It sounds like someone got ahold of a 6 year old copy of Google’s risk register. Based on my reading of the article it sounds like Google has a robust process for identifying, prioritizing, and resolving risks that are identified internally. This is not only necessary for an organization their size, but is also indicative of a risk culture that incentivizes self reporting risks.

In contrast, I’d point to an organization like Boeing, which has recently been shown to have provided incentives to the opposite effect - prioritizing throughput over safety.

If the author had found a number of issues that were identified 6+ years ago and were still shown to be persistent within the environment, that might be some cause for alarm. But, per the reporting, it seems that when a bug, misconfiguration, or other type of risk is identified internally, Google takes steps to resolve the issue, and does so at a pace commensurate with the level of risk that the issue creates for the business.

Bottom line, while I have no doubt that the author of this article was well-intentioned, their lack of experience in information security / risk management seems obvious, and ultimately this article poses a number of questions that are shown to have innocuous answers.

I think some of ypu are missing the broader takeaway from this release of information and the article. It’s not supposed to be some slam dunk hit piece that finally exposes Google as an evil and irresponsible company, but rather a showcase of what can sometimes happen to our data behind the scenes without our knowledge.

Big tech companies like Google want us to think that we can trust them to look after anything we put online, but the reality is that you can never be 100% sure that your data will be kept private and/or secure. Mistakes, bugs and unexpected circumstances can always arise. It is a good reminder to always think about what you’re doing online and whether you really need to be doing it.

Sign up for free access to this post Free members get access to posts like this one along with an email round-up of our week’s stories.