Friday, August 3, 2007

Can Google be trusted?

Stefan asked the following question earlier today: "I couldn't imagine keeping my company's internal/confidential information on Google's servers. What are your reasons for not caring about this?"

I do care about confidentiality of our internal information. On the other hand I don't see a big difference between keeping the files securely on our internal servers or with a service provider. In the first case I trust our IT staff not to leave any doors open for hackers or any other intrusion and in the second case I trust Google to deliver the service as specified in the Service Level Agreement. I also read carefully the Google Apps security whitepaper.

But even if our internal systems are completely secure it doesn't prevent information leaks. Here are some Systinet examples:

- within five years of Systinet existence we had more than six notebooks full of confidential information stolen
- most of our internal emails were exchanged at some point with partners, legal counsels and external consultants over unsecured network
- we pitched our business plan and financial information to several VCs who ended up funding competing startups
- the first Systinet CTO came from a large computer company and even bigger software company claimed that our internal emails contain important information relevant to a lawsuit between these two giants. So we ended up printing most of our internal emails and delivering them on a silver plate to our biggest competitors...


PS. Stefan's comment is for some strange reason half blocked by Blogger/Google (see the link). Is it intentional? Can Google really be trusted?

2 comments:

wr said...

There is some strange formatting in his post. I am able to see it fully in the source code of the page.

David Hajek said...

Have you think of how to integrate
eg. google email with other applications which will be needed in the near future? Like internal help desk system, crm, single signon, ...

I don't say its not possible, just wondering....