Sunday, December 26, 2010

Who Watches the Watchmen?: Google Apps Governance to Protect Private Docs from Administrators

My Company is currently in the process of moving a good deal of our documents over to the Google Docs interface from the various places within our on-line HR system, which we'll be moving away from in the beginning of 2011.

While these documents are mostly public company documents -- forms, templates, etc. -- there is a growing requirement for the ability to store more sensitive company information. We're not talking sensitive financial data or anything, but department-level and project-level documents that should be accessed only by people in those respective groups.

I'm 90% of the way to a solution using group permission assignments, permission inheritance, etc., but one question remains...how do I protect those private docs from me?

While I can personally vouch for myself, there is now way for my company to guarantee that another administrator (or I, for that matter) -- as administrators of the entire structure -- won't abuse our "trickle-down" admin privileges on the documents, especially if we need to administer or support them. Group-based access is great, except the admins are the ones assigning the groups.

This is a pretty big sticking point. Has anyone had experience like this with Google Docs, and if so, do you know a way that (as the Counting Crows put it)I can "keep myself away from me"?

Feel free to leave perspectives / solutions in the comments. I'll update this post if/when I find a solution, and will certainly give credit where it's due. :)