January 13, 2010, 8:58 AM —
"We believe Google Apps and related customer data were not affected by this incident," Google Enterprise President Dave Girouard wrote in a blog post.
The company said in a separate post Tuesday that the attack had resulted in the theft of some of its intellectual property, but that it appeared to have been designed primarily to access the e-mail accounts of Chinese human rights activists.
It also said that, as a result of its investigations, it discovered that at least 20 other large companies from a wide range of businesses were similarly targeted.
"This attack may understandably raise some questions, so we wanted to take this opportunity to share some additional information and assure you that Google is introducing additional security measures to help ensure the safety of your data," Girouard wrote, without specifying what Google will do differently.
He reiterated Google's mantra for cloud computing and Web-hosted software -- that while no one is immune to malicious hackers, Google is able to keep data safer than the average corporate IT department.
"Our response to this attack shows that we are dedicated to protecting the businesses and users who have entrusted us with their sensitive email and document information," Girouard wrote. "We are telling you this because we are committed to transparency, accountability, and maintaining your trust."
While every security breach, outage and data loss in the cloud raises concerns, people's faith in this model won't be rattled unless there is a sustained pattern of egregious incidents, said industry analyst Greg Sterling from Sterling Market Intelligence.
In this particular case, Sterling believes the potential political fallout will eclipse other concerns, such as the security and reliability of cloud computing, especially if the government of China is found to have been involved in any way.
"I think the political angle on this will be the stronger and more reported part of the story," he said.