The reliability of cloud computing has been a hot topic recently, partly because glitches in the cloud don't happen behind closed doors as with traditional on-premises solutions for businesses. Instead, when a small number of cloud computing users have problems, it makes headlines.
As with most things at Google, we are fanatical about measuring the availability of Gmail, and we thought it best to simply share our reliability metrics, which we measure as average uptime per user based on server-side error rates. We think this reliability metric lets you do a true side-by-side comparison with other solutions.
We measure every server request for every user, every moment of every day. Any millisecond delay is logged. Over the last year, Gmail has been available more than 99.9 percent of the time — for everyone, both consumers and business users. The vast majority of people using Gmail have seen few issues, experienced no downtime, and have continued to have a great Gmail experience, with exception of an outage in August 2008. If you average all these data together, including the August outage, across the entire Gmail service, there has been an aggregate 10-15 minutes of downtime per month over the last year of providing the service. That 10-15 minutes per month average represents small delays of a couple of seconds here and there. A very small number of people have unfortunately been subject to some disruption of service that affected them for a few minutes or a few hours. For those users, we are very sorry. And for Google Apps Premier Edition customers, we have extended service level agreement credits to them.
So how does greater than 99.9 percent reliability compare to more conventional approaches for business email? We asked some experts. Naturally, the normal caveats apply for on-premises solutions, since each individual business environment will vary, depending on server reliability, staff response time, and actual maintenance schedules for each application.
According to the research firm Radicati Group, companies with on-premises email solutions averaged from 30 to 60 minutes of unscheduled downtime and an additional 36 to 90 minutes of planned downtime per month.1
Looking just at the unplanned outages that catch IT staffs by surprise, these results suggest Gmail is twice as reliable as a Novell GroupWise solution, and four times more reliable than a Microsoft Exchange-based solution that companies must maintain themselves. And higher reliability translates to higher employee productivity. Gmail's reliability jumps to more than four times as reliable as a GroupWise solution and 10 times more reliable than an Exchange-based solution if you factor in the planned outages inherent in on-premises messaging platforms. But this isn't the only way Google Apps helps businesses do more with their resources. Compared to the costs of Microsoft Exchange, IBM Lotus or Novell GroupWise — including software licensing, server expenses and the labor associated with deploying, maintaining and upgrading them on a regular basis — Google Apps leaves companies with much more time and money to focus on their real business.
We are now extending what we've learned from Gmail to the other applications in Google Apps.
Today, we're announcing that we will extend the 99.9 percent service level agreement we offer Premier Edition customers on Gmail to Google Calendar, Google Docs, Google Sites, and Google Talk. We have been delivering high levels of reliability across all these products, so it makes sense to extend our guarantees to them.
More than 1 million businesses have selected Google Apps to run their business, and tens of millions of people use Gmail every day. With this type of adoption, a disruption of any size — even a minor one affecting fewer than 0.003% of Google Apps Premier Edition users, like the one a few weeks ago — attracts a disproportional amount of attention. We've made a series of commitments to improve our communications with customers during any outages, and we have an unwavering commitment to make all issues visible and transparent through our open user groups.
Google is one of the 1 million businesses that run on Google Apps, and any service interruption affects our users and our business; our engineers are also some of our most demanding customers. We understand the importance of delivering on the cloud's promise of greater security, reliability and capability at lower cost. We are hugely thankful to our customers who drive us to become better every day.
1. The Radicati Group, 2008. "Corporate IT Survey – Messaging & Collaboration, 2008-2009"
Posted by Matthew Glotzbach, Product Management Director, Google Enterprise
REFERENCE:
http://www.google.com/apps/intl/en/terms/sla.html
Google Apps Service Level Agreement
Google Apps SLA. During the Term of the applicable Google Apps Agreement, the Google Apps Covered Services web interface will be operational and available to Customer at least 99.9% of the time in any calendar month (the "Google Apps SLA"). If Google does not meet the Google Apps SLA, and if Customer meets its obligations under this Google Apps SLA, Customer will be eligible to receive the Service Credits described below. This Google Apps SLA states Customer's sole and exclusive remedy for any failure by Google to provide the Service.
Definitions. The following definitions shall apply to the Google Apps SLA.
"Downtime" means, for a domain, if there is more than a five percent user error rate. Downtime is measured based on server side error rate.
"Downtime Period" means, for a domain, a period of ten consecutive minutes of Downtime. Intermittent Downtime for a period of less than ten minutes will not be counted towards any Downtime Periods.
"Google Apps Covered Services" means the GMail, Google Calendar, Google Talk, Google Docs, and Google Sites components of the Service. This does not include the GMail Labs functionality or Gmail Voice and Video Chat components of the Service.
"Monthly Uptime Percentage" means total number of minutes in a calendar month minus the number of minutes of Downtime suffered from all Downtime Periods in a calendar month, divided by the total number of minutes in a calendar month.
"Scheduled Downtime" means those times where Google notifies Customer of periods of Downtime at least five days prior to the commencement of such Downtime. There will be no more than twelve hours of Scheduled Downtime per calendar year. Scheduled Downtime is not considered Downtime for purposes of this Google Apps SLA, and will not be counted towards any Downtime Periods.
"Service" means the service provided by Google to Customer under the applicable Google Apps Agreement.
"Service Credit" means the following:
Monthly Uptime Percentage Days of Service added to the end of the Service term, at no charge to Customer
< 99.9% - ≥ 99.0% 3
< 99.0% - ≥ 95.0% 7
< 95.0% 15
Customer Must Request Service Credit. In order to receive any of the Service Credits described above, Customer must notify Google within thirty days from the time Customer becomes eligible to receive a Service Credit. Failure to comply with this requirement will forfeit Customer’s right to receive a Service Credit.
Maximum Service Credit. The aggregate maximum number of Service Credits to be issued by Google to Customer for any and all Downtime Periods that occur in a single calendar month shall not exceed fifteen days of Service added to the end of Customer’s term for the Service. Service Credits may not be exchanged for, or converted to, monetary amounts.
Google Apps SLA Exclusions. The Google Apps SLA does not apply to any service s that expressly exclude this Google Apps SLA (as stated in the documentation for such services) or any performance issues: (i) caused by factors outside of Google’s reasonable control; or (ii) that resulted from Customer’s equipment or third party equipment, or both (not within the primary control of Google).
Monday, December 29, 2008
How to Migrate Data if you decided to terminate Google Apps Service
Migrating data away from Google Apps
If you've decided to use another solution for your organization's email, calendars, documents, and sites, don't forget to migrate your data to your new solution before deleting your Google Apps account.
Here's a list a data transfer options available for Google Apps:
Email: Gmail accounts offer an option to download all mail to your computer via POP or IMAP access with a local desktop client, such as Microsoft Outlook or Mozilla Thunderbird. How to configure your mail client: POP instructions & IMAP instructions
Contacts: Each email account allows users to export the contacts list in a CSV or vCard format. Export details
Calendar: Google Calendar offers the ability to download an iCal file to your desktop (limited to calendars that are publicly shared), or you can visit http://www.google.com/calendar/hosted/yourdomain/exporticalzip (Make sure to replace your domain with your actual domain name) to download all calendars in your 'My Calendars' list. Export details
Docs: Google Docs lets you save your documents, spreadsheets and presentations to your hard drive in various formats. Export details
Sites: Google Sites doesn't currently offer an export feature.
Start Page: Since the start page service helps you access content but doesn't contain data itself, exporting data isn't applicable for this service.
Web Pages: Google Page Creator doesn't offer an export feature; however, when viewing your web pages, you can view the page source and save your HTML code to your hard drive for use in another application.
If you've decided to use another solution for your organization's email, calendars, documents, and sites, don't forget to migrate your data to your new solution before deleting your Google Apps account.
Here's a list a data transfer options available for Google Apps:
Email: Gmail accounts offer an option to download all mail to your computer via POP or IMAP access with a local desktop client, such as Microsoft Outlook or Mozilla Thunderbird. How to configure your mail client: POP instructions & IMAP instructions
Contacts: Each email account allows users to export the contacts list in a CSV or vCard format. Export details
Calendar: Google Calendar offers the ability to download an iCal file to your desktop (limited to calendars that are publicly shared), or you can visit http://www.google.com/calendar/hosted/yourdomain/exporticalzip (Make sure to replace your domain with your actual domain name) to download all calendars in your 'My Calendars' list. Export details
Docs: Google Docs lets you save your documents, spreadsheets and presentations to your hard drive in various formats. Export details
Sites: Google Sites doesn't currently offer an export feature.
Start Page: Since the start page service helps you access content but doesn't contain data itself, exporting data isn't applicable for this service.
Web Pages: Google Page Creator doesn't offer an export feature; however, when viewing your web pages, you can view the page source and save your HTML code to your hard drive for use in another application.
Sunday, December 28, 2008
Google Apps - Certified with Statement on Auditing Standard (SAS) 70 Type II
SAS 70 Type II for Google Apps
Source: By Eran Feigenbaum, Director of Security, Google Apps
Ever since the first Gmail users began trusting Google with their private information, keeping people's data safe has been one of our top priorities. Today, more than a million businesses, plus thousands of schools and organizations using Google Apps rely on us to safeguard their critical information.
We've published some of the ways we keep sensitive information where it belongs, but we wanted to go farther and have external independent security specialists audit our systems and procedures. Here's the outcome: an independent public accounting firm has verified the effectiveness of our technical processes and controls for Google Apps, and Google Apps has satisfactorily completed a SAS 70 Type II audit.
Our commitment to keeping customer information safe – whether they're consumer users or our largest enterprise customers – is part of our DNA, and we protect this information as rigorously as we protect our own sensitive corporate information. In fact, we use the very same services that we offer to our users for our own email, documents, project team sites and calendars.
