Posted by: Eric Parizo
Cloud computing, Cloud Security
Google Enterprise desktop customers praise platform and tout security, privacy features.
NATIONAL HARBOR, Md. — Enterprise information security professionals, by nature, tend to be somewhat paranoid, especially regarding new and emerging technology. So to this observer it seemed somewhat surprising not only to hear two Google Enterprise desktop customers extol the security and privacy of the search giant’s enterprise productivity offerings, but also to watch about 200 of the attendees at Gartner Inc.’s Security and Risk Management Summit 2010 hanging on every word.
During a session today, Brian Bolt, lead systems engineer for the office of information technology at Boise State University, and Chet Loveland, global information security and privacy officer for MeadWestvaco, took to the stage to share their experiences migrating from Novell and IBM Lotus infrastructures, respectively, to the hosted messaging, calendaring and collaboration infrastructure provided by Google.
Loveland said his employer, a $6 billion global packaging firm, wanted to standardize its email and collaboration tools across geographies. His key privacy concerns were providing users unfettered access to corporate data – both email and shared documents — from virtually any Internet-connected computer, and offering the ability to sync with mobile devices not managed by the company.
The implementation was smoothed by focused end-user training, including “Google guides” who worked one-on-one in person with employees offering training and problem solving. Loveland said his organization had already outsourced email processing to a third-party provider several years ago, so there was little trepidation about moving to Google, though he did do his homework to make sure he understood how and where Google would store the company’s data.
Bolt, looking to move to a best-of-breed provider to manage email for his school’s more than 22,000 students, faculty and staff, was comfortable with Google’s security after pouring through its copious security process documentation, including the Google Apps admin help: Security and privacy page.
“Google’s security strategy revolves around hiring talented security professionals and building multiple wholly owned data centers,” Bolt said. Those data centers, according to Google, feature custom-built servers running a hardened version of Linux with no video cards, drivers, USB ports or any other service that could risk compromising security. ”These layered security practices span the physical and logical, and they hire the right people and install values of security.”
Google’s enterprise offerings include one product, a search appliance, and several hosted services including Google Desktop, Google Maps and Google Earth, and its Postini service for antispam and mail archiving. It has more than 1,500 employees focused on its enterprise business; it claims 20,000 search appliance customers, 50,000 Postini customers, and says 3,000 new businesses sign up for Google Apps daily.
Attendee Douglas W. Fee, director and IT security officer for the University of Kentucky in Lexington, said the discussion was helpful for him as UK considers the future of its Exchange-based email system. While it seemed notable that neither of Google’s featured customers migrated from an Active Directory-based Exchange system, a notoriously difficult platform to abandon, Fee was unfazed, instead eager to benefit from the reduced cost of managing email systems and storing their data.
As for the security and compliance issues, Fee said Google’s third-party attestations, like SAS 70 Type II, which it achieved last year, would likely be enough to convince most enterprise decision makers that Google is a viable option.
Still, there’s no question Google’s enterprise program is benefiting from what seems to be a rising tide for all enterprise services that live in the cloud. In terms of security, reliability and innovation, Fee said, “Google is setting the goal for the rest of the world.”