Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Google, Microsoft Online Apps Raise Security Questions: Page 3 of 5

"I would be no more or less likely to consider a Web application like Google's Writely over say Microsoft Word," Friedman writes via e-mail. "The point is that both need to employ a certain level of security surrounding the application that would make it 'less vulnerable.'"

As an example, Friedman observes that Microsoft Word in a desktop environment may be capable of executing macros. "One can turn off macros as a security measure but the prudent backup measure is virus protection on the desktop," he writes. "If it gets past the desktop, enterprise-level protection is the next level that should be enforced. The situation is no different for a Web-based application; it just may have different levels of exposure that need to be taken in consideration."

Others, like Kevin Jaffe, director of corporate systems for Priceline.com, take a more cautious approach even while acknowledging that the software-as-a-service model represents the future. "Our culture from the beginning has always been let somebody else jump out there first," he says.

With Web applications, "you don't have the same concentric circles of deterrent," says Jaffe. "We're not so concerned about, say, certain vulnerabilities within certain Microsoft applications because there're three or four levels of security around this company that you've got to get through to begin with."

And Jaffe believes Web applications are potentially more vulnerable because specialized, application-specific knowledge isn't as necessary. "When you start dealing with Web-based applications, you've lowered the common denominator for the typical hacker," he says.