See below for information on the SAS 70 Type II certification that Google Apps has received:
http://googleenterprise.blogspot.com/2008/11/sas-70-type-ii-for-google-apps.html
http://en.wikipedia.org/wiki/SAS_70
Details on Google's security infrastructure:
http://www.google.com/apps/intl/en/business/infrastructure_security
References:
[1] Wikipedia entry: SAS 70(Web)
en.wikipedia.org
[2] Official Google Enterprise Blog - SAS 70 Type II for Google Apps(Web)
googleenterprise.blogspot.com
[3] Google Apps Infrastructure & Security(Web)
www.google.com
Postini:
http://www.google.com/support/a/bin/topic.py?topic=14840
Source: By Eran Feigenbaum, Director of Security, Google Apps
Ever since the first Gmail users began trusting Google with their private information, keeping people's data safe has been one of our top priorities. Today, more than a million businesses, plus thousands of schools and organizations using Google Apps rely on us to safeguard their critical information.
We've published some of the ways we keep sensitive information where it belongs, but we wanted to go farther and have external independent security specialists audit our systems and procedures. Here's the outcome: an independent public accounting firm has verified the effectiveness of our technical processes and controls for Google Apps, and Google Apps has satisfactorily completed a SAS 70 Type II audit.
Our commitment to keeping customer information safe – whether they're consumer users or our largest enterprise customers – is part of our DNA, and we protect this information as rigorously as we protect our own sensitive corporate information. In fact, we use the very same services that we offer to our users for our own email, documents, project team sites and calendars.
See below for information on the SAS 70 Type II certification that Google Apps has received:
http://googleenterprise.blogspot.com/2008/11/sas-70-type-ii-for-google-apps.html
http://en.wikipedia.org/wiki/SAS_70
Details on Google's security infrastructure:
http://www.google.com/apps/intl/en/business/infrastructure_security
References:
[1] Wikipedia entry: SAS 70(Web)
en.wikipedia.org
[2] Official Google Enterprise Blog - SAS 70 Type II for Google Apps(Web)
googleenterprise.blogspot.com
[3] Google Apps Infrastructure & Security(Web)
www.google.com
Postini:
http://www.google.com/support/a/bin/topic.py?topic=14840
Comprehensive security protection for Google Apps
Comprehensive review of security and vulnerability protections for Google Apps
Security of Google Apps
Securing network-based applications against would-be hackers is key to ensuring the success of any system. When it comes to email and collaboration, the importance is paramount. Google invests billions of dollars in technology, people, and process to ensure data in Google Apps is safe, secure, and private. Google’s dedicated team of security professionals is responsible for designing in security from the onset, reviewing all design, code, and finished product to ensure it meets strict Google security and data privacy standards. The same infrastructure used to host Google Apps and secure hundreds of thousands of user’s data is also used to manage millions of consumers’ data and billions of dollars in advertising transactions. With Google Apps, information is safe and secure.
Introduction
As part of the mission to organize the world’s information, Google is responsible for the safekeeping of data for tens of millions of users. This responsibility is taken very seriously, and Google has gone to great lengths to earn and live up to the trust of its users. Google recognizes that secure products are instrumental in maintaining user trust and strives to create innovative products that serve users’ needs and operate in their best interest.
Google Apps benefits from this extensive operational experience in producing secure and reliable products. Google’s products and services combine advanced technology solutions with industry–leading security practices to ensure customer and user data is secure. Billions of dollars in capital are invested to ensure the most secure, reliable environment for data and applications. In particular, Google focuses on several aspects of security that are critical to business customers:
• Organizational and Operational Security – Policies and procedures to ensure security at every phase of design, deployment and ongoing operations.
• Data Security – Ensuring customer data is stored in secure facilities, on secure servers, and within secure applications.
• Threat Evasion – Protecting users and their information from malicious attacks and would-be hackers.
• Safe Access – Ensuring that only authorized users can access data, and the access channel is secure.
• Data Privacy – Ensuring that confidential information is kept private and confidential
This paper looks at Google’s security strategy, which utilizes numerous physical, logical, and operational security measures to ensure the utmost in data security and privacy.
Organizational & Operational Security
The foundation of Google’s security strategy starts with its people and processes. Security is a combination of people, processes, and technology, that when put together properly lead to safe and responsible computing. Security is not something that can simply be validated after the fact. Rather, it is designed into products, architecture, infrastructure, and systems from the onset. Google employs a full time security team to develop, document, and implement comprehensive security policies. Google’s Security team is made up of some of the world’s foremost experts in information, application and network security.
The security team is divided by functional area into perimeter defense, infrastructure defense, application defense, and vulnerability detection and response. Many come to Google with experience in senior information security roles at Fortune 500 companies. This team focuses a large amount of their effort on preventative measures to ensure that code and systems are secure from the onset, and is on call to dynamically respond to security issues
Google’s security posture is top of mind from the moment a product design is drafted. Google engineering and product teams receive extensive training in security fundamentals. Google’s development methodology lays out a multi-step plan with ongoing checkpoints and full audits.
The Google Application Security team is involved in all stages of the product development lifecycle including design review, code audit, system and functional testing, and final launch approval. Google uses a number of commercial and proprietary technologies to ensure that applications are secure at every level. Google’s Application Security team is also responsible for ensuring that secure development processes are followed to ensure customer safety.
Operational Security
Google’s Security Operations team is focused on maintaining security of the operational systems including data handling and system management. These individuals routinely audit datacenter operations and conduct ongoing threat assessment against Google’s physical and logical assets.
This group is also responsible for ensuring that all employees are appropriately screened and trained to conduct their job in a professional and secure manner. As appropriate, Google goes to great lengths to screen and verify an individual’s background prior to joining the organization. All personnel responsible for maintaining security processes and procedures are thoroughly trained on the practices and continually updated on their training.
Security Community & Advisories
In addition to the processes described above, Google actively works with the security community, leveraging the collective wisdom of the world’s best and brightest. This helps Google keep ahead of security trends, quickly react to emerging threats, and harness the expertise of those inside and outside the company. Google actively engages this larger security community through responsible disclosure. Visit
http://www.google.com/corporate/security.html to find more information about this program and some of the key security experts with whom Google maintains ongoing dialog.
Even with all of these levels of protection, unknown vulnerabilities can emerge, and Google is equipped to respond swiftly to security alerts and vulnerabilities. The Google Security team audits all infrastructure for potential vulnerabilities, and works directly with engineering to correct any known issue immediately. Google Apps Premier Edition customers are notified of user-impacting security issues as soon as practicable via email.
Data Security
The security of company and user data is the mission of Google’s Security and Operations teams. Google’s business is built on user trust, and therefore this is one of the keys to continued success of Google as a corporation. All Google employees are instilled with the value of responsibility to the end user. Protecting data is at the core of what Google is all about. Google takes great care to protect the billions of dollars of consumer and advertising transactions; we apply that same care to Google’s communication and collaboration technologies.
You can see that this is fundamental to who we are as a company by reviewing our code of conduct at http://investor.google.com/conduct.html.
GOOGLE APPS SECURITY WHITE PAPER
Physical Security
Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates datacenters worldwide, and many Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events.. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited. Security is monitored and controlled both locally at the site, and centrally at Google’s worldwide security operations centers.
The facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems.
Logical Security
In web-based computing, the logical security of data and applications is as critical as physical security. Google goes to extremes to ensure that applications are secure, that data is handled in a secure and responsible way, and that no external unauthorized access to customer or user data can be achieved. To achieve this goal, Google uses a number of industry standard techniques as well as some unique, innovative approaches. One such approach is leveraging special purpose technology as opposed to general-purpose software.
Much of Google’s technology is written to provide special purpose capabilities as opposed to general purpose computing. For example, the web server layer is specially designed and implemented by Google to only expose the capabilities required for operation of specific applications. Therefore, it is not as vulnerable to the wide range attacks that most commercial software would be susceptible to.
Google has also made modifications to core libraries for security purposes. Because the Google infrastructure is a dedicated application system rather than a general purpose computing platform, a number of the services provided by the standard Linux operating system can be limited or disabled. These modifications focus on enhancing the capabilities of the system needed for the task at hand and disabling or removing any exploitable aspects of the system that aren’t required.
Google’s servers are also protected by multiple levels of firewalls to protect against attacks. Traffic is inspected as appropriate for attempted attacks, and any attempts are dealt with to protect users’ data.
Information Accessibility
Data such as email is stored in an encoded format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google’s physical protections described above ensure that no physical access to servers is possible. All access to production systems is conducted by personnel using encrypted SSH (secure shell). Specialized knowledge of the data structures and Google’s proprietary infrastructure would be required to get meaningful access to end user data. This is one of many security layers to ensure security of sensitive data within Google Apps.
GOOGLE APPS SECURITY WHITE PAPER
Google’s distributed architecture is built to provide a higher level of security and reliability than a traditional single-tenant architecture. Individual user data is dispersed across a number of anonymous servers, clusters, and datacenters. This ensures that data is not only safe from potential loss, but also highly secure.
User data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer’s data without explicit knowledge of their login information. Not only does this proven system serve tens of millions of consumer users with email, calendaring, and documents on a daily basis, but is also used by Google as the primary platform to serve its 10,000+ employee base.
Redundancy
The application and network architecture run by Google is designed for maximum reliability and uptime. Google’s grid-based computing platform assumes ongoing hardware failure, and robust software failover withstands this disruption. All Google systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation.
Data is replicated multiple times across Google’s clustered active servers, so, in the case of a machine failure, data will still be accessible through another system. In addition, user data is replicated across datacenters. As a result, if an entire datacenter were to fail or be involved in a disaster, a second datacenter would be able to immediately take over and provide services to users.
Threat Evasion
Email viruses, phishing attacks, and spam are amongst the biggest security threats within corporations today. Reports show that more than two-thirds of incoming mail is spam, new email viruses are born and distributed throughout the Internet each day. Keeping on top of this can be an overwhelming task, and even corporations with spam and virus filters struggle with keeping these constantly up to date to deal with the latest threats. In addition, network-based applications are the target of malicious attacks attempting to tamper with data or bring down the service. Google’s world-class threat evasion protects users from attacks on the data and within the content of their messages and files.
