Mathew Schwartz has published this interesting list of steps to managing Google Desktop securely from an enterprise risk management perspective:
- Use an enterprise DSE Google Desktop is like instant messenger software: if you don't explicitly block it, it's guaranteed to be on some users' PCs, therefore consider centrally managing it. Desktop Search for the Enterprise, Google's administrator-controlled version, has a Group Policy control. It also enables centralized distribution and adds the ability to search Lotus Notes e-mails. Microsoft's WDS also offers centralized administration tied to group policies.
- Encrypt the index file To secure the actual Google Desktop index -- in case an attacker manages to grab it -- set the Group Policy preference to "encrypt index." Note this only works on NTFS volumes.
- Change the index file's location Beyond encrypting the index file, administrators can also change its default location, which makes it more difficult for an attacker to grab it.
- Disallow Google Desktop on PCs with shared login names For PCs with multiple users, Google Desktop creates a different index for each user, mitigating many privacy and sensitive information-sharing concerns. However, in organizations where multiple employees share a computer and use the same username and password, prohibit the use of Google Desktop. If you don't, each user's Web sessions will be added to a centralized index.
- Disable HTTPS indexing By default, Google Desktop indexes all cached Web pages, even if they're secure (HTTPS). Deactivating the "secure Web pages (HTTPS)" preference will prevent the indexing of sensitive information. Most other DSEs do not offer such functionality.