Despite its “Don’t be evil” slogan, many people are starting to believe Google is just that. They believe Google to be the ultimate big brother and believe it to be using our private data for its own gain. So would you trust your corporate email with Google?
We’re in the discovery stages of switching email platforms. Being a Mac- and Linux-based shop, Microsoft Exchange is ruled out. This leaves Google Apps and Zimbra as the two big players we’re considering. Comparing the two, there’s a lot of noise about security and privacy issues with Google.
A little background on why I’m qualified to speak on this subject: I got into computers through the hacking scene, have a Masters of Science in IT Security, am a senior system administrator, and have enough real-world experience to have seen several server compromises at various companies. I voluntarily turn on multi-factor authentication and have several one-time password tokens for my personal accounts. That said, I still have a hard time buying into the security and privacy issues with Google Apps Premier.
I think most people really need to get over themselves. What the majority of people do is just not that important for Google to give a damn about. The last I checked, Google was valued at $111 billion dollars. The next widget you’re designing is meaningless to them. Even if the Terms of Service allowed them to utilize your data (which, at least for Premier it doesn’t), the scandal Google would face if it became public that it was doing anything more nefarious than targeted marketing could ruin the comapny.
After reviewing the TOS for Google Apps Premier, the scariest section I could find is the following:
2.2 Aliases. Customer is solely responsible for monitoring responding to and otherwise processing emails sent to the “abuse” and “postmaster” aliases for Customer Domain Names but Google may monitor emails sent to these aliases for Customer Domain Names to allow Google to identify Services abuse.
The “abuse” mailbox, in particular, is commonly used to report spam, denial of service attacks, or other nefarious actions to the system administrator of a domain. Google reserves the right to monitor “abuse” and “postmaster” for these types of messages. I doubt it really does, but it reserves the right to. If this really bothers you, your concern may be valid.
Any other use of customer data by Google is prohibited by section 7.1 of the agreement.
7.1 Intellectual Property Rights. Except as expressly set forth herein, this Agreement does not grant either party any rights, implied or otherwise, to the other’s content or any of the other’s intellectual property. As between the parties, Customer owns all Intellectual Property Rights in Customer Data, and Google owns all Intellectual Property Rights in the Services.
Even Google Ads are disabled by default, and the administrator of the account must enable them if targeted advertisements are desired.
1.4 Ads. The default setting for the Services is one that does not allow Google to serve Ads. Customer may change this setting in the Admin Console which constitutes Customer’s authorization for Google to serve Ads. If Customer enables the serving of Ads it may revert to the default setting at any time and Google will cease serving Ads.
So if Google were spying on you, it wouldn’t face only a potential PR nightmare, it would also be in breach of its own agreement.
The issue of confidentiality is only one-third of the security picture, though. The other two-thirds are the often-neglected components of availability and integrity. There’s no point in keeping your confidential data private if authorized individuals can’t access that data, and you can’t guarantee the data hasn’t been altered or corrupted.
I’m fairly sure that Google's data centers will provide higher availability and integrity than any in-house solution I could design. Small companies wouldn’t have the budget, manpower, or economy of scales that Google does. But for some companies this may not be true, so let’s get an idea of where the breaking point is.
While Google is pretty secretive about its infrastructure, I think it’s safe to assume everything has redundancy built in. Let’s just assume you can build a fully redundant email solution with six servers. That would be two load balancers, two MTAs, and two databases to hold the mailboxes. When you’re talking about enterprise-class equipment, you’re talking $400-$800/month per server from a reliable data center. Virtual servers need not apply for the type of IO that an email server does. On the low side, this is $28,800 per year and is only looking at the cost of the hardware and internet connectivity at the data center. You can purchase the same or better availability and redundancy from Google for $50/user per year. Even using this lowball figure, which doesn’t include management costs, support costs, or software licences (and probably other costs), you would need to have 576 employees before it would be more economical to do it yourself.
But this blog isn’t supposed to be about the economics of Google Apps. It’s about security and privacy issues, so let’s get back to security …
Even if it makes economic sense for you to do it yourself, do you really think your internal IT staff has the same level of expertise as Google when it comes to designing and hosting email solutions? At its January 2012 earnings call, Google reported having 350 million active Gmail users. This expertise plays a big role in the availability and integrity of your email, which, as I stated, are two-thirds of the security pie.
So are we going to use Google Apps instead of Zimbra? I don’t know yet. I’m just over the issue of privacy and security being the big argument against Google, with most Zimbra users assuming you must be insane to trust your email with Google. If you really do have something that sensitive, it has no business being transmitted over the Internet.
Disclaimer: Everything I stated is regarding the Google Premier service and not the free service. As always, you get what you pay for.