Remote file access: blanket application of rules is seldom best.
Perhaps because of its high corporate visibility, the company that currently seems to be getting the most attention, at least in the press, is Google. This particular firestorm was ignited by the release of their Google Desktop 3. Google had been in the middle of controversy with earlier versions of this product. At that time, the purported issue was that Google was 'breaking the systems security' (remember, this is Microsoft Windows that we are talking about) and revealing other peoples confidential information. The reality was, and still is, that Google wasn't breaking the security at all. What was happening was that Google was simply indexing information stored in various areas of the computer that most people didn't realize was there. Anything that Google displayed was available before, you just had to know where and how to look for it. If this is breaking security, then good luck! Security through obscurity is about as insecure as you can get. All Google did was highlight the security risks already present.
This time, the very feature for which we are looking, the ability to search and access your files from multiple computers, is the thing at which most are harping. In addition to the feature of concern, the new version of Google Desktop is an enhanced version of the previous tool, which includes tweaks for better performance. In the default distribution, that is all you'll see. If you desire to enable it, you can activate their Search Across Computers feature. In that case, various files that you opt for are encrypted and uploaded to Google servers where they are indexed and available for you to search against and access from your other machines. The only requirement is that you have a Google account, such as you get with their free Web based e-mail service, as this account ID is what the files are linked against. In normal operation, this means that only you can upload files to your share and only you can download or search against them. All of this assumes, of course, that you choose a secure password. Choose a poor one, or leave your password lying around someplace, and all of the files you've opted for can be someone else's for the picking.
If you read through some of the blogs or listen to some of the media finks, they would have you believe that this tool is poison, the worst spyware in existence, and only not called spyware because it's from Google. Unfortunately, in my opinion, the worst of these comments appear to come from people in the IT industry. I wish I could say they should know better, but I've seen it happen all too often for that. In general, it occurs where someone has been given the responsibility and authority to protect a resource and, by God, they are going to protect it, no matter what the effect on the rest of the organization. You may have encountered it where someone has been tasked with protecting a network. Before long, you find the applications allowed to access the network becoming more and more restricted, but the network is safe and up and running, even if it means that there is nothing left to run on it. Please don't get me wrong, this is a general problem, not just restricted to the IT ranks. If you look for its roots, you'll see that it occurs when people lose sight of the goal of the organization and who its customers are.
I'm in a relatively unique position in that part of my job is to provide an interface between the laboratory and the IT shop. I can talk technology with the IT people and put it into practical terms for the laboratorians. I can take the needs of the laboratorians and convert it to the specifications that the IT people need. It's when this communication breaks down that we end up in trouble. It's not uncommon for some of those in the IT field to forget that they are there to provide a service to facilitate getting the overall organization's work done. It's easy to see this when reading through some of the blogs and hearing the disdain for users that just drips from some of the messages. Of course, there is a flip side, you have those users with a total disregard for procedures and why they might have been implemented. I've cleaned up enough spyware-infected PCs to feel the pain of those in the IT ranks. Is there a balance? Yes, but it is a dynamic one. To keep it, users and IT must communicate. Not only talk, but listen as well, to both sides! It must be attuned to users' needs and not treat users as an annoyance or total idiots who have no idea what they need (though I have met a few like that), while users need to be willing to believe that there might actually be a reason why IT wants to set things up a certain way (although there is a grain of truth in the saying that, whenever the only tool you have is a hammer, every problem looks like a nail). The best partnership--and that is what it should be--occurs when both sides are at least somewhat familiar with the others fields and are wilting to listen. You don't have to be an expert, but it helps if you know something about what you are talking about.
Now is there any truth to what some people are shrilly screaming? As to spy-ware, no. As to whether they are a security risk to an organization, definitely yes. However, as with version 1, it is more of a case of making an existing security risk visible, for there are many other tools that will allow you to share files between PCs out there, some of which I'll discuss shortly. The gist of the situation is that, unlike Ghost or similar tools, Google Desktop is not something that will move an image of your hard disk somewhere else. Even if you were to open the file-sharing as wide as possible, you could only move a subset of your files. The supported transfer file types are Web history (from Internet Explorer, Firefox, Netscape and Mozilia), Microsoft Word documents, Microsoft Excel spreadsheets, Microsoft PowerPoint presentations, PDF files and text files in My Documents, although you can add plug-ins to allow the system to index other types. In addition, only files that have been accessed within a given period of time are uploaded, and the older ones are continually being purged from the Google servers. Even if you do configure several machines to share files, you can configure the system so that the contents of only certain files can be searched, as well as set it so that only specific machines can be searched.
