Home Google’s Internal Security Breach Raises Questions About Trust and the Cloud

Google’s Internal Security Breach Raises Questions About Trust and the Cloud

Gawker reported earlier this week that David Barksdale, a 27-year-old Google engineer used his internal clearances to access users’ accounts, including the information of four minors. “It’s unclear how widespread Barksdale’s abuses were,” says Gawker, “but in at least four cases, Barksdale spied on minors’ Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her.”

A Question of Trust

As creepy (and criminal) as this incident is, more troubling, perhaps, is this quotation in the Gawker article from another former Google employee, who says that Site Reliability Engineers like Barksdale have unfettered access to users’ accounts for the services they oversee: “The company does not closely monitor SREs to detect improper access to customers’ accounts because SREs are generally considered highly-experienced engineers who can be trusted, the former Google staffer said.”

Google has confirmed the story and has fired Barksdale, but won’t discuss the case in detail. In a press statement, Google says that “We carefully control the number of employees who have access to our systems, and we regularly upgrade our security controls-for example, we are significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective.”

What Oversights Are in Place?

On one hand, these sorts of incidents can happen anywhere. Security breaches are threats in any organization. But of course, on the other hand, this is Google, a company that has access to an incredible amount of our personal data. Google is making great strides in moving governments and schools to the cloud, both groups bringing with them unique rules and regulations (such as COPPA) about the protection of private information.

The incident also reflects on the steps that may need to be taken to address not just internal security threats, but those threats to one’s cloud service provider. Gartner’s Neil MacDonald writes today that cloud providers should be held to a standard that’s even higher than those required to maintain internal standards and integrity because in the cloud “the impact of the lapse [in security] is magnified.”

MacDonald points to the Cloud Security Alliance’s Cloud Controls Matrix as one resource for thinking through some of the considerations for developing better security standards. And while the firing of the Google engineer may be simply a bad PR incident for Google (“Have fun explaining this to parents” as schools transition to Google Apps, writes Funny Monkey‘s Bill Fitzgerald), it does raise the spectre once again for cloud computing that it’s somehow a less secure IT solution.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.