Spam and Virus Protection
Google Apps customers benefit from one of the strongest spam and phishing filters in the industry today. Google has developed advanced technology filters that learn from patterns in messages identified as spam, and these filters are trained continually across billions of mail messages. As a result, Google can very accurately identify spam, phishing attacks, and viruses, and ensure sure that users’ inboxes, calendars, and documents are protected.
Through Google’s web-based interface, virus protection blocks the threat of unknowing users spreading a virus through the corporation or internal network. Unlike traditional client-based email applications, messages are not downloaded to the desktop. Rather, they are scanned on the server for viruses and Gmail will not allow a user to open an attachment until it has been scanned and any threat mitigated. As a result, email viruses cannot take advantage of client-side security vulnerabilities, and users cannot unknowingly open a document with a virus.
Application & Network Attacks
In addition to filtering the content of data for spam and viruses, Google is continuously protecting itself and customers against malicious attacks. Hackers are always looking for ways to pry into web-based applications or bring them down. Denial of service, IP spoofing, cross site scripting, and packet tampering are just a few of the types of attacks that are used against networks daily. Google, being one of the world’s largest providers
GOOGLE APPS SECURITY WHITE PAPER
of web-based services has gone to great lengths to protect against these and other threats. All software is scanned using a variety of commercial and proprietary network and application scanning packages. The Google Security team also works with external parties to test and enhance Google’s infrastructure and application security posture.
Safe Access
No matter how secure data is within a datacenter, this data is vulnerable once it’s downloaded to a user’s local computer. Studies have shown that the average laptop has over 10,000 files and thousands of downloaded email messages. Imagine if one of these corporate laptops falls into the hands of a malicious user. Simply by mounting a disk, an unauthorized user can get access to your corporation’s intellectual property and secrets. Google Apps allows companies to mitigate this risk by avoiding the local storage of data onto users’ laptops.
End User Protections
The web-based design of Google Apps allows you to make sure that users have ready access to their data from anywhere while the data remains safely on Google’s servers. Rather than emails being stored on a desktop or laptop, users have desktop-quality, highly interactive interfaces for email, calendars, and instant messaging while still using a web browser.
Similarly, applications such as Google Docs and Spreadsheets afford users a high level of control over information. These documents stay on the server, but users get rich editing capabilities through the web browser. In addition, users have fine-grained control over who has access to these documents, and can set up a list of editors and viewers. These permissions get enforced on any access to the document, allowing you to avoid the problem of an internal document getting forwarded by email outside your corporation. Finally, these products track changes at a fine-grained level, giving visibility into who made what changes at what time.
Google Apps also protects the transmission of data on the wire, to ensure users are accessing data securely without threat of confidential data being intercepted on the network. Access to the web-based administrative console to Google Apps as well as most end-user applications is offered through a Secure Socket Layer (SSL) connection. Google offers HTTPS access to most services within Google Apps, and the product can be set up to allow only HTTPS access to key services such as email and calendar. With this functionality, all user access to the data and all interactions are encrypted.
At no time does Google use cookies to store passwords or customer data on the user system. Cookies are used for session information and user convenience, but at no time is that information sensitive nor can it be used to break into a user’s account.
Giving You Control
In addition to providing these protections on company and user data, Google gives businesses the control to integrate corporate security, access, auditing, and authentication methodologies into Google Apps. Google Apps provides a single sign-on API based on SAML 2.0 which lets companies use existing authentication mechanisms to let users access Google Apps. Businesses can, for example, use Active Directory authentication to log in a user, and the credentials are not transmitted through Google servers for access to the web-based tools. This also allows companies to continue to enforce their password strength and change frequency policies.
In addition, Google provides an administration console and API for user management. Administrators have the power to instantly shut off access to an account or delete an account on demand. This can also be tied to your internal processes for provisioning and deprovisioning a user through the API.
GOOGLE APPS SECURITY WHITE PAPER
With respect to email and instant messaging, Google also provides the facility to place a mail gateway in front of the mail system. In this configuration, all incoming and outgoing mail goes through the customers system, and this gives you the ability to audit and archive mail, as well as put supervisory controls in place.
Data Privacy
Google is very sensitive to company and user privacy, and realizes that the data housed within applications is confidential and sensitive. Google ensures with Google Apps that information is not compromised. Google’s legally binding privacy policy that protects all services can be found by visiting http://www.google.com/privacypolicy.html. Per this policy and related policies for the individual services contained within Google Apps, at no time will Google employees access confidential user data. Google also ensures that this policy will not be altered in any potentially damaging way without express written consent from the customer and/or user.
Conclusion
Google Apps provides a secure and reliable platform for your data, bringing you the latest technologies and best practices for datacenter management, network application security, and data integrity. When you entrust your company’s information with Google, you can do so with confidence, knowing that the full weight of Google’s technology and infrastructure investment is brought to bear to ensure the security, privacy, and integrity of your data.
For more information about Google Apps, go to http://www.google.com/a or email
apps-enterprise@google.com.
© Copyright 2007. Google is a trademark of Google Inc. All other company and product names may be trademarks of the respective
companies with which they are associated.
Source: Google Apps' Security White Paper
Security of Google Apps
Securing network-based applications against would-be hackers is key to ensuring the success of any system. When it comes to email and collaboration, the importance is paramount. Google invests billions of dollars in technology, people, and process to ensure data in Google Apps is safe, secure, and private. Google’s dedicated team of security professionals is responsible for designing in security from the onset, reviewing all design, code, and finished product to ensure it meets strict Google security and data privacy standards. The same infrastructure used to host Google Apps and secure hundreds of thousands of user’s data is also used to manage millions of consumers’ data and billions of dollars in advertising transactions. With Google Apps, information is safe and secure.
Introduction
As part of the mission to organize the world’s information, Google is responsible for the safekeeping of data for tens of millions of users. This responsibility is taken very seriously, and Google has gone to great lengths to earn and live up to the trust of its users. Google recognizes that secure products are instrumental in maintaining user trust and strives to create innovative products that serve users’ needs and operate in their best interest.
Google Apps benefits from this extensive operational experience in producing secure and reliable products. Google’s products and services combine advanced technology solutions with industry–leading security practices to ensure customer and user data is secure. Billions of dollars in capital are invested to ensure the most secure, reliable environment for data and applications. In particular, Google focuses on several aspects of security that are critical to business customers:
• Organizational and Operational Security – Policies and procedures to ensure security at every phase of design, deployment and ongoing operations.
• Data Security – Ensuring customer data is stored in secure facilities, on secure servers, and within secure applications.
• Threat Evasion – Protecting users and their information from malicious attacks and would-be hackers.
• Safe Access – Ensuring that only authorized users can access data, and the access channel is secure.
• Data Privacy – Ensuring that confidential information is kept private and confidential
This paper looks at Google’s security strategy, which utilizes numerous physical, logical, and operational security measures to ensure the utmost in data security and privacy.
Organizational & Operational Security
The foundation of Google’s security strategy starts with its people and processes. Security is a combination of people, processes, and technology, that when put together properly lead to safe and responsible computing. Security is not something that can simply be validated after the fact. Rather, it is designed into products, architecture, infrastructure, and systems from the onset. Google employs a full time security team to develop, document, and implement comprehensive security policies. Google’s Security team is made up of some of the world’s foremost experts in information, application and network security.
The security team is divided by functional area into perimeter defense, infrastructure defense, application defense, and vulnerability detection and response. Many come to Google with experience in senior information security roles at Fortune 500 companies. This team focuses a large amount of their effort on preventative measures to ensure that code and systems are secure from the onset, and is on call to dynamically respond to security issues
Google’s security posture is top of mind from the moment a product design is drafted. Google engineering and product teams receive extensive training in security fundamentals. Google’s development methodology lays out a multi-step plan with ongoing checkpoints and full audits.
The Google Application Security team is involved in all stages of the product development lifecycle including design review, code audit, system and functional testing, and final launch approval. Google uses a number of commercial and proprietary technologies to ensure that applications are secure at every level. Google’s Application Security team is also responsible for ensuring that secure development processes are followed to ensure customer safety.
Operational Security
Google’s Security Operations team is focused on maintaining security of the operational systems including data handling and system management. These individuals routinely audit datacenter operations and conduct ongoing threat assessment against Google’s physical and logical assets.
This group is also responsible for ensuring that all employees are appropriately screened and trained to conduct their job in a professional and secure manner. As appropriate, Google goes to great lengths to screen and verify an individual’s background prior to joining the organization. All personnel responsible for maintaining security processes and procedures are thoroughly trained on the practices and continually updated on their training.
Security Community & Advisories
In addition to the processes described above, Google actively works with the security community, leveraging the collective wisdom of the world’s best and brightest. This helps Google keep ahead of security trends, quickly react to emerging threats, and harness the expertise of those inside and outside the company. Google actively engages this larger security community through responsible disclosure. Visit
http://www.google.com/corporate/security.html to find more information about this program and some of the key security experts with whom Google maintains ongoing dialog.
Even with all of these levels of protection, unknown vulnerabilities can emerge, and Google is equipped to respond swiftly to security alerts and vulnerabilities. The Google Security team audits all infrastructure for potential vulnerabilities, and works directly with engineering to correct any known issue immediately. Google Apps Premier Edition customers are notified of user-impacting security issues as soon as practicable via email.
Data Security
The security of company and user data is the mission of Google’s Security and Operations teams. Google’s business is built on user trust, and therefore this is one of the keys to continued success of Google as a corporation. All Google employees are instilled with the value of responsibility to the end user. Protecting data is at the core of what Google is all about. Google takes great care to protect the billions of dollars of consumer and advertising transactions; we apply that same care to Google’s communication and collaboration technologies.
You can see that this is fundamental to who we are as a company by reviewing our code of conduct at http://investor.google.com/conduct.html.