What does this mean in practical terms? Yes, it does provide a limited portal out.
Is this a problem? Well, it all depends. Looking at it one way, this could be a portal for information out of a company and a security officer's nightmare. On the flip side, this could be a great productivity aid for anyone that needs to access files remotely. If you were in charge, would you attempt to restrict this portal? It is only prudent to review this concern. In many cases, you may well want to restrict access. However, make sure that you do it for considered reasons, not just as a knee-jerk reaction. Blanket application of rules is seldom the best choice. Doing so frequently just makes it harder for employees to do the job that they have been asked to do.
Now, the next question. Ignoring Google Desktop's other features, since we were looking at it specifically for its ability to allow you to share files and move them back and forth between several machines ... is this transfer feature really unique enough to justify all of the fuss? If you look around, even casually, you will see that there are a number of other programs available to allow you to access files stored on different machines. I will not attempt to even name most of them here, we don't have nearly enough room.
The first alternate program that I came across is called Avvenu and is distributed by Avvenu. The basic service is free and, unlike Google, you do not need to upload your files to a central server. When you opt to share a file, that file is coming directly from your PC. To share files, you need to register with Avvenu and install the Avvenu Agent (1.2.19). To be able to access your files from anywhere, you simply need to leave your PC on with an active Internet connection. The downside is that this client will only work with machines that have Windows XP with Service Pack 1 or 2, Professional or Home Edition installed. A useful feature of this application is that those with whom you want to share files do not have to be Avvenu members, they simply need to have an e-mail account and a Web browser.
The next program I encountered is called FolderShare Beta, from ByteTaxi. By downloading and installing the FolderShare Satellite client, you have set up your machine to create a private peer-to-peer network. This service currently comes with one year of free service when you sign up for their beta program and allows you to exchange an unlimited number of files, each up to 2 GB in size. It is designed to work with either MSN Desktop Search or Google Desktop search, when so desired. Unlike some of the other tools, this one will run with either MS Windows 2000 or XP or Apple OSX. Once you have set up your free account and the folders you want to share or sync, you are ready to go. Interface languages are English, Portuguese, German, Italian, Spanish and French. File transfer takes place over an encrypted channel and, like Avvenu, people with whom you opt to share files need only a browser and an e-mail account.
One of the main objections to Google was due to their approach of temporarily storing the files on their servers. Many people thought that this put your files at risk, not because Google would abuse them, but because they felt that, by uploading them to a remote server, you made them vulnerable to being obtained with a simple subpoena, whether from the government, commercial organization or private person. In concept, Google Desktop is not all that dissimilar to the online back-up systems available. If any of these have a legal risk of exposure due to subpoena, then it's likely they all do, so make your decisions accordingly.
Beyond the discussion of the exposure issue and the relative risks involved, just how do these three programs compare? While there are a number of factors you can compare, given our remote file access thesis, the basic contrasts are these. Avvenu and FolderShare are both active live systems, meaning that you can only access the files while the host computer is turned on. Because Google Desktop 3 uploads copies of its target files to the Google servers, they can be searched and accessed even when the 'host' computer is turned off. Contrasting with this, Google Desktop only allows you to index and access a subset of the file types on your machine, where Avvenu and FolderShare allow you to access any of them. File transfer on all three is encrypted, so that shouldn't be a major issue. If anything, Awenu and FolderShare would appear to be more of a risk than Google, as they can move any file type. It truly seems as if the problem is primarily a psychological one of knowing that your files (or at least some of them) have been copied off to someone else's server, where you are losing an unknown degree of control over them. I'll have to leave the assessment of the subpoena risk to the lawyers.
I'll be happy to address any rational point of view regarding the use of or blocking of these file sharer programs. Any argument based on name-calling rather than considered logic will simply go into the bit bucket. I'd be fascinated to see how our readers are using these tools and the rationale they've used to determine whether they would block or use the service. I'd also be interested in seeing which other file sharing applications like these you use and why you selected a particular one.
Remote File Access Resources Google Desktop desktop.google.com Avvenu www.avvenu.com ByteTaxi--FolderShare www.foldershare.com
John Joyce, Ph.D.
John Joyce is the LIMS manager for Virginia's State Division of Consolidated Laboratory Services. He may be contacted at email@example.com.
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||ONLINE SCIENTIST|
|Date:||May 1, 2006|
|Previous Article:||The last temptation of Randy: reflections on Pittcon 2006.|
|Next Article:||Integrating the drug discovery laboratory: application of a rational approach to workflow automation can increase time for science.|