The Security and Compliance Question: Getting Comfortable with Google
Google's philosophy around information security is fairly simple: your data is safer with Google than it is with you.
"That's sort of bold and right in the face of what people object to with SaaS, but to be honest, that's the truth," Girouard says. "We've had intelligence agencies of the United States government tell us that: 'we think our data would be safer with Google than it is on our own servers.'"
As Google offers prospective customers a deeper look at its security under non-disclosure agreement, it's impossible to know what those agencies found so appealing. On a more practical level, however, analysts say Google's acquisition of Postini, a security vendor, has helped in their efforts to show that they are serious about keeping enterprise data safe. The Google Apps premier edition has a Postini console to manage messaging security.
"Postini has helped Google Apps a bit," says Edwards. "Postini has a proven security product that many businesses have trusted."
Google also received a Statement of Auditing (SAS 70) certification, which requires a close examination of the company's internal security controls. Such certification has been seen as an important step for SaaS companies showing customers they're in line with compliance standards, especially Sarbanes-Oxley, Edwards says.
While Google officials like Girouard are bullish on the business value of their online applications, analysts say the company's high profile among consumers makes it more difficult to win over IT departments than other SaaS companies have faced in the past.
Nuclues Research's Wettemann says that people wonder if their enterprise data could somehow come up on a search by a regular consumer using the Google search bar. "A lot of it is perception," Wettemann says. "You look at what they do with Google Health, and people wonder, 'will people be able to Google me and find my health records?' The answer is of course no, but it takes people [and businesses] some time to get over that idea."
Google's Partnership with SaaS Vendor Salesforce.com
To help win the enterprise hearts and minds, Google has tapped into the expertise of one company who has shown that SaaS is just as safe as on premise software: Salesforce.com, which sells customer relationship management (CRM) software and delivers it to business users over the Web.
Back in April, Google and Salesforce.com entered into a partnership that made a basic version of Google Apps available for free to any Salesforce.com customer who wanted it. The deal has opened up new sales channel for Google Apps to be sold to businesses.
"It's been great because Salesforce.com has been at this for a lot longer than we have," Girouard says. "The joint selling is great, and it'll be a nice symbiotic relationship."
The Upside to Google Apps' Open Design
Google Apps has largely been designed based on Google's overall philosophy that the Web should be open to consumers and businesses to use as a platform for creating new applications. As a result, Google Apps utilizes a lot of open Application Programming Interfaces (APIs) that allow third-party developers to build on top of it.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.