GOOGLE APPS SECURITY WHITE PAPER
Physical Security
Google operates one of the largest networks of distributed datacenters in the world, and goes to great lengths to protect the data and intellectual property in these centers. Google operates datacenters worldwide, and many Google datacenters are wholly owned and managed ensuring that no outside parties can gain access. The geographic locations of the datacenters were chosen to give protection against catastrophic events.. Only select Google employees have access to the datacenter facilities and the servers contained therein, and this access is tightly controlled and audited. Security is monitored and controlled both locally at the site, and centrally at Google’s worldwide security operations centers.
The facilities themselves are engineered not only for maximum efficiency, but also for security and reliability. Multiple levels of redundancy ensure ongoing operation and service availability in even the harshest and most extreme of circumstances. This includes multiple levels of redundancy within a center, generator-powered backup for ongoing operations, and full redundancy across multiple dispersed centers. State of the art controls are used to monitor the centers both locally and remotely, and automated failover systems are present to safeguard systems.
Logical Security
In web-based computing, the logical security of data and applications is as critical as physical security. Google goes to extremes to ensure that applications are secure, that data is handled in a secure and responsible way, and that no external unauthorized access to customer or user data can be achieved. To achieve this goal, Google uses a number of industry standard techniques as well as some unique, innovative approaches. One such approach is leveraging special purpose technology as opposed to general-purpose software.
Much of Google’s technology is written to provide special purpose capabilities as opposed to general purpose computing. For example, the web server layer is specially designed and implemented by Google to only expose the capabilities required for operation of specific applications. Therefore, it is not as vulnerable to the wide range attacks that most commercial software would be susceptible to.
Google has also made modifications to core libraries for security purposes. Because the Google infrastructure is a dedicated application system rather than a general purpose computing platform, a number of the services provided by the standard Linux operating system can be limited or disabled. These modifications focus on enhancing the capabilities of the system needed for the task at hand and disabling or removing any exploitable aspects of the system that aren’t required.
Google’s servers are also protected by multiple levels of firewalls to protect against attacks. Traffic is inspected as appropriate for attempted attacks, and any attempts are dealt with to protect users’ data.
Information Accessibility
Data such as email is stored in an encoded format optimized for performance, rather than stored in a traditional file system or database manner. Data is dispersed across a number of physical and logical volumes for redundancy and expedient access, thereby obfuscating it from tampering. Google’s physical protections described above ensure that no physical access to servers is possible. All access to production systems is conducted by personnel using encrypted SSH (secure shell). Specialized knowledge of the data structures and Google’s proprietary infrastructure would be required to get meaningful access to end user data. This is one of many security layers to ensure security of sensitive data within Google Apps.
GOOGLE APPS SECURITY WHITE PAPER
Google’s distributed architecture is built to provide a higher level of security and reliability than a traditional single-tenant architecture. Individual user data is dispersed across a number of anonymous servers, clusters, and datacenters. This ensures that data is not only safe from potential loss, but also highly secure.
User data is only accessible with appropriate credentials, ensuring that there is no possibility of one customer having access to another customer’s data without explicit knowledge of their login information. Not only does this proven system serve tens of millions of consumer users with email, calendaring, and documents on a daily basis, but is also used by Google as the primary platform to serve its 10,000+ employee base.
Redundancy
The application and network architecture run by Google is designed for maximum reliability and uptime. Google’s grid-based computing platform assumes ongoing hardware failure, and robust software failover withstands this disruption. All Google systems are inherently redundant by design, and each subsystem is not dependent on any particular physical or logical server for ongoing operation.
Data is replicated multiple times across Google’s clustered active servers, so, in the case of a machine failure, data will still be accessible through another system. In addition, user data is replicated across datacenters. As a result, if an entire datacenter were to fail or be involved in a disaster, a second datacenter would be able to immediately take over and provide services to users.
Threat Evasion
Email viruses, phishing attacks, and spam are amongst the biggest security threats within corporations today. Reports show that more than two-thirds of incoming mail is spam, new email viruses are born and distributed throughout the Internet each day. Keeping on top of this can be an overwhelming task, and even corporations with spam and virus filters struggle with keeping these constantly up to date to deal with the latest threats. In addition, network-based applications are the target of malicious attacks attempting to tamper with data or bring down the service. Google’s world-class threat evasion protects users from attacks on the data and within the content of their messages and files.
Spam and Virus Protection
Google Apps customers benefit from one of the strongest spam and phishing filters in the industry today. Google has developed advanced technology filters that learn from patterns in messages identified as spam, and these filters are trained continually across billions of mail messages. As a result, Google can very accurately identify spam, phishing attacks, and viruses, and ensure sure that users’ inboxes, calendars, and documents are protected.
Through Google’s web-based interface, virus protection blocks the threat of unknowing users spreading a virus through the corporation or internal network. Unlike traditional client-based email applications, messages are not downloaded to the desktop. Rather, they are scanned on the server for viruses and Gmail will not allow a user to open an attachment until it has been scanned and any threat mitigated. As a result, email viruses cannot take advantage of client-side security vulnerabilities, and users cannot unknowingly open a document with a virus.
Application & Network Attacks
In addition to filtering the content of data for spam and viruses, Google is continuously protecting itself and customers against malicious attacks. Hackers are always looking for ways to pry into web-based applications or bring them down. Denial of service, IP spoofing, cross site scripting, and packet tampering are just a few of the types of attacks that are used against networks daily. Google, being one of the world’s largest providers
GOOGLE APPS SECURITY WHITE PAPER
of web-based services has gone to great lengths to protect against these and other threats. All software is scanned using a variety of commercial and proprietary network and application scanning packages. The Google Security team also works with external parties to test and enhance Google’s infrastructure and application security posture.
Safe Access
No matter how secure data is within a datacenter, this data is vulnerable once it’s downloaded to a user’s local computer. Studies have shown that the average laptop has over 10,000 files and thousands of downloaded email messages. Imagine if one of these corporate laptops falls into the hands of a malicious user. Simply by mounting a disk, an unauthorized user can get access to your corporation’s intellectual property and secrets. Google Apps allows companies to mitigate this risk by avoiding the local storage of data onto users’ laptops.
End User Protections
The web-based design of Google Apps allows you to make sure that users have ready access to their data from anywhere while the data remains safely on Google’s servers. Rather than emails being stored on a desktop or laptop, users have desktop-quality, highly interactive interfaces for email, calendars, and instant messaging while still using a web browser.
Similarly, applications such as Google Docs and Spreadsheets afford users a high level of control over information. These documents stay on the server, but users get rich editing capabilities through the web browser. In addition, users have fine-grained control over who has access to these documents, and can set up a list of editors and viewers. These permissions get enforced on any access to the document, allowing you to avoid the problem of an internal document getting forwarded by email outside your corporation. Finally, these products track changes at a fine-grained level, giving visibility into who made what changes at what time.
Google Apps also protects the transmission of data on the wire, to ensure users are accessing data securely without threat of confidential data being intercepted on the network. Access to the web-based administrative console to Google Apps as well as most end-user applications is offered through a Secure Socket Layer (SSL) connection. Google offers HTTPS access to most services within Google Apps, and the product can be set up to allow only HTTPS access to key services such as email and calendar. With this functionality, all user access to the data and all interactions are encrypted.
At no time does Google use cookies to store passwords or customer data on the user system. Cookies are used for session information and user convenience, but at no time is that information sensitive nor can it be used to break into a user’s account.
Giving You Control
In addition to providing these protections on company and user data, Google gives businesses the control to integrate corporate security, access, auditing, and authentication methodologies into Google Apps. Google Apps provides a single sign-on API based on SAML 2.0 which lets companies use existing authentication mechanisms to let users access Google Apps. Businesses can, for example, use Active Directory authentication to log in a user, and the credentials are not transmitted through Google servers for access to the web-based tools. This also allows companies to continue to enforce their password strength and change frequency policies.
In addition, Google provides an administration console and API for user management. Administrators have the power to instantly shut off access to an account or delete an account on demand. This can also be tied to your internal processes for provisioning and deprovisioning a user through the API.
GOOGLE APPS SECURITY WHITE PAPER
With respect to email and instant messaging, Google also provides the facility to place a mail gateway in front of the mail system. In this configuration, all incoming and outgoing mail goes through the customers system, and this gives you the ability to audit and archive mail, as well as put supervisory controls in place.
Data Privacy
Google is very sensitive to company and user privacy, and realizes that the data housed within applications is confidential and sensitive. Google ensures with Google Apps that information is not compromised. Google’s legally binding privacy policy that protects all services can be found by visiting http://www.google.com/privacypolicy.html. Per this policy and related policies for the individual services contained within Google Apps, at no time will Google employees access confidential user data. Google also ensures that this policy will not be altered in any potentially damaging way without express written consent from the customer and/or user.
Conclusion
Google Apps provides a secure and reliable platform for your data, bringing you the latest technologies and best practices for datacenter management, network application security, and data integrity. When you entrust your company’s information with Google, you can do so with confidence, knowing that the full weight of Google’s technology and infrastructure investment is brought to bear to ensure the security, privacy, and integrity of your data.
For more information about Google Apps, go to http://www.google.com/a or email
apps-enterprise@google.com.
© Copyright 2007. Google is a trademark of Google Inc. All other company and product names may be trademarks of the respective
companies with which they are associated.
Source: Google Apps' Security White Paper
Google Apps's Security Assurance
Four Questions On Google App Security
Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats
» Comments (1)
By Bill Brenner, Senior Editor
December 16, 2008 — CSO —
Need proof that the computing world is dominated by applications engineered by search giant Google? Just stare into your laptop.
The Web-wandering public has increasingly forsaken Microsoft Outlook and Lotus Notes in favor of Gmail as their e-mail program of choice. Companies that sell software to measure website performance have a tough competitor in Google Analytics. And the list goes on.
