TechHui

Hawaiʻi's Technology Community

Two months ago we moved our last customer still running their own email server to Google applications. As we have seen with our other customers, there was a short stressful period as they adjusted, followed by great satisfaction as they moved from using Outlook to Gmail's web UI. It starts with one or two employees discovering the power of live collaboration on spreadsheets or simple document sharing. They become internal evangelists, and pretty soon the whole organization is realizing productivity gains.


In some cases it takes a year or more of gentle nudging to get an organization to make the switch. Customers in areas such as finance and healthcare take the longest. They are understandably nervous about the security of their data. The idea of their information being held in a nebulous, hard to visualize cloud is scary. The fact of the matter is that in every case we encounter, we are moving them away from set-ups that feel secure, because they are easy to understand, but are in fact for more vulnerable to security violations and data loss. It may be comforting to know that your email is on a box you can identify in your company's server room, but who has access to that room? Is it physically secure? Who is in charge of backups? Is he or she a highly trained specialist with a well documented geographically redundant and regularly tested backup system in place? Even if the answer is "yes" (which it never is) the followup question is, "Is this cost effective?" Of course not.


With services like Google Apps and Amazon's EC2 reaching maturity, it really doesn't make sense for most companies to host their own email, file servers, web servers or web applications. Google is a $120B company with everything to loose if they suffer even one serious security breach or lose critical business data. They know this, and they have taken extraordinary efforts to ensure this doesn't occur. Their systems and processes have passed a rigorous independent SAS 70 type 2 audit. Anyone who has visited one of Google's facilities knows they are fortresses with multiple levels of physical security and military-like protocols. There are no engineers hanging out with their girlfriends in the server room. There are no casual visitors leaning on the racks. Google's network and application security people are among the best in the world. If you think your email is more secure just because you know where your server is located, whether its in your own office's server room or Joe's Auto Parts and Mail Hosting, I assure you, you are wrong.

The reliability and risk factors of the large SaaS providers are becoming utility-like, akin to providers of electricity and phone services. Of course there are still hiccups, just as we have with any other utility (yes HECO, I'm looking at you), but not nearly as many as you are likely to encounter with a server tucked away in the corner of your office. Its easy to make the technical, financial and security arguments for using established SaaS vendors. I've been in many situations where a decision maker agrees with all the arguments but still can't bring himself to make the move. It takes time to get comfortable with the abstraction of software services from their physical origins. Our children will find this as amusing as we find survivalists that live in caves, generate their own electricity and poop in buckets. For now, we just need to do our best to educated the business community about the advantages of letting the professionals at Google, Amazon and Salesforce.com handle their critical data and application needs.


Ikayzo - Design • Build • Localize | Web • Desktop • Mobile

Views: 126

Comment

You need to be a member of TechHui to add comments!

Join TechHui

Comment by Daniel Leuck on February 11, 2010 at 9:53am
In late 2008 Google
posted the results of a comprehensive study by the Radicati Group regarding the reliability of Exchange, Lotus Notes, GroupWise and Gmail. They found that while Gmail averaged less than 15 minutes of downtime per month (almost all of which came from one outage in August of 2008), companies using on-premise email solutions such as Exchange "...averaged from 30 to 60 minutes of unscheduled downtime and an additional 36 to 90 minutes of planned downtime per month." Exchange was the worst offender of the lot:
We are having
a discussion about Google Apps at the Plaza Club today at 11:30.
Comment by Light Maleski on March 3, 2009 at 10:12am
Haha! You are correct sir!
Comment by Daniel Leuck on March 3, 2009 at 10:10am
Light: I notice at least one tech here in Maui decided to set someone up to a google account tied to his own personal google account. That was very bad professionalism.
I agree, but this has nothing to do with using Google vs. local hosting. As you rightly point out, he should have provided all relevant account credentials to the customer. They paid for it, and its their property.

Light: I agree that google's services are very stable and many systems can't even shine a light to it. However, they still reserve the right to do whatever they want, whenever they want,and they will have your data.
I have to call you on this one. Google business applications, which is what you should be using if you are setting up business email, has a service agreement that states in section 7.1 "Each party will: (a) protect the other party’s Confidential Information with the same standard of care it uses to protect its own Confidential Information." Google is not going to play fast and loose with your business data. If they did this to even one customer, their business application revenue would evaporate and they would open themselves up to litigation.

Light: Also, many companies that have cloud based computing have provisions in their ToS that gives them legal use to any of the data on their servers.
You are talking about free consumer focused services. No major business SaaS provider (Google, Amazon, Salesforce.com, etc.) has such a provision. If they did, no business would use them.

Light: Not too long ago, a certain VP candidate had her gmail account hacked (not getting political at all here). If someone who has protection from the secret service is vulnerable, you are too.
That was due to a weak password on a personal account. It has nothing to do with Google's security. If your password is palin123, no one can help you, not even Google :-)
Comment by Light Maleski on March 3, 2009 at 10:03am
Oh yeah, to rebut one point about multi-billion dollar companies going down without notice. I would like to remind all that we saw a lot of this happen pretty quickly last year. Granted, Google is in a totally different sector, but never say never, as they say. Remember that money is more or less a figment of everyone's collective imagination and it's value is extremely mutable, and not usually in a favorable way.
Comment by Light Maleski on March 3, 2009 at 9:36am
I always set up my clients as if there is a chance I will never see them again. Of course, not because I think they won't call me, but because unforeseen circumstances at some point may make me unable to make the call. I notice at least one tech here in Maui decided to set someone up to a google account tied to his own personal google account. That was very bad professionalism. When I went in to clean up his mess, I had to call the guy to get access to his account so I could recitfy the situation. That should never happen.

