According to reports, Google is blocking some of its staff from accessing the internet in an attempt to enhance its cybersecurity.
Some employees at Google will have internet access from their desktop PCs significantly restricted, CNBC reports, with only internal web-based tools and Google-owned sites such as Google Drive, Google Maps, and Gmail accessible.
In addition under the pilot program, staff will not have root access - preventing them from running sysadmin commands or installing software.
On first hearing, it sounds like a sensible step which will harden the security of computers. If a Windows computer doesn't have unfettered access to all the ghastliness the internet has to offer, it may not only reduce the opportunities for malware to attack a device, but also stop workers from wasting time on social media, watching a live stream of a cricket match, or making online shopping purchases.
There is, however, a certain irony in a company whose whole raison d'être was the embracing of the internet to deny it to some of its staff.
Google's self-proclaimed mission, after all, is to "organise the world's information and make it universally accessible and useful"
How are you making the world's information "universally accessible" if you are blocking your staff from reaching it?
Furthermore, are you going to be successful in hiring the brightest and most talented staff to come work for you, if they feel that they are being prevented from accessing entirely legitimate websites that other companies would never block by default?
And what of your existing workers? Are they going to react well to being cut off from the internet? Will they believe that their employers don't trust them to behave in a responsible way online? Will they discover that it handicaps their productivity? Is it possible that it could be so frustrating for some that they find themselves seeking work elsewhere?
But maybe none of this happens if it eradicates cyber attacks. Only problem is, that although it may shield users from some of the attacks that target them, it won't entirely eliminate the possibility of a malicious attack succeeding.
Google is right to be worried about malicious hackers compromising the PCs of employees, and the risk that user data and company source code could be stolen. If such an attack were to succeed it could potentially snowball into a major incident, and undermine the trust of billions of users worldwide.
And maybe, yes, it is right to experiment with different techniques and methodologies that may reduce the chances of a hack occurring - but it would be a mistake to think that it entirely eradicates the threat, with the door seemingly still open for emails to be received and documents to be shared.
According to the report from CNBC, Google originally selected 2,500 employees to participate in the scheme but "after receiving feedback" from workers, it allowed staff to opt-out and asked for volunteers to participate instead.
That sounds to me like an admission that cutting off the internet is going to prove highly unpopular with many staff, whatever the merits may or may not be for reducing the threat of cyber attack.
"Ensuring the safety of our products and users is one of our top priorities. We routinely explore ways to strengthen our internal systems against malicious attacks," explained a Google spokesperson in a statement shared with the media.
Good for Google to explore ways to reduce the threat of hackers breaching its systems. I suspect, however, that this is a solution that will only be accepted by a small percentage of its workforce.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s.
View all postsDecember 24, 2024
December 19, 2024
November 14, 2024