Here is an interesting story about one downside to SaaS:
Stealing the password for someone’s Gmail account, for example, not only gives the hacker access to that person’s personal e-mail, but also to any other Google applications they might use for work, like those used to create spreadsheets or presentations.
That’s apparently what happened to Twitter, which shares confidential data within the company through the Google Apps package that incorporates e-mail, word processing, spreadsheet, calendar and other Google services for $50 per user per year.
Co-founder Biz Stone wrote in a blog posting Wednesday that the personal e-mail of an unnamed Twitter administrative employee was hacked about a month ago, and through that the attacker got access to the employee’s Google Apps account.
Of course internal documents get compromised all the time in companies that use traditional methods of document sharing, but its still food for thought.
1 response so far ↓
Chris Swan // July 16, 2009 at 3:37 pm |
I think you’re missing a key point here – personal gmail accounts and corporate Google Apps accounts are identity islands. If you pwn the password for me@gmail.com it doesn’t help you out with getting docs from my.name@myfirm.com. The possible exception here is if I’m the guy that signed Myfirm up for Google Apps, in which case the backup admin account details can be sent to me@gmail.com (or may already be conveniently there and easily found by searching).