I agree that google's services are very stable and many systems can't even shine a light to it. However, they still reserve the right to do whatever they want, whenever they want,and they will have your data. I know their motto is "don't be evil", but it's still a company with a bottom line and future projections. Anything can happen.

Also, many companies that have cloud based computing have provisions in their ToS that gives them legal use to any of the data on their servers. Unless you are paying for the system, you should not expect your data to be secure, whatever they "say". If you have sensitive or proprietary data, no solution can replace the security of having a physical sever in your presence behind lock, key, encryption, and strong passwords. Or read the TOS very very very carefully and throw caution to the wind.

Not too long ago, a certain VP candidate had her gmail account hacked (not getting political at all here). If someone who has protection from the secret service is vulnerable, you are too.

I guess the main point is to not get too dependent on someone else's "free" services without having a contingency plan. For the record, I highly recommend people use a gmail account in conjunction with their domain based account, in addition to using a multiple email strategy to ward off spam in addition to the free POP3 and IMAP functionality. Main mail for business and correspondance with flesh and blood people. A secondary gmail account to register at websites and place orders online and such.
Comment by Daniel Leuck on March 3, 2009 at 4:35am
Light: The one problem with SaaS as I see it is that the Service can be rescinded at any time. If the company folds, there goes your email and all your data and they aren't liable as per their Terms of Service.
I think we all accept that there is risk in any strategy, and as you rightly point out, its always good to have backups. The question is, which strategy is the least risky, and how can we mitigate that risk? It is highly unlikely that Google is going to suddenly decide to shut off your email account and erase your data. It is also highly unlikely they are going to suddenly go out of business without you having time to migrate your email and documents. $120B companies don't suddenly disappear without warning. It doesn't make sense to spend large amounts of money planning for these scenarios, especially for a small or medium size businesses. Planning for occasional outages makes sense, but you need to do this for locally hosted systems as well.

On the other hand, its reasonably likely that your computer guy will leave or get fired. It also reasonably likely that at some point your hardware will fail and you will discover your backup systems aren't perfect. The same is true for your physical, network and application security being violated by an outsider or someone within your company.

Light: For anyone relying on SaaS like Gmail and other cloud based apps, a good backup strategy for sensitive data is highly recommended.
A good backup strategy is always recommended, but even more so if you are hosting locally rather than using a well established SaaS provider. Locally hosted systems are almost always less reliable and more prone to security issues.

Light: With the recent failure of Gmail highlighting exactly what the problem is with relying on such a massive system with so many users.
No system is perfect. Last I checked, Gmail still had 99.9% uptime. I don't know many local businesses that can make this claim about their internal systems.

re: Having a backup email system completely distinct from your primary email

I agree. This is always a good idea.
Comment by Light Maleski on March 3, 2009 at 1:34am
The one problem with SaaS as I see it is that the Service can be rescinded at any time. If the company folds, there goes your email and all your data and they aren't liable as per their Terms of Service. For anyone relying on SaaS like Gmail and other cloud based apps, a good backup strategy for sensitive data is highly recommended. Setup gmail accounts as POP3 to download local copies of critical communications or simply for archives. This goes for any system that is based in a Data Center somewhere. With the recent failure of Gmail highlighting exactly what the problem is with relying on such a massive system with so many users, it is important to have a fallback communications strategy.

Case in Point - My own Datacenter based webserver took a dump this last weekend, effectively disabling email associated with all the domains hosted on the server until it was brought back by system engineers early Monday morning. If I didn't run my Gmail account in parallel, I wouldn't have had a much harder time communicating with people and sending out my own critical notices and messages.

Too much dependence on one company or system is a recipe for a hair ripping day sometime in the future.
Comment by Peter Kay on February 19, 2009 at 10:10pm
And if this society was run by programmers, a woodpecker could destroy civilization! :)
Comment by Daniel Leuck on February 19, 2009 at 10:26am
ROFL! I think this wins TechHui's quote of the month.

Konstantin Lukin: If this society was a huge operating system, we seriously need to re-consider its architectural design, resource utilization and garbage collection... :)
Comment by Konstantin A Lukin on February 19, 2009 at 10:22am
Cloud computing is the future. One can not run away from it. The only question is time.. The truth is, there is a group of people in every organization that are responsible for email setup, software updates, desktop configurations, etc.. All that can go away with cloud computing. How about that for saving precious resources? More and more companies are starting to realize this, especially new age resource hungry ones, that they need to leverage and capitalize on these opportunities. Based on these 'psychological' barriers, every organization keeps recreating the wheel, and the sad truth is, we are the ones who are paying for it.. when we buy groceries, cars, houses, insurance, etc..

By transcending these barriers, things could be cheaper, more technologically advanced, have better usability and lesser environmental impact. As a society we need to move quickly, to make sure that resources of this planet do not run out before it is too late.

If this society was a huge operating system, we seriously need to re-consider its architectural design, resource utilization and garbage collection... :) It all starts with making sure that we are not recreating a bicycle over and over again.

In design pattern language, this would probably be called a Factory?

Sponsors

web design, web development, localization

© 2024   Created by Daniel Leuck.   Powered by

Badges  |  Report an Issue  |  Terms of Service