risk.
"Security managers beware. While users would definitely cherish the power of Desktop Search on their computers, its use on remote devices would expose huge amounts of confidential information to unauthorized viewing," said Dana Hendrickson, President of SSL VPN Central, an analytical research portal of the Breakaway Marketing Group.
Michael Suby, a senior research analyst at Stratecast Partners (a Division of Frost & Sullivan) said: "Convenient access without appropriate security precautions is unacceptable. Unless the SSL VPN solution has effective cache control policies, the confidentially of enterprise information is jeopardized."
Enterprises are widely adopting SSL VPNs as a convenient and cost-effective method to deliver remote access to employees and partners from any web-connected browser, be it a home computer, Internet kiosk, hotel businesses center or customer site.
Google recently released the BETA version of its Desktop Search. Google's website compares the functioning of the tool which provides full text search over email, computer files, chats and viewed web pages to a "photographic" memory. "When you view a web page in Internet Explorer, Google Desktop Search 'caches' or stores its content so that you can later look at the same version of the page, even if its live content has changed or you're offline," Google's website stated.
Whale Communications said as a leading vendor in the SSL VPN space it feels it has a responsibility to highlight the risks of allowing SSL VPN access from a computer that is running Google or any number of other desktop search tools potentially caching information. "Companies have a false sense of safety in the knowledge that their SSL VPN of choice is cleaning up after each user by wiping the browser cache and other repositories for temp files and cookies. However, they are more than likely unaware that every email or document viewed might be cached by a desktop search tool," warns Daniel Steiner of Whale Communications. "This poses a serious risk. We recommend that enterprises check to ensure that like Whale their SSL VPN goes beyond cleaning the cache to ensure that nothing is left behind."
About Whale Communications
Whale Communications, the leading enterprise-class SSL VPN vendor, is enabling companies to provide employees and partners secure access to corporate data and applications from any web browser. Its award-winning solutions have been securing enterprises worldwide since it was founded in 1998. Privately held, Whale is funded by prominent venture firms and industry leaders, including Goldman Sachs, Soros Private Equity Partners and the BRM Group, the founding investor of Check Point Software Technologies. The company is headquartered in Fort Lee, New Jersey and has international offices in Israel, the United Kingdom and Germany.
Whale Communications, e-Gap, Application Aware, Attachment Wiper, Whale and the Whale logo are trademarks of Whale Communications Ltd. All other trademarks are property of their respective holders. For more information about Whale visit: www.whalecommunications.com.