Naturally, this makes the Google universe a tempting target for those who would exploit application security holes to infect computers with malware, steal credit card and Social Security numbers and make off with a company's intellectual property.
In this Q&A, Eran Feigenbaum, senior security manager for Google Apps, and Adam Swidler, product marketing manager for Google Apps, explain the steps Google has taken to defend their users against online evil and how, as a result, the company has become a serious contender in the security industry.
There's been some debate over whether it's truly possible to have secure cloud computing. What's the Google argument in favor of it?
Eran Feigenbaum: The reason we're doing cloud computing and we think it works is -- first of all, we see tremendous security issues with the traditional client-side server: misconfiguration, missing patches, having things turned on you didn't know you had turned on, and so on. Then there's the complexity of running multiple versions of different applications on the network. It all becomes very difficult to secure. Before joining Google in 2007, I lived that problem at my last job as CSO in a financial services organization.
Talk about what Google has done to learn from those problems.
Feigenbaum: With cloud computing and specifically Google apps, we've been able to learn from those lessons and design a relatively newer infrastructure that doesn't have those problems. For example, our millions and millions of servers all look identical. We manage all the physical and virtual components, the hardware, the operating system, and since everything is identical, it's easier to manage the technology. When you need to make a change it's much easier to do when everything is more uniform.
Chris Hoff (chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board) is one of the more vocal skeptics of cloud computing and virtualization security in general. He believes there's too little understanding of the technology to secure it properly.
Feigenbaum: There's a misconception around grouping cloud computing with virtualization. Cloud computing is just saying, we have a large infrastructure -- one that is identical in our case and easier to manage -- and we are going to use that to benefit customers via a shared service. Google Apps, specifically, is built around message application, security and compliance. A lot of companies and vendors intentionally or unintentially get it mixed up.
Adam Swidler: When we talk about cloud computing, this is not a virtualization strategy. This is about outsourcing a lot of the security to us. We build in the security from the ground up. The only way to be more secure is to constantly test your defenses. Google is always under attack, and so we are currently adjusting and hardening security. We feel increasingly that the cloud is the best place to solve your e-mail challenges. The fact that your first line of defense is in the cloud, in the path of incoming threats like e-mail spam, putting a solution in the cloud keeps all of this out of your infrastructure, which makes things more cost-effective and allows us to stay a half-step ahead of the bad guys, who are always getting smarter and more sophisticated.
How is Google using the recently-acquired Postini filtering service to address application security concerns?
Swidler: We really continue to sell Postini as a separate offering, separate from Google Apps, for companies that are still running their own e-mail servers such as Lotus Notes or Microsoft Exchange. We have taken a big chunk of Postini's technology and incorporated it into the Gmail client. But the heaviest usage is still among companies that have not yet switched to the cloud. But given how Postini technology has been incorporated into Google Apps, companies using Postini are in a better position to make the switch over to cloud computing.
Source: http://www.csoonline.com/
Two members of Google's application security team explain why the future belongs in the computing cloud -- and how Google Apps is dealing with the constant barrage of security threats
» Comments (1)
By Bill Brenner, Senior Editor
December 16, 2008 — CSO —
Need proof that the computing world is dominated by applications engineered by search giant Google? Just stare into your laptop.
The Web-wandering public has increasingly forsaken Microsoft Outlook and Lotus Notes in favor of Gmail as their e-mail program of choice. Companies that sell software to measure website performance have a tough competitor in Google Analytics. And the list goes on.
Naturally, this makes the Google universe a tempting target for those who would exploit application security holes to infect computers with malware, steal credit card and Social Security numbers and make off with a company's intellectual property.
In this Q&A, Eran Feigenbaum, senior security manager for Google Apps, and Adam Swidler, product marketing manager for Google Apps, explain the steps Google has taken to defend their users against online evil and how, as a result, the company has become a serious contender in the security industry.
There's been some debate over whether it's truly possible to have secure cloud computing. What's the Google argument in favor of it?
Eran Feigenbaum: The reason we're doing cloud computing and we think it works is -- first of all, we see tremendous security issues with the traditional client-side server: misconfiguration, missing patches, having things turned on you didn't know you had turned on, and so on. Then there's the complexity of running multiple versions of different applications on the network. It all becomes very difficult to secure. Before joining Google in 2007, I lived that problem at my last job as CSO in a financial services organization.
Talk about what Google has done to learn from those problems.
Feigenbaum: With cloud computing and specifically Google apps, we've been able to learn from those lessons and design a relatively newer infrastructure that doesn't have those problems. For example, our millions and millions of servers all look identical. We manage all the physical and virtual components, the hardware, the operating system, and since everything is identical, it's easier to manage the technology. When you need to make a change it's much easier to do when everything is more uniform.
Chris Hoff (chief security architect for the systems and technology division at Unisys and an advisor on the Skybox Security customer advisory board) is one of the more vocal skeptics of cloud computing and virtualization security in general. He believes there's too little understanding of the technology to secure it properly.
Feigenbaum: There's a misconception around grouping cloud computing with virtualization. Cloud computing is just saying, we have a large infrastructure -- one that is identical in our case and easier to manage -- and we are going to use that to benefit customers via a shared service. Google Apps, specifically, is built around message application, security and compliance. A lot of companies and vendors intentionally or unintentially get it mixed up.
Adam Swidler: When we talk about cloud computing, this is not a virtualization strategy. This is about outsourcing a lot of the security to us. We build in the security from the ground up. The only way to be more secure is to constantly test your defenses. Google is always under attack, and so we are currently adjusting and hardening security. We feel increasingly that the cloud is the best place to solve your e-mail challenges. The fact that your first line of defense is in the cloud, in the path of incoming threats like e-mail spam, putting a solution in the cloud keeps all of this out of your infrastructure, which makes things more cost-effective and allows us to stay a half-step ahead of the bad guys, who are always getting smarter and more sophisticated.
How is Google using the recently-acquired Postini filtering service to address application security concerns?
Swidler: We really continue to sell Postini as a separate offering, separate from Google Apps, for companies that are still running their own e-mail servers such as Lotus Notes or Microsoft Exchange. We have taken a big chunk of Postini's technology and incorporated it into the Gmail client. But the heaviest usage is still among companies that have not yet switched to the cloud. But given how Postini technology has been incorporated into Google Apps, companies using Postini are in a better position to make the switch over to cloud computing.
Source: http://www.csoonline.com/
Friday, December 19, 2008
Google App Engine Gets System Management, Quota Dashboards and ... Pricing!
Google App Engine, a platform for letting users develop applications in the Python language and host them on Google's infrastructure, is getting a lot of attention today.
Earlier today, Dec. 16, Zoho pledged allegiance to the Google platform by integrating it to work with Zoho Creator.
Later in the day, Google unveiled a system status site, a resource quota dashboard and a billing feature, all for App Engine. The features augment an app platform that has been fairly bare bones in the management and monitoring category, enabling it to better compete with Amazon.com's Amazon EC2 (Elastic Compute Cloud) platform and other PAAS (platform as a service) providers.
As you might expect, the App Engine System Status dashboard monitors the performance of application components.
Included are up-to-the-minute, though not real-time, system status checks; daily downtime status check for each of the Google APIs; and detailed latency and error-rate graphs for the App Engine components, including Datastore, Images, Mail, Memcache, Serving, URL Fetch and Users.
Google will also use this dashboard to announce scheduled downtime and explain any issues that affect App Engine apps. Tom Stocky, director of Google Developer Products, noted in a blog post:
Building in dependencies to third-party services or moving to a new hosting infrastructure is not something developers take lightly. This new App Engine dashboard provides some of the same monitoring data that we use internally, so you can make informed decisions about your hosting infrastructure.
One App Engine programmer congratulated Stocky and Co. in this comment, noting that it was good Google created this dashboard before a customer revolt. No subtle threat there.
Google also said this tool would complement work done by Hyperic with its CloudStatus monitoring tool, but I would argue this will neutralize that product, which was free anyway. Why leave the App Engine environment if you don't have to?
In a related dashboard, the Quota Details tool charts resource quotas to let users track how much of the free quota bandwidth, storage and CPU their apps are using. Users can simply click the "Quota Details" link on the dashboard for any application.
Finally, Google unveiled its previously announced billing plan, which lets programmers buy additional capacity beyond the free quotas.
For this feature, Google is borrowing a page from its AdWords book, letting App Engine users buy capacity based on a daily budget for their applications. Users, who will pay by the drink for CPU, storage and e-mail resources, will get fine-grained control over this daily budget.
GigaOm's Alistair Croll notes that it's easy for Google to offer a free daily quota because App Engine isn't built around virtual machines the way Amazon EC2 is. Will this prompt Amazon.com to introduce free cloud computing quotas for applications?
Croll suggests that Google is building an ecosystem for programmers to build and sell their software, and he's correct, especially when you note the company's willingness to work with Salesforce.com and Zoho to enable disparate cloud computing platforms to interoperate.
This innovation is all very exciting and portends great things for 2009; more complete, connected compute clouds. This will take on greater significance once Microsoft gets its Windows Azure environment up and running.
If Linux has been the alternative to Windows in the last decade, the work Google, Salesforce.com, Zoho, et al. are doing in SAAS (software as a service) will be the alternative to next-generation Windows.
Users will have the choice that makes the market so rich and inviting. If only the economy will cooperate.
Earlier today, Dec. 16, Zoho pledged allegiance to the Google platform by integrating it to work with Zoho Creator.
Later in the day, Google unveiled a system status site, a resource quota dashboard and a billing feature, all for App Engine. The features augment an app platform that has been fairly bare bones in the management and monitoring category, enabling it to better compete with Amazon.com's Amazon EC2 (Elastic Compute Cloud) platform and other PAAS (platform as a service) providers.
As you might expect, the App Engine System Status dashboard monitors the performance of application components.
Included are up-to-the-minute, though not real-time, system status checks; daily downtime status check for each of the Google APIs; and detailed latency and error-rate graphs for the App Engine components, including Datastore, Images, Mail, Memcache, Serving, URL Fetch and Users.
