Search Engines in general and Google in particular know a lot about everyone. Moreover, Google can learn about you without you ever having used their services. They know what they know because people choose to trust them. But in fact, Google is quite draconian in their policies and approaches to identification, profiling and tracking of individuals and organization along with associated interests, behaviors, and relationships.
Google offers many services, of which the vast majority are free such as Search, Safe Browsing, GMail, Apps, Docs, Maps, Wallet, Voice, Android OS, DNS, etc. It is worthwhile for Google to offer these free services so it can continue to identify, profile and track users.
Google is a relationship of convenience for users, but people and organizations should understand that Google has made it clear they intend to own your data regardless of its legality or your desire for privacy. Google's actions clearly show that it operates with impunity. From reading your emails and voicemails, collecting data from personal wireless networks, online book publishing without permission and use of third party applications, Google's intent is demonstrated through their track record.
Moreover, most organizations have absolutely no idea what data is leaking to Google. And since Google has no delete button and a minimum 18 months retention policy with no maximum, organizations have no sense of how much data is sitting on Google's servers. They have no mechanism to even track this. However, everything Google collects is public, by virtue of content or criteria. This makes all of your data accessible by content and/or criteria. In fact there is a whole industry devoted to this -- Search Engine Optimization (SEO). However, what happens when the SEO's priority shifts from page rankings to uncovering an organization's vulnerabilities or competitive business plans? These are Blackhat SEOs.
How can organizations understand the extent of this threat and mitigate it? By leveraging both technologies and methodologies.
Today Search Engine Data Leakage Prevention technology is available to identify which specific Google applications and services are being used within an organization. Once identified, these applications, services and even file content can be blocked or logged. This offers the ability to, for example, allow Google Search without allowing Google Safe Browsing. The same holds true for the balance of Google's services.
Additional technology exists to account for SSL and encrypted traffic--i.e. traffic that circumvents organizational security. Simply by utilizing HTTPS, any user or site can bypass any perimeter security controls organizations may have in place. This technology can enforce global security policies on all traffic including SSL or IPSec encrypted traffic and provide visibility into all traffic, which includes SSL encrypted Google traffic.
Sign up for CIO Asia eNewsletters.