06:00 PM
Connect Directly

Google, Microsoft Online Apps Raise Security Questions

While the trend toward Web-based apps could send the traditional desktop computing model packing its bags, IT managers are just beginning to ponder how the security landscape might change.

With the launch of Google's hosted application suite earlier this week and the ongoing beta test of Microsoft Office Live, online application delivery appears ready to challenge the desktop computing model that has dominated since the 1980s.

But like the traditional desktop environment, Web applications have security problems. Last week, more than 60 new Web application vulnerabilities were found, according to the SANS Institute's latest @RISK bulletin. Compare that to the number of vulnerabilities found last week in Windows (2), Mac OS (2), and Linux (3), Internet Explorer (2), third party Windows apps (9), or cross-platform apps (16).

"Web applications tend to be written less tightly than other applications," says Alan Paller, director of research for computer security organization at the SANS Institute, though he notes that Google's code review process is probably more rigorous than that of an average online startup. Google's apps are not among those listed in @RISK as being vulnerable.

Douglas Merrill, VP of engineering at Google, acknowledges that the programming methodology for Web apps isn't as mature as the desktop application programming model. "Anytime you have a new piece of technology, you will find more problems with it," he says.

But Merrill also says that the SANS Institute's figures don't exactly represent an apples-to-apples comparison because they don't take into account the amount of time the software has been available. "After something has been out a while, that means you shouldn't be finding as many holes in it because you've found all the early ones," he explains.

1 of 5
Comment  | 
Print  | 
More Insights
White Papers
Register for Network Computing Newsletters
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Twitter Feed