A Secret Chinese Invasion of Google Apps?
Google wants everyone talking about its unique defiance of China's authoritarian rulers. But Silicon Valley gossips increasingly see that spin as a cover-up for the real story: A humiliating security breach exposed cloud computing's dangers and imperils Google's growth.
You could hear echoes of those insider whispers in a great post on the Daily Beast this morning, "The Great Google Coverup?" In it, tech author Douglas Rushkoff posits that Google's grandstanding on human rights is intended to distract users from thinking through the implications of Google's China-related security breach.
We've heard a similar thesis from Valley sources, one even claiming inside knowledge of the company's thinking, starting last night. The gossip can be hard to sort through: Is it true hackers got their initial foothold into Google through the Google Apps suite specifically? How much data was compromised? Would Google really sacrifice its also-ran China search engine just to protect the reportedly meager revenue from the Apps division?
But it's worth noting that Google has already said enough publicly to ring alarm bells for current and prospective cloud computing customers alike. It's telling that the president of the Google Enterprise division, whose business-targeted products include the Google Apps suite, felt the need to weigh in on the China situation in a blog post titled, "Keeping your data safe" (emphasis added):
While some intellectual property on our corporate network was compromised, we believe our customer cloud-based data remains secure....This attack may understandably raise some questions... Google is introducing additional security measures to help ensure the safety of your data... This was not an assault on cloud computing.
Ah yes, "this was not an assault on cloud computing." Pay no attention to the Chinese hackers behind the curtain. These are not the droids you're looking for... etc. The last thing Google wants is for corporate executives and IT decisionmakers to start wondering if it can competently secure its systems. Because if Google can't, that will make it awfully hard to get customers to trust the company with not only their email but with the sensitive spreadsheets and documents Google is trying to get them to host on Google Apps.
Heck, Google is at the moment trying to sell its cloud services to the mother of all corporate customers, the federal government. The feds launched a cloud computing initiative just this past fall, and already have significant ties to Google through NASA Ames. How do you think they'll feel about this security breach?
All of this begs the sort of questions everyone should have been asking since Google's initial China post: How much data was compromised? And how? How close did they come to stealing more?
The hackers probably were as "highly sophisticated" as Google claims; they reportedly compromised systems at Yahoo and perhaps Adobe, which helps explain why Yahoo has thrown its support behind Google's hard stance on China.
As for what they got, Google has been sketchy on the details. Here are the scant facts contained in VP David Drummond's original post on China:
- "A highly sophisticated and targeted attack on our corporate infrastructure resulted in the theft of intellectual property from Google..."
- "Two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves..."
- "The accounts of dozens of U.S.-, China- and Europe-based Gmail users... appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers."
That's not a lot for big corporate customers to go on. Google's director of enterprise security may be a TV magician, but the China incident raises the sort of questions even his impressive powers of deception can't make disappear.