Google will also use this dashboard to announce scheduled downtime and explain any issues that affect App Engine apps. Tom Stocky, director of Google Developer Products, noted in a blog post:
Building in dependencies to third-party services or moving to a new hosting infrastructure is not something developers take lightly. This new App Engine dashboard provides some of the same monitoring data that we use internally, so you can make informed decisions about your hosting infrastructure.
One App Engine programmer congratulated Stocky and Co. in this comment, noting that it was good Google created this dashboard before a customer revolt. No subtle threat there.
Google also said this tool would complement work done by Hyperic with its CloudStatus monitoring tool, but I would argue this will neutralize that product, which was free anyway. Why leave the App Engine environment if you don't have to?
In a related dashboard, the Quota Details tool charts resource quotas to let users track how much of the free quota bandwidth, storage and CPU their apps are using. Users can simply click the "Quota Details" link on the dashboard for any application.
Finally, Google unveiled its previously announced billing plan, which lets programmers buy additional capacity beyond the free quotas.
For this feature, Google is borrowing a page from its AdWords book, letting App Engine users buy capacity based on a daily budget for their applications. Users, who will pay by the drink for CPU, storage and e-mail resources, will get fine-grained control over this daily budget.
GigaOm's Alistair Croll notes that it's easy for Google to offer a free daily quota because App Engine isn't built around virtual machines the way Amazon EC2 is. Will this prompt Amazon.com to introduce free cloud computing quotas for applications?
Croll suggests that Google is building an ecosystem for programmers to build and sell their software, and he's correct, especially when you note the company's willingness to work with Salesforce.com and Zoho to enable disparate cloud computing platforms to interoperate.
This innovation is all very exciting and portends great things for 2009; more complete, connected compute clouds. This will take on greater significance once Microsoft gets its Windows Azure environment up and running.
If Linux has been the alternative to Windows in the last decade, the work Google, Salesforce.com, Zoho, et al. are doing in SAAS (software as a service) will be the alternative to next-generation Windows.
Users will have the choice that makes the market so rich and inviting. If only the economy will cooperate.
Google Brings Cross-Language Translation
An experimental feature lets Google Search Appliance translate documents in 34 languages. Search engine giant Google is looking to stimulate more international interest in its GSA search device, a rare piece of IT infrastructure hardware Google offers to businesses. The idea is to help Google's enterprise search gain favor over offerings from Microsoft Fast, Endeca, Autonomy, Vivisimo and other vendors.
Many enterprise search vendors offer their search software in multiple languages to help workers all over the world sift through corporate documents in sales, human resources and other areas.
Google Enterprise Labs, an effort Google launched in 2007 to test potential enhancements to its enterprise search products, has taken the polylingual concept up a notch by providing a Cross-Language Search feature in its Google Search Appliance.
The feature instantly translates search queries for internal company documents, sent from users' PCs to the GSA, in any of 34 languages, Cyrus Mistry, Google Enterprise product manager and Enterprise Labs creator, told eWEEK.
"This is analogous to giving every employee in a business 34 translators sitting at their desk and translating everything they want to look for within a 10th of a second," Mistry explained. "It would take a massive investment for companies to have translation servers on-site."
For example, if you're an English-speaking employee and you want to find and translate a document written in French from an office in Paris, you can do so with a few simple keystrokes. Your PC sends the request to the GSA, now imbued with Google's machine translation software, which does the work and renders the file in English on the fly.
Conversely, this feature will help those whose native language isn't English find and translate documents from U.S.-based employers into their native tongues.
How do results altered by Cross-Language Search appear to users? It depends on how an IT administrator renders it for in the admin XSLT page in GSA's software, which lets admins customize the user interface. With a few lines of JavaScript, admins can program GSA software to blanket translate every query in all languages, or just a single language.
Cross-Language Search, which can be downloaded here, is the latest of 10 features to roll out from Google Enterprise Labs since its inception in October 2007.
The most popular is the search-as-you-type feature, which presents suggestions and auto-completes queries before the user finishes typing. Another, do-it-yourself key-match lets users promote useful results to help colleagues in their searches.
Enterprise Labs works like other labs efforts at Google, including Gmail Labs and Google Apps Labs. That is, Google's 10,000 or so engineers build an experimental feature and launch it within Google for testing.
Once Mistry collects the feedback, he "sanitizes" the feature and releases it into the general public via Enterprise Labs. If he likes what he sees based on customer use, he rolls it into the product it's designed for, which is most often the GSA.
Cross-Language Search highlights what could be a painful reality for rival enterprise search providers, including Microsoft's Fast unit, Vivisimo, Endeca and Autonomy.
While Mistry readily acknowledges that rival platforms offer enterprise search in multiple languages, these much smaller vendors don't have machine translation experts to create such features, he said. Google has the benefit of having these experts for its consumer search offerings.
Many enterprise search vendors offer their search software in multiple languages to help workers all over the world sift through corporate documents in sales, human resources and other areas.
Google Enterprise Labs, an effort Google launched in 2007 to test potential enhancements to its enterprise search products, has taken the polylingual concept up a notch by providing a Cross-Language Search feature in its Google Search Appliance.
The feature instantly translates search queries for internal company documents, sent from users' PCs to the GSA, in any of 34 languages, Cyrus Mistry, Google Enterprise product manager and Enterprise Labs creator, told eWEEK.
"This is analogous to giving every employee in a business 34 translators sitting at their desk and translating everything they want to look for within a 10th of a second," Mistry explained. "It would take a massive investment for companies to have translation servers on-site."
For example, if you're an English-speaking employee and you want to find and translate a document written in French from an office in Paris, you can do so with a few simple keystrokes. Your PC sends the request to the GSA, now imbued with Google's machine translation software, which does the work and renders the file in English on the fly.
Conversely, this feature will help those whose native language isn't English find and translate documents from U.S.-based employers into their native tongues.
How do results altered by Cross-Language Search appear to users? It depends on how an IT administrator renders it for in the admin XSLT page in GSA's software, which lets admins customize the user interface. With a few lines of JavaScript, admins can program GSA software to blanket translate every query in all languages, or just a single language.
Cross-Language Search, which can be downloaded here, is the latest of 10 features to roll out from Google Enterprise Labs since its inception in October 2007.
The most popular is the search-as-you-type feature, which presents suggestions and auto-completes queries before the user finishes typing. Another, do-it-yourself key-match lets users promote useful results to help colleagues in their searches.
Enterprise Labs works like other labs efforts at Google, including Gmail Labs and Google Apps Labs. That is, Google's 10,000 or so engineers build an experimental feature and launch it within Google for testing.
Once Mistry collects the feedback, he "sanitizes" the feature and releases it into the general public via Enterprise Labs. If he likes what he sees based on customer use, he rolls it into the product it's designed for, which is most often the GSA.
Cross-Language Search highlights what could be a painful reality for rival enterprise search providers, including Microsoft's Fast unit, Vivisimo, Endeca and Autonomy.
While Mistry readily acknowledges that rival platforms offer enterprise search in multiple languages, these much smaller vendors don't have machine translation experts to create such features, he said. Google has the benefit of having these experts for its consumer search offerings.
Gmail with video & voice chat
Gmail launches voice and video chat
Makes it easy to chat with video and voice right alongside your email
Google today launched Gmail voice and video chat, making it simple for people around the world to chat in high-quality video for free right within Gmail. All you need is a webcam and a small web browser plugin, and you can start video chatting with your friends, family, and coworkers on Gmail and Google Apps. Gmail voice and video chat lets you start a video chat without switching to another application or signing up for another account. And if you don't have a webcam, you can simply chat by voice. We've made it easy enough that your mom -- or your employees -- will actually use it.
The launch comes as video communication grows in popularity; many of the latest lines of laptops, for example, come with built-in webcams. Businesses stretched across continents and timezones want more face-to-face collaboration among their employees, but in this economic climate, they're looking for ways to cut travel and IT expenses. Having a meeting with a colleague over video allows communications to continue in person without the expense of traveling there. Whether it's a coworker demoing a new product, or a first-time grandmother saying hello to her new grandson, sometimes there's no substitute for speaking to and seeing someone. Google is offering browser-based voice and video chat as a natural extension to webmail and instant messaging, allowing people to choose how they want to communicate at each moment -- by email, instant message, voice, or video.
To get started, open a Gmail chat window, click on the "Options" menu at the bottom, and choose "Add voice/video chat," which will walk you through a one-time installation of a free plugin (a quick 2 MB download). When you re-open Gmail you'll notice your "Options" link in your chat window has changed to "Video & more". Open this menu and click "Start video chat" to see and hear your partner in high-quality video. You can pop out the video and change its size and position, or switch to full screen.
Gmail is the first leading webmail service to include video chat. Gmail voice and video chat is being rolled out over the next day or so on PCs and on Macs. Google Apps customers get this service as well, at no extra charge, and can voice or video chat with any other Gmail or Apps users.
Gmail has always been about more than just email -- it's increasingly a communications hub, always pushing the limits of browser-based applications. Video chat is the latest in a weekly stream of Gmail features that includes, most recently, Gmail Labs (a public testing ground for experimental features like embeddable gadgets, the Forgotten Attachment Detector, and Mail Goggles ), a mobile client for Android phones, animated emoticons, and more.
To use voice and video chat, your PC must have Windows XP or a more recent version, or an Intel-Based Mac with Mac OS X v10.4 or later. It works in browsers that support the latest version of Gmail (Google Chrome, Firefox 2.0+, Internet Explorer 7.0, and Safari 3.0).
Makes it easy to chat with video and voice right alongside your email
Google today launched Gmail voice and video chat, making it simple for people around the world to chat in high-quality video for free right within Gmail. All you need is a webcam and a small web browser plugin, and you can start video chatting with your friends, family, and coworkers on Gmail and Google Apps. Gmail voice and video chat lets you start a video chat without switching to another application or signing up for another account. And if you don't have a webcam, you can simply chat by voice. We've made it easy enough that your mom -- or your employees -- will actually use it.
