Last week, Ben Kepes of Forbes wrote a piece entitled Google Shoots Itself in the Foot. Again. In the article Kepes writes that Google’s approach to the cloud market, and specifically its CIO Ben Fried’s statement that Dropbox is less secure than Google Apps, is somehow indicative of a PR blunder.
The supposedly tone-deaf quote came from an interview with All Things D that Fried gave in early October. He stated that as Google’s CIO, he understands the “potential of consumer technologies and collaboration to transform the enterprise”, but is aware of the risks that consumer-grade technologies have when used at enterprise scale.
Kepes claims that Fried’s mistake was saying that “The important thing to understand about Dropbox, is that when your users use it in a corporate context, your corporate data is being held in someone else’s data center”.
With respect, this is not a blundering admission that Google is deficient, or that there is an issue with “the very proposition that [Google’s] band of merry enterprise sales folks are using to try and sell Google Apps to all those customers out there”.
At CloudLock, we obviously work with a wide range of organizations that are actively making the decision to go with Google over Dropbox or other cloud providers. There is an important and perhaps overlooked detail here: when users self-select any such provider, corporate or enterprise data is being externally stored in a data center over which the enterprise or corporation has no control. What differentiates a consumer from enterprise ready vendor is the set of security controls available for the platform, the maturity of its relationships with its partners, and its track record for security.
In fact, by noting was that “someone else’s data” center isn’t merely a point about data residency but rather one of data authority and stewardship demonstrates a high degree of maturity on Google’s behalf. Recognizing that Google isn’t responsible for ensuring third party vendor security isn’t a face palm moment. This is no different from Microsoft (whom the reporter mentions) not being responsible for the security of apps run on laptops by users — IT has traditionally needed to source anti-virus, anti-malware, and threat management software not because there is a fundamental flaw in allowing users to run apps, but rather, because some apps are poorly or even maliciously written.
Google’s infrastructure allows for the marriage of cloud computing as a platform with a real, robust, and user-centric app model and third party security controls, while ensuring that the logical and infrastructure-level security needs are being met by Google themselves. No other vendor does this; suggesting that having your data migrate to private, consumer-based data centers or failing to review and monitor the apps that connect to that platform reflects a misunderstanding of the market, not a gross misstep on Google’ behalf.