I’m a big advocate of cloud data security. Cloud service providers are, in general, better at security than their customers. So your data is safer in the cloud than it is on your local machine or network.
However, it doesn’t feel that way, does it? Yesterday a colleague showed me a cool plug-in for Google Sheets that creates simple GANTT charts using spreadsheet data. When I installed the plug-in, it prompted me for the permissions it needed to function. Take a look at the list on the right (click to enlarge).
- Know who you are on Google
- View your email address
- View and manage spreadsheets that this application has been installed in.
- View and manage the files in your Google Drive
- View and manage data associated with the application
- Allow this application to run when you are not present
- Connect to an external service
Numbers 1 to 3 are not a big deal to me. I’m happy to have this plug-in work on the files where I use it. Number 4 is scary: this plug-in can look at ALL my google drive files. Number 6 and 7 make it even scarier: this thing can run whenever it wants and connect to an external service.
This plug-in appears fine today. But tomorrow, an evil developer could change their software without telling anyone. The software could start to scan any of my Google Drive documents and send that data to an external service.
I’m going to do more research on these permissions and see if my concerns are real or just cloud paranoia. Stay tuned.