The launch comes as video communication grows in popularity; many of the latest lines of laptops, for example, come with built-in webcams. Businesses stretched across continents and timezones want more face-to-face collaboration among their employees, but in this economic climate, they're looking for ways to cut travel and IT expenses. Having a meeting with a colleague over video allows communications to continue in person without the expense of traveling there. Whether it's a coworker demoing a new product, or a first-time grandmother saying hello to her new grandson, sometimes there's no substitute for speaking to and seeing someone. Google is offering browser-based voice and video chat as a natural extension to webmail and instant messaging, allowing people to choose how they want to communicate at each moment -- by email, instant message, voice, or video.
To get started, open a Gmail chat window, click on the "Options" menu at the bottom, and choose "Add voice/video chat," which will walk you through a one-time installation of a free plugin (a quick 2 MB download). When you re-open Gmail you'll notice your "Options" link in your chat window has changed to "Video & more". Open this menu and click "Start video chat" to see and hear your partner in high-quality video. You can pop out the video and change its size and position, or switch to full screen.
Gmail is the first leading webmail service to include video chat. Gmail voice and video chat is being rolled out over the next day or so on PCs and on Macs. Google Apps customers get this service as well, at no extra charge, and can voice or video chat with any other Gmail or Apps users.
Gmail has always been about more than just email -- it's increasingly a communications hub, always pushing the limits of browser-based applications. Video chat is the latest in a weekly stream of Gmail features that includes, most recently, Gmail Labs (a public testing ground for experimental features like embeddable gadgets, the Forgotten Attachment Detector, and Mail Goggles ), a mobile client for Android phones, animated emoticons, and more.
To use voice and video chat, your PC must have Windows XP or a more recent version, or an Intel-Based Mac with Mac OS X v10.4 or later. It works in browsers that support the latest version of Gmail (Google Chrome, Firefox 2.0+, Internet Explorer 7.0, and Safari 3.0).
Why gmail is much better
As someone who spends an inordinate amount of time wading through e-mails, finding the best e-mail service is paramount in my life.
Realizing that, I've done my fair share of shuffling from one e-mail program to the next--trying to find the best service that not only offers speed and stability, but also reliability and spam control. And although e-mail services are getting better, it's abundantly clear that few offer the kind of experience I'm really looking for in an e-mail client. But Google's Gmail app is different. It's better than its competition on a number of levels and provides the kind of e-mail experience that's simply unrivaled online.
Spam, Spam, Spam
I've used practically every e-mail service on the Web and I can say, without a doubt, that Gmail blocks the most spam. To those who open a new account, spam may not be a serious concern. Your spam folder will likely remain empty for a while until your new e-mail address makes its way into the wild. But for my e-mail address, which is widely available and easily attainable, spam is a constant headache.
On services like Yahoo Mail, Windows Live Hotmail, and AOL Mail, the spam blocker tried but failed on too many occasions. In fact, dealing with spam in my already bloated in-box was a daily occurrence that got worse as more messages piled up. But Gmail is different. Right now, I have thousands of messages sitting in my spam folder that never made their way to my in-box. Even better, I can say with all honesty that I only see about two or three spam messages per day in my in-box--not perfect, but much better than anything the competition is offering.
Google Apps
Maybe it's not fair to compare e-mail clients on the basis of additional apps, but I'll do it anyway. After all, Google is competing with the likes of Yahoo and AOL--two major Web companies--and I don't see why these two can't release apps that provide an even greater value proposition to users.
There's something so appealing about receiving an e-mail from someone who attached a Word document or Excel spreadsheet and being given the option to open that attachment in Google Docs. And being able to switch to Google Calendar and Reader from Gmail cuts down on time spent on managing my day. Maybe that functionality appeals to me because I prefer using apps like Google Calendar and Reader to keep me organized and "in the know", but I honestly can't see myself using another e-mail client knowing how invested I am in other Google apps. Suffice to say that my affinity for Gmail stretches beyond e-mail.
Filters
Gmail's filter feature is the best in the business. Period. Unlike its competitors, which try to provide a filter tool that simply re-routes incoming messages, Gmail delivers a power user's dream. In a matter of seconds, you can create a filter that searches through all incoming mail looking for specific people or keywords and once found, immediately categorizes it into a specific folder, forwards it on to someone else, or moves it to the trash, to name just a few functions.
With the help of Filters, using Gmail becomes an even more rewarding experience. Gone are the days of spending big chunks of your time attempting to find just one e-mail that's lost in a collection of thousands. Other e-mail services try desperately to provide the same kind of filter features, but they fall flat. In my experience, messages are either missed, the filter has performs the wrong function, or simply not ends up not working. In fact, Yahoo Mail's filter feature works only in its Classic e-mail app and according to the company, won't be available in the new interface until it's done "tweaking the Yahoo! Mail Filters option." Yikes.
Annoying ads
Anyone who has used Yahoo Mail, AOL Mail, or Windows Live Hotmail knows all too well that the annoying ads are in abundance. But when you load up Gmail, it's an entirely different story.
Sure, there are ads on Gmail, but unlike the other services, they're not intrusive in any way. I never notice them when I'm working with the program, but when I load up Yahoo Mail or try out Hotmail, I'm inundated with ugly display ads that reduce the service's screen real estate and generally take away from the experience. Granted, ads don't have any impact on the viability of an e-mail service, but doesn't it stand to reason that if you're not forced to look at blinking ads while working in your e-mail, you'll be a happier user?
I certainly think so.
Conversation Displays
I realize there are many people out there who enjoy the "classic" style of displaying e-mails based on their arrival, but I'm not one of them. I like that Gmail groups an entire e-mail conversation into one and forgoes the use of individual strands. The latter strikes me as outdated and useless today in a world of constant e-mail communication.
That said, I realize my opinion isn't the most popular. Yahoo and AOL Mail are more popular than Gmail and each employs the "old" display style, suggesting that users prefer that over Gmail's style. But I think that's more of a reaction to what users know than to what they would like. In fact, I'm willing to bet that if those people were forced to use Gmail for a week, the vast majority would dump Yahoo or AOL in favor of Google's client as soon as a flurry of e-mails between two parties broke out and they needed to go back to find a particular message. Finding that message couldn't be easier in Gmail.
Realizing that, I've done my fair share of shuffling from one e-mail program to the next--trying to find the best service that not only offers speed and stability, but also reliability and spam control. And although e-mail services are getting better, it's abundantly clear that few offer the kind of experience I'm really looking for in an e-mail client. But Google's Gmail app is different. It's better than its competition on a number of levels and provides the kind of e-mail experience that's simply unrivaled online.
Spam, Spam, Spam
I've used practically every e-mail service on the Web and I can say, without a doubt, that Gmail blocks the most spam. To those who open a new account, spam may not be a serious concern. Your spam folder will likely remain empty for a while until your new e-mail address makes its way into the wild. But for my e-mail address, which is widely available and easily attainable, spam is a constant headache.
On services like Yahoo Mail, Windows Live Hotmail, and AOL Mail, the spam blocker tried but failed on too many occasions. In fact, dealing with spam in my already bloated in-box was a daily occurrence that got worse as more messages piled up. But Gmail is different. Right now, I have thousands of messages sitting in my spam folder that never made their way to my in-box. Even better, I can say with all honesty that I only see about two or three spam messages per day in my in-box--not perfect, but much better than anything the competition is offering.
Google Apps
Maybe it's not fair to compare e-mail clients on the basis of additional apps, but I'll do it anyway. After all, Google is competing with the likes of Yahoo and AOL--two major Web companies--and I don't see why these two can't release apps that provide an even greater value proposition to users.
There's something so appealing about receiving an e-mail from someone who attached a Word document or Excel spreadsheet and being given the option to open that attachment in Google Docs. And being able to switch to Google Calendar and Reader from Gmail cuts down on time spent on managing my day. Maybe that functionality appeals to me because I prefer using apps like Google Calendar and Reader to keep me organized and "in the know", but I honestly can't see myself using another e-mail client knowing how invested I am in other Google apps. Suffice to say that my affinity for Gmail stretches beyond e-mail.
Filters
Gmail's filter feature is the best in the business. Period. Unlike its competitors, which try to provide a filter tool that simply re-routes incoming messages, Gmail delivers a power user's dream. In a matter of seconds, you can create a filter that searches through all incoming mail looking for specific people or keywords and once found, immediately categorizes it into a specific folder, forwards it on to someone else, or moves it to the trash, to name just a few functions.
With the help of Filters, using Gmail becomes an even more rewarding experience. Gone are the days of spending big chunks of your time attempting to find just one e-mail that's lost in a collection of thousands. Other e-mail services try desperately to provide the same kind of filter features, but they fall flat. In my experience, messages are either missed, the filter has performs the wrong function, or simply not ends up not working. In fact, Yahoo Mail's filter feature works only in its Classic e-mail app and according to the company, won't be available in the new interface until it's done "tweaking the Yahoo! Mail Filters option." Yikes.
Annoying ads
Anyone who has used Yahoo Mail, AOL Mail, or Windows Live Hotmail knows all too well that the annoying ads are in abundance. But when you load up Gmail, it's an entirely different story.
Sure, there are ads on Gmail, but unlike the other services, they're not intrusive in any way. I never notice them when I'm working with the program, but when I load up Yahoo Mail or try out Hotmail, I'm inundated with ugly display ads that reduce the service's screen real estate and generally take away from the experience. Granted, ads don't have any impact on the viability of an e-mail service, but doesn't it stand to reason that if you're not forced to look at blinking ads while working in your e-mail, you'll be a happier user?
I certainly think so.
Conversation Displays
I realize there are many people out there who enjoy the "classic" style of displaying e-mails based on their arrival, but I'm not one of them. I like that Gmail groups an entire e-mail conversation into one and forgoes the use of individual strands. The latter strikes me as outdated and useless today in a world of constant e-mail communication.
