Continuing its effort to differentiate its online applications from Microsoft Office though collaborative capabilities, Google on Tuesday made it possible to share calendars, documents, and sites among Google Groups members.
Google has been courting business users in an attempt to get them to switch from desktop productivity apps to Google Apps. Lightweight sharing, without the complexities of software like Microsoft sharePoint, has been one of the major selling points of Google Apps.
In a blog post, Jeffrey Chang, associate product manager for Google Groups, describes how a user might use a Google Docs spreadsheet to manage a softball team.
“You want all the players, but only the players, to have editing access,” he explains. “You already have a Google Group set up with the tournament participants, so you simply share the spreadsheet with the group itself, granting the group members permission to edit.”
Members who subsequently join the group will gain the editing permissions associated with the group and those who leave the group will lose editing permissions.
The benefit of this approach is that Google Apps data can be shared with large groups of people without having to manually enter e-mail addresses for group members every time something is shared.
The downside is that security isn’t as simple as sharing. For example, in March, Ade Barkah, founder of IT consultancy Blue Wax, published a blog post warning about potentially risky implementations of image handling and document sharing in Google Docs.
Specifically, he said that an image embedded in a document isn’t deleted when a document is deleted, that authorized viewers of shared files may be able to access revisions of drawings inserted in a document via the “Insert Drawing” feature, and that users removed from document access lists may, in certain circumstances, be able to regain access by reusing an e-mailed sharing invitation link.
Responding to Barkah’s post, Google downplayed the risks. In a blog post, Google Docs product manager Jonathan Rochelle details workarounds for the first two issues and explains away the third concern by noting that file sharers have access to a setting that prevents sharing invitations from being reused.
In other words, the security settings are there, they just have to be used.
While Google may have addressed the concerns raised by Barkah, it has yet to make protecting data as simple as making it available. And it will be surprising if it ever succeeds in doing so because sharing multiples the potential risks and the opportunities for user error.