You are here

Why Security is Google's Achilles Heel

Google's launch of a new PC operating system on the heels of its announcement ending the "beta" phase for its popular gmail, Calendar, Docs and Talk applications, is happening in the midst of a new era where cyber-security has been made a new national priority and internet security breaches are increasingly serious and commonplace.

  • All this naturally puts a spotlight on Google's approach to security, because Google is becoming increasingly central to so many people's Internet experience.

An examination of Google's own public representation of its corporate philosophy and design principles shows security/safety is simply not a priority for Google. In many respects, security is viewed as a hinderance to, or a drag on, Google's over-riding goal of speed-efficiency.

In Google's philosophy statement, "Ten things Google has found to be true" there is no mention of the importance of security/safety to Google or Google's users.

#3 point on the philosophy list says: "Fast is better than slow:"

  • "Google believes in instant gratification. ... Who are we to argue? ... By fanatically obsessing on shaving every excess bit and byte from our pages and increasing the efficiency of our serving environment, Google has broken its own speed records time and again. ... And Google continues to work on making it all go even faster."
  • The point here is that maximizing speed often can be in opposition to maximizing user security and safety. 
    • At a minimum, the self-described "obsession" with speed distracts from ensuring users' security and safety.
  • Fastest can mean that they leap before they look, and that there is no time to pass through security protocols or filters to ensure bad things don't happen or get in. Everyone knows it is common sense that the faster one does a task, there naturally is a greater risk of a mistake, an accident, or danger.

In reviewing Google's publicly represented "Design Principles," it is remarkable that in listing Google's many design aspirations, there is no aspiration or priority on creating designs that are secure or safe. Either Google has made a mistake in its design principles which have been posted for years, or user security and safety are not considered by Google to be "Googley" aspirations.

  • Principle #2 of the "Ten principles that contribute to a Googley user experience," is: "Every millisecond counts."
    • "Nothing is more valuable than people's time. ... Unnecessary clicks, typing, steps, and other actions are eliminated. ... Speed is a boon to users. It is also a competitive advantage that Google doesn't sacrifice without good reason."
  • "Nothing is more valuable than people's time." Wow. What about people's security and safety -- could that possibly be more important than their time?

My very simple point is that Google is out of balance in its publicly represented philosophy and design priorities in that it puts speed-efficiency above most everything else and clearly above security/safety, which doesn't even warrant a philosophy/design principle mention for the last several years.

It may not occur to Google, but security and safety occurs to, and matters to people.

  • That's why security is Google's Achilles heel.