Organizations do need a formal policy on desktop search, just as they do on wireless and instant messaging
Desktop-search tools have become one of the industry's hottest trends, promising to extend the ease of searching for Web pages to the finding of hard-drive files and data. While end-users may jump at the chance to uncover their lost e-mails or past Web page visits, analysts and IT executives are warning enterprises to think twice about desktop search because of its potential to reveal personal and confidential information on corporate computers.
The problem, they say, isn't necessarily the technology behind desktop search, but rather the unintended consequences of being able to instantly locate previously hard-to-find data such as e-mails and cached Web pages. The retrieval of Web history is the biggest cause for concern, said Timothy Hickernell, a vice president at IT research company The META Group Inc. Hickernell issued a client advisory last month warning IT departments about the risks of desktop search.
In particular, Google's desktop search client, released in a beta in October, can index cached Web pages, including pages from secure sites that display corporate data from Web-based enterprise applications or personal information such as financial-services accounts and medical records.
IT departments should even consider barring consumer desktop-search tools on corporate machines if they are not willing to investigate their risks, said James Governor, principal analyst at RedMonk, based in Bath, Maine. Unmanaged use of desktop search tools could expose enterprises to regulatory violations around privacy laws and the federal Sarbanes-Oxley statute, he said.
The reality is that the desktop search tools coming from Web search providers are largely intended for consumers and not for enterprise environments, Hickernell said. Yet a spate of users downloading them could indicate a real need for enterprise-class desktop search within an organization, he said.
Via Desktop Search: The Ultimate Security Hole?