Enterprises often reject Gmail and Google Docs because they can't
control crucial security aspects such as where data is stored or how email is used, but despite
appearances Google is open to a little quiet negotiation.
Google's approach to building the user base for Gmail and Google Docs
has been to promote the software to individual users while largely neglecting the more complex
needs of business users. As such, the services allow relatively few options in the area of defining
security controls, with a clear emphasis on open access rather than meeting business or regulatory
needs.
"Google is looking to capture the next 2 billion users and it has to
have a very consumer-oriented strategy," Gartner analyst David Mitchell Smith said at a
presentation at Gartner Symposium in Cannes last week.
"Part of what they're doing here in general is trying to be the
champion of the individual as opposed to the establishment. It is a critical part of what Google is
doing and it's part of the pattern of them providing value to the user and not worrying about the
impact on the enterprise.
Whatever you think of that as a business development strategy, it's
not very helpful when you're trying to maintain and enhance existing IT security
policies.
"The cavalier attitude is a big issue," fellow Gartner analyst Tom Austin said. "If you go
with Microsoft, you know that there's a waterfall design process. What do you get when you go to
Google? Fortnightly you check the blogs. You have a little bit of control over the way new features
emerge for your users, but very little."
However, despite appearances, Google will sometimes negotiate
additional security features for large enterprise customers using Google Apps Premium Edition
(GAPE).
"We hear tales from clients about little things they'll do," said
Austin. "In some places, they're essentially limiting all mail read traffic to specified addresses
only so you have a higher level of security." Other customers have managed to negotiate data
storage rules so that information is not taken offshore, he said. "That's not a standard offering,
but our indicators say that they're doing it.
Austin also points to Google's recent move to provide a "government
cloud" to attract US federal government business as evidence of a slight shift in mindset.
Nonetheless, there are definite limits to what you might persuade
Google to alter. "There's not a lot of negotiation going on with regard to service level
agreements," Austin said. "There is negotiation with regard to special features."
While Gartner argues that security and functionality concerns mean
that Google is unlikely to replace on-premises services in any of these areas in the near future,
it does recommend running pilots to assess their usefulness in specific areas.
"We are at a point where a lot of the web versions of software are as
good and in some ways better," Smith said. "You want to have a bit more of an open mind around
these things. A lot of these approaches are good enough."