Enterprise Software

Poll: Would you trust Google with your company's Exchange Server data?

Google now has a plug-in that allows Google Apps enterprise customers to access their mail, calendars and contacts with Microsoft Outlook, making Google a legitimate Exchange replacement. But will IT leaders entrust their data to Google? Take our poll.

Google now has a plug-in that allows Google Apps enterprise customers to access their mail, calendars and contacts with Microsoft Outlook, making Google a legitimate Exchange replacement. But will IT leaders entrust their data to Google? Take our poll.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

27 comments
tbennett
tbennett

No, But I do not own the company. And yes we are using gmail... Hope my email is safe mentioning how much it sucks..:>)

CG IT
CG IT

Google isn't HIPAA compliant, I doubt that educational institutions could use it and meet regulatory requirements, and I just get this gut reaction of ugh! If Ma.nolia is any example of cloud computing, no

klion2000
klion2000

I think we can not say trust at this time. We have no enough date to decide to trust him or not.

K_Green
K_Green

... those of you who answered the same, are you therefore encrypting all emails that cross the public Internet to your business partners? If not, then your concerns about Google (data mining, etc) are legitimate, but you are fighting a grass fire while a forest fire rages around you. Normal cross-domain email traffic will touch any number of 3rd party servers. Even a partial email can be data mined if intercepted. Likewise, the laws such as the aforementioned UK Data Protection Act are equally assinine for the same reason. It would be unreasonably difficult to point to where every single SMTP email was (much less the individual TCP packages) once it left the sending and receiving points. (Unless, of course, we want to return to the days of bang-addressing each email. Please reference UUCP if you are unfamiliar with this.) So why did I vote no? Because when you give up responsibility and control of basic infrastructure services, you are a hostage to someone else's business plan, disaster recovery plan, maintenance schedules, etc. That presents an unnecessary and unwise risk to your own business continuity. If you are prepared to take that risk, your SLAs better adequately compensate for lost revenue. And your service contract better adequately cover proprietary data access & disclosure. The devil's in the details. Something tells me Google has lots more devils looking out for their interests than anyone who would use their service. At least if you maintain your own basic infrastructure services, you have noone to answer to except yourself for your successes and failures.

andy
andy

Some good points brought up in comments. I would trust them in so far as not losing my data, but I wouldn't trust them to not datamine, sell the info, or maybe someone could break in and steal my data. But the biggest reason is the big brother aspect. Didn't they give up a chinese blogger to the govt? Correct me if I'm wrong. I actually talked to a google rep at a conference in Las Vegas about this in 2006. They didn't seem to have a problem with doing that. As far as data archive and retrieval, we only trust ourselves. When we have to use 3rd parties temporarily, it's all encrypted.

Datacommguy
Datacommguy

In the long run, the $$$ will win as non-IT management chooses the direction IT will go. But for now, most IT managers aren't willing to put their jobs on the line for critical functions that have been outsourced beyond their control. And... there's always security to consider. As has been discussed earlier, some of the security aspects of outsourcing may violate privacy or national security laws - or at least open a gray area that most IT mangers aren't willing to risk.

Systems Guy
Systems Guy

I wouldn't trust anybody with my data, company or personal. Accidents happen and lets not fool ourselves, some of those go unreported.

Jeff Mowatt
Jeff Mowatt

Let me extend the question. Would you trust Google with your reputation? I'm in the unfortunate position of having not one but 3 anonymous smear blogs about me hosted by Google and they've refused to respond to complaint for 3 years now. Imagine how this scales up. Jeff Mowatt

CharlieSpencer
CharlieSpencer

"HELL, NO!". And no other third-party web-based e-mail system either.

Scott Lowe
Scott Lowe

I answered no to the poll since there was no "hell no" option. Here's my take: Google has to make money. Gmail is not free. Google's storage is not free. It's paid for with advertising. In the case of the Premier service mentioned above, it's paid for with a $50 per user per year charge. Yes, this charge is, in many cases, less than what would be necessary for Exchange and related storage and licenses, but is still a cost. Google definitely has scale and mindshare for many people that want to move to the cloud, but tread cautiously.

maclovin
maclovin

Should They? NO Will some idiotic CIOs? YES This is the case. Some CIO/Management Entity will hear about this "great new idea" to store things on google rather than using their own Exchange Server. Next thing you know, all you company's pertinent business information is out there on a server you'll never be able to have direct access to. For me, that's just frightening. Even if I had a Co-Lo at an ISP or such, I could still go in/remote in and check on said server anytime I wanted.

Juanita Marquez
Juanita Marquez

Perhaps not CIOs, but C**'s of some flavor will get a taste of the idea that it will lower costs (which is always good, right?) without looking at the real-world, end-user experience/security/tradeoffs/etc. and push for it. Having worked for a number of C**'s, VP's, Directors of *** and so on, I know that they are driven by the bottom line and many times, not reality. I always joke that one day one of them will walk up and say "Hey! We're using too many keyboards! What if we cut off all of the employees' hands, that way there will be less wear and tear on the keys and you won't have to spend the money to replace them as often or even buy them in the first place? Then the stockholders will be happy and I can get my big bonus." Having worked also for smaller outfits, I long for that Neverland of yesteryear in which bosses and management care about their employees as much as making a profit.

