Google’s New Security Pilot Program Will Ban Employee Internet Access

A large Google logo is displayed amidst foliage.

The Internet is dangerous, so what if you just didn’t use it? That’s the somewhat ironic recommendation Google, one of the world’s largest Internet companies, is making to its employees. CNBC’s Jennifer Elias reports that Google is “starting a new pilot program where some employees will be restricted to Internet-free desktop PCs” while they work. An internal memo seen by CNBC notes that “Googlers are frequent targets of attacks” by criminals, and a great way to combat that is to not be on the Internet.

Employees of major tech companies are a much richer target for criminals compared to normal people. Tech company employees have all sorts of access to sensitive data, and compromising a single employee could lead to exploiting sensitive infrastructure. Just last week, Microsoft was targeted by a Chinese espionage hacking group that somehow stole a cryptographic key to bypass Microsoft’s authentication systems, giving it access to 25 organizations, including multiple government agencies.

The report says Google’s new pilot program “will disable Internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail.” This was originally mandatory for the 2,500 employees who were selected, but after “receiving feedback”—we’re going to assume that was very enthusiastic feedback—Google is letting employees opt out of the program. The company also wants some employees to work without root access, which is common sense for a lot of computer roles, but not really for developers, who are used to being able to install new programs and tools.

Being banned from the entire Internet would be tough, but Googlers in the high-security program will still get access to “Google-owned websites,” which is actually quite a bit of the Internet. Google Search would be useless, but you could probably live a pretty good Internet life, writing documents, sending emails, taking notes, chatting with people, and watching YouTube.

It would presumably still be possible to be emailed a virus attachment, but that would have to get through Gmail’s filters. Blocking the non-Google parts of the Internet would prevent most phishing attacks, attempts to download malicious code, and attempts to funnel data to some evil server.

READ MORE HERE