Computerworld

Taking the risk out of desktop search tools

While they increase employee productivity, applications from search vendors can pose problems for IT if not installed and managed properly

As more end users employ desktop search tools from Google, MSN and Yahoo, IT managers increasingly must establish policies, standardise tools and protect their networks from data exposure, compliance breaches and poor performance, experts say.

Desktop search tools make it fast and easy to searching client-systems data stores, multimedia files, application documents and email programs. However, these consumer-oriented tools also represent a potential risk to corporate networks if restricted files are shared or end users gain unauthorised access to improperly secured documents. Worse yet, some tools such as Google Desktop have features that let end users search across multiple computers by storing index information remotely on external servers. Although this type of software has features that let users exclude directories from the search domain, many might not do so without proper policies in place.

"There are a lot of consumer-oriented tools like Google Desktop that users want but which are not necessarily good for the business. And there are an increasing number of consumer products — such as iPods, cellphones, laptops and Zip drives — that can store enterprise data," says Peter Firstbrook, a research director at Gartner. To mitigate the threat of exposing critical data, Firstbrook says IT managers need to "get really good at software and configuration management so they understand what programs are in the computing fleet and get information that helps them understand the impact".

Desktop search isn't the first technology that end users have brought into the network that poses security and performance problems for IT managers. For example, instant messaging and peer-to-peer file sharing programs have prepared many network managers for the potential performance problems desktop search could represent.

Firstbrook says client-systems management software from vendors including Altiris, LANDesk and Novell help customers master software configuration management on desktops, but he recommends products such as Windows Defender Anti-Spyware as a good example of a tool to detect spyware.

Andrew Abramczyk, manager of IT information services within the operations and support department of Erie Insurance Group, says his experience with desktop search also gave him some experience with spyware — which in turn creates performance problems on the client machine.

"We have run into situations where people have downloaded and installed these search tools, and they have created some havoc — mostly with respect to spyware," Abramczyk says. "This in turn causes problems with the PC not performing acceptably, sometimes to the point where we have to reimage the PC. This is a particular sore point for my group; as the main support for the desktops, we have had to spend a great deal of time getting users' PCs rebuilt."

For that reason, Abramczyk says his company has a general policy restricting end users from downloading unauthorised applications and software. These can be detected quickly by comparing desktop images against his department's standard image. Yet for others, best practices dictate how IT managers should deal with desktop search downloads until they perform a full evaluation of the software available.

"Our current policy prohibits users from downloading software from the internet," says James Kritcher, vice president of IT at White Electronic Designs. "This policy exists to facilitate the orderly testing and deployment of software and patches in our environment."

However, industry watchers say the productivity benefits of desktop-search software could outweigh the risk in the long term. With appropriate policies in place, network managers could reap the benefits of desktop search without wreaking havoc on their network.

"From an audit perspective, desktop search is currently a thorn in the side, because it's new and a lot of products being downloaded are beta releases," Kritcher says. Now with Sarbanes-Oxley requirements to keep in check, he says policies that perhaps weren't as strictly enforced as necessary are now stringent and restrict the download of "disruptive" technologies on to corporate machines. Yet such polices don't restrict a potential standardised adoption of the technology by the IT department, following proper research and testing. The IT department also must stay open to the productivity benefits of a tool a majority of end users find relevant, he says.

"Desktop search seems to have a lot of momentum, and we won't be able to simply ignore it. We try to meet our compliance requirements without being a roadblock to solving a legitimate business need," Kritcher says. "There is likely a legitimate business need, considering the rapid proliferation in the enterprise. We would certainly want to standardise for the sake of simplifying application deployment, testing and user support."

At LaunchPad Communications, end users are not allowed to download and install search tools, but CIO Chris Holbert says the policy is in place to protect the network and give the IT department the time to perform an adequate evaluation of the tools. Holbert has a few requirements for desktop search he'd research for an enterprise-wide rollout. For instance, he says desktop search tools would need "Active Directory integration for group rights management, policy setting and administration" as well as integration with products that support an Open Security Framework for local and network firewalls, VPN and internet filters.

"To manage the environment and the introduction of new software, we have a process whereby we research and evaluate new products for compatibility with existing enterprise products and services," Holbert says. "This would include plans for who would need the new software and how we would install and maintain the software."