Zeplenith
Zeplenith

I have two reasons for voting no. While I use GMAIL for personal email and do not want to anger Google here is my concern in a nutshell. (1) It is my understanding that Google data mines to generate revenue. If I am wrong than to Google, I apologize. I would not feel comfortable placing sensitive information into those well meaning hands. (2) Where is the data stored? Are they SAS-70 certified? 99.9% Uptime just isn't good enough for my organization.

robo_dev
robo_dev

I would really, seriously doubt that Google is going to do data-mining on customers private email data. This breaks sooo many laws, service agreements, etc. The misperception here, in opinion, is that somehow having Google host a data service is leaving it wide open for the whole planet to discover. In reality the security/privacy of their data model is somewhat interesting and unique, in that it relies more on data structure and distribution than on building stronger encryption and access controls. It's both brilliant and scary as hell at the same time, IMHO. http://www.csoonline.com/article/492967/Cloud_Security_Danger_and_Opportunity_Ahead Google has SAS-70 certified everything, and has a very interesting approach to computing (they build their own servers, their data centers are all 'container based'). In the end it's all about trust. In my view, Google has a radical, ambitious, and unique approach to cloud computing. Is it secure? I think it is, but time will tell, and earning the trust of users will take time.

Deadly Ernest
Deadly Ernest

in the internet, thousands of connecting cables, government interception systems like Echelon, and who know what laws on who knows where they finally store it.

Juanita Marquez
Juanita Marquez

Re: point 1, I know people who know people in the market research industry, and some of the stuff that happens there is frankly frightening. I am completely with you on the data mining thing. Call me paranoid but there is already enough out there that can be and is determined strictly by someone's zip code, not to mention when that would be tied to cookies, web beacons, stored passwords, stored form data, unsecured home PCs, hacked networks, and whatever other things can and will be merged in the future. Then again, I seem to have the anti-cool detection gift...if I say something's a silly idea, it becomes The Next Big Thing. So maybe it's on its way up in doability as we speak!

millsy17
millsy17

When it comes to Google Apps Premier (the business version), Google contractually states that they are not mining your data. The consumer products may be different but no business would sign up if this wasn't clearly stated (Google has had some reasonably impressive companies including the city of Washington DC and Genentech sign up). On the 2nd point, they are SAS 70 Type II certified. When they purchased Postini a few years ago it really raised their credibility in my eyes. Postini has been successful in this space for years and clearly understands what they're doing.

Deadly Ernest
Deadly Ernest

great in theory but totally impracticable with the current technology and in violation of numerous laws at the moment. Yes, I can see cloud computing for a mini-cloud within an organisational structure, but not across the Internet per se, except for private individuals prepared to take some risks. For a news reporter concerned to take his laptop into a country, he can use an Internet cafe and cloud computing to prepare and lodge his reports. But he takes the risk of that international photography there was a report on lately - two years work because the cloud computing organisation where he provided the public with access to a lot of his work was closing down and he had only forty-eight hours notice, like the thousands of others using the service. As he said, he has the originals and set it all up again, but the way he'd grouped them and made displays in their environment - hundreds of hours of work sorting them - is all gone as he couldn't get in to recover them in the small time frame provided. I wonder how many people didn't have copies off that site and lost it all. There are just way too many risk factors for cloud computing to be a viable option with the current level of technology. And that's regardless of if you do or do not trust the Google people with the data and to look after it properly. Look how many people trust the various government agencies, and how often those same agencies bite people. I saw a story about objects denied on planes recently. According to the article, several months back a well known US Senator was refused access to a public plane because he was carrying an object the Homeland Security people declared dangerous and they got pissed when he refused to let them confiscate it. The object, he was taking it to a big meeting of boy scouts in his home state and was going to show them his Congressional medal of Honor - until DHS said it was a dangerous object. And we all know we can trust DHS to do the right thing all the time, can't we. Well, the same applies to Google and all their staff.

millsy17
millsy17

I've been at multiple companies where I know for a fact that administrators read people's emails. They got fired but the problem was swept under the rug. Google has a lot more to lose than that admin. I kind of compare it to the perception of safety when comparing flying vs driving. When a plane crashes its on the front page of the NY Times so everyone flips out. But cars are statistically safer. Why do people think driving is safer? Because of the common fallacy that there is a direct correlation between control and safety/security. I don't keep my money in my mattress, I do my banking online and I buy many things from amazon. I think its inevitable - it will take some longer than others to adopt but in the meantime the early adopters can reallocate email administrators to something more strategic than spam, patches and upgrades.

Deadly Ernest
Deadly Ernest

or the day after, let alone a few years time. The real question is, will the data be safe from others.

The 'G-Man.'
The 'G-Man.'

is not compliant with standard web accessability laws.

Deadly Ernest
Deadly Ernest

in many countries for violation of various laws on privacy and data security.

Tom-Tech
Tom-Tech

In the UK the Data Protection Act states that you must be able to disclose the location of your data, i.e. at any given moment you at least know what country is. I'm pretty sure Google don't do this as they aren't exactly forthcoming with the locations of their datacentres and the data belonging to a specific company probably shifts between a few of them anyway. So what do I tell the authorities? "oh email? yeah, it's in teh cloud, don't worry about it mate" Despite this, there are quite a few well known companies here that use Google for their email, I'd be interested in knowing how they get around this.