Tuesday, September 1, 2009

Do you think Google Apps is Secure?

In my opinion it is and this is why.

Google’s business would collapse by not securing their customers' data. Like any other business, it’s keen to maintain customer loyalty and to encourage new customers. It doesn’t take much to realise what would happen to Google, if its customer data were compromised.

Google currently maintains the data of over 10 million people. Over a million businesses are using Google Apps. It’s flagship service Adwords, generates millions of dollars in revenue. With these numbers, Google must invest in secure infrastructure to ensure privacy, business continuation, and data recovery.

My understanding is that Google protects its customer data by:

1) Employing security guards at it’s massive data centres

2) Distributing data over a number of servers. In advent of a server failure, your data is still accessible

3) Using technology unfamiliar to hackers. Their servers run on proprietary operating systems thus making it hard for hackers to learn security flaws.

4) Obfuscating your data. That is scrambling it into non-readable format.

From my perspective, unless your business is willing to employ the same measures, it is difficult to argue that your data is more secure in your premises. At reef software, we take the view that this cost in time and money is unjustifiable, and makes sense to us to take advantage of Google’s economies of scale.

ach business is different, and this blog is only an opinion piece. I did, however, did seek some clarification from NSW Society for Computers and the Law. Their helpful reply best sums up how you should approach any cloud computing service like Google Apps.

“Legally, a business (as opposed to an individual) obtaining services that utilised cloud computing would primarily protect itself through appropriate terms the contract for service (eg, terms addressing security, service levels, data recovery, obligations to provide data on request, limits on where the data can be hosted, customer remains the owner of data, liability clauses dealing with misuse of data etc). Practically (as I suspect you may know better than me), all sorts of other considerations such as confidence in the hosted solution provider and their technical environment are highly relevant to the level of protection given to the business.”

In other words, it all depends on the contract and just as importantly, who is providing the service.

For further reading:
Cloud computing more secure than traditional IT, says Google
Forrester: A Close Look At Cloud Computing Security Issues
Can You Trust Google Apps (And Other SaaS)?
Experts urge caution on cloud computing