That said, I realize my opinion isn't the most popular. Yahoo and AOL Mail are more popular than Gmail and each employs the "old" display style, suggesting that users prefer that over Gmail's style. But I think that's more of a reaction to what users know than to what they would like. In fact, I'm willing to bet that if those people were forced to use Gmail for a week, the vast majority would dump Yahoo or AOL in favor of Google's client as soon as a flurry of e-mails between two parties broke out and they needed to go back to find a particular message. Finding that message couldn't be easier in Gmail.
Google Site Search Gets More Demanding
Google Site Search Gets More Demanding
Google today launched On-Demand Indexing, a new feature for Google Site Search that allows businesses to quickly incorporate new pages and important site updates into search results on their websites. On-Demand Indexing ensures that site visitors have access to a site's freshest content, and that businesses have the flexibility to share news, product releases and promotions as they happen.
With On-Demand Indexing:
Site owners get an "Index Now" button to quickly and easily update their site search results with new and updated content.
New pages are searchable within hours – taking no longer than a day to appear within site search results.
On-Demand Indexing has allowed Adobe to easily keep their new online Adobe Community Help up to date, creating a dynamic resource that combines Adobe’s in-depth help centers with the most current resources available online. With Google Site Search, Adobe can selectively index the most relevant results from across their entire online community, and expose these resources directly to their Creative Suite customers – creating a unique tool that spans from the desktop into the cloud.
“On-Demand Indexing was essential for our recent launch of Adobe Creative Suite 4, the biggest software release in the company’s history,” said Tanya Wendling, senior director for Learning Resources at Adobe. “Google Site Search made it easy to implement search across our Creative Suite product line and online sites, and we are now able to index thousands of new pages and make them available to millions of users worldwide within hours.”
Google Site Search, our cloud-based search solution for business, helps thousands of organizations harness the power of Google.com, and fully customize search to suit their website. Along with the greater control of On-Demand Indexing, site owners get the same ease of use and fast results of Google Site Search, including:
Set up that takes minutes and results returned in less than a second
The ability to promote new or certain types of pages at the top of results
Full customization controls over the look and feel of search
A range of options for phone and email support
Google today launched On-Demand Indexing, a new feature for Google Site Search that allows businesses to quickly incorporate new pages and important site updates into search results on their websites. On-Demand Indexing ensures that site visitors have access to a site's freshest content, and that businesses have the flexibility to share news, product releases and promotions as they happen.
With On-Demand Indexing:
Site owners get an "Index Now" button to quickly and easily update their site search results with new and updated content.
New pages are searchable within hours – taking no longer than a day to appear within site search results.
On-Demand Indexing has allowed Adobe to easily keep their new online Adobe Community Help up to date, creating a dynamic resource that combines Adobe’s in-depth help centers with the most current resources available online. With Google Site Search, Adobe can selectively index the most relevant results from across their entire online community, and expose these resources directly to their Creative Suite customers – creating a unique tool that spans from the desktop into the cloud.
“On-Demand Indexing was essential for our recent launch of Adobe Creative Suite 4, the biggest software release in the company’s history,” said Tanya Wendling, senior director for Learning Resources at Adobe. “Google Site Search made it easy to implement search across our Creative Suite product line and online sites, and we are now able to index thousands of new pages and make them available to millions of users worldwide within hours.”
Google Site Search, our cloud-based search solution for business, helps thousands of organizations harness the power of Google.com, and fully customize search to suit their website. Along with the greater control of On-Demand Indexing, site owners get the same ease of use and fast results of Google Site Search, including:
Set up that takes minutes and results returned in less than a second
The ability to promote new or certain types of pages at the top of results
Full customization controls over the look and feel of search
A range of options for phone and email support
New features in Google Apps's email
Gmail Labs reflects Google's belief in agile development and its overall software philosophy: develop new features quickly, release them (even if unpolished) and solicit user feedback. That's quite a different approach as compared to older e-mail systems from IBM (Lotus Notes) or Microsoft (Exchange and Outlook), where changes or additions are large in scale, but rolled out less frequently and in a much more hierarchical manner.
I have a few favorites from Gmail Labs that have helped me cut down on the time I normally take to toggle between applications. Ironically, one of them is even designed to cut down on how much time I spend in e-mail, addressing an endemic problem that plagues the 21st century worker like me.
Related Content
Google Subnet: The independent voice of Google customers
Google, Microsoft square off on education techVIDEO
Google covers the OlympicsBLOG
Securing endpoints by unifying essential components in a single agentWHITEPAPER
Google to bolster Apps, not the priceBLOG
Google search appliance gets bigger, easierBLOG
Vint Cerf explains privacy remarksBLOG
HTC: Android phone out by year endBLOG
Windows Vista(R) Migration:WHITEPAPER
Google's Blogger failure underscores risk of cloud computingBLOG
View more related contentView all related articlesTo add any of these features, click on the green beaker in the top right corner of your Gmail account (just to the right of where your e-mail address appears in bold lettering). Once you're in Gmail Labs, you'll see a list of the add-ons with brief descriptions. You simply click "enable" or "disable" for any of these, and make sure you hit "save" at the bottom of the page. (If more work is required in setting one up, I've noted that in the application info below.). Also, each lab feature has a "send feedback" link where you can write to Google Apps and Gmail developers.
One caveat: As the Google guys and gals like to remind us, this is their test kitchen, so these add-ons could (and probably will) break from time to time.
1. SMS Text Gmail Chat
How it helps do no evil: Gmail automatically sets you up with a Gmail Chat widget that lets you send your Gmail friends instant messages (and you can also upload your AOL Instant Messenger screen name Chat contacts). But often, these contacts either leave their computers to run to the store or out for lunch.
You could send them an e-mail, but not everyone owns a smart phone with e-mail. But many of those folks have SMS Text, at least. As a result, this add-on is handy because it allows you to send an SMS text message to them from your Gmail chat box.
Want to compare network applications products? View our IT Product Guides now.How to set it up: There is a little legwork involved after you click to "enable" SMS text on the Gmail Labs page. After you enable it and click save, return to your Gmail inbox and go to the chat widget (it's on the left column of your Gmail by default, but there's actually another feature in Gmail Labs that allows you to move it to the right side if you wish). Go to the search bar in the chat widget (it says "search, add or invite"). In that field, begin typing the name of the desired contact. Once the name pops up, scroll down to the name. Once you scroll over the name, you'll see an option that says "Send SMS Text."
From there, add and save the number for that contact.
Now, go to that person's name on your buddy list in the chat widget, and you'll be able to send him or her an SMS Text.
Related Content
Google Subnet: The independent voice of Google customers
Google, Microsoft square off on education techVIDEO
Google covers the OlympicsBLOG
Securing endpoints by unifying essential components in a single agentWHITEPAPER
Google to bolster Apps, not the priceBLOG
Google search appliance gets bigger, easierBLOG
Vint Cerf explains privacy remarksBLOG
HTC: Android phone out by year endBLOG
Windows Vista(R) Migration:WHITEPAPER
Google's Blogger failure underscores risk of cloud computingBLOG
View more related contentView all related articlesAbove is the SMS Text Gmail Chat Window.
Doing No Good: Be mindful that normal text messaging fees apply for your recipient, and that only U.S. phones can utilize this feature for now. Because SMS texts have 160 character count, it would be nice to see a character countdown as you type the text (like you would on Twitter).
Also, when you receive a text from a Gmail sender, a random phone number appears (we presume from wherever it gets routed). When I sent my colleague and mobile expert Al Sacco a text message (see screenshot below), a Montana-based number appeared in the message on Sacco's BlackBerry screen. This could throw off a recipient who doesn't memorize your number (since my number, for instance, is a San Francisco-based 415, and calling me back at this Montana number would be useless).
2. Forgotten Attachment Detector
How it helps do no evil: It happens all the time. You craft an e-mail message, explaining what you'd like done or someone to see in an attached file. But, of course, you send it and forget to attach said file.
If you enable the Gmail forgotten attachment detector, a pop-up reminder will come up when you use words like "attach" or "attachment," asking if you've forgotten it.
How to set it up: Go to Gmail Labs, click "enable," and save. Doing No Good: Unfortunately, this detector doesn't always work. In fact, I only got it to work on two of five attempts using pretty obvious diction in the body of the e-mail. There's a lot of discussion in the Gmail Labs about this feature. It has a lot of potential, but needs work.
Want to compare network applications products? View our IT Product Guides now.3. E-Mail Addict
How it helps do no evil: We spend too much time in e-mail. With e-mail addict, once an hour your e-mail will shut down, asking you to "take a break" and you will become invisible on Google Chat for 15 minutes.
How to set it up: Go to Gmail Labs, click "enable" and save.
Doing no good: If your boss sends you a very important e-mail during that time period, you may not be happy camper. But odds are, your boss has other ways of getting in touch with you, and I find very little wrong with people who decide to enable this add-on. Again, we spend WAY too much time in e-mail.
4. Google Docs Gadget
How it helps do no evil: While some of you might say "pry my Microsoft Office from my cold dead hands," the Google Apps developers have spent a lot of time during the past year building upon their Web-based Documents, Spreadsheets and Presentations apps.
While each still lacks some of the features in Office, Google Docs has some upsides. Mainly, it doesn't require that you store files locally (so if you lose your laptop, you're only out the hardware, not the files). It also has amazing version control. If you liked how a document looked 20 minutes ago, you can revert back.
For the full web-based version of Google Docs, you've typically needed to click on the "Documents" link in the top left side of Gmail, launching a new tab in your browser. Now, with this Google Docs Gadget, you can see your recent documents as a widget beside your Gmail inbox. It has a "new" tab that immediately allows you to begin a new document, spreadsheet, presentation or form writer.
How it works: Go to Gmail Labs, click enable, and save. The widget will appear on left column of your Gmail page.
Doing No Good: The document list in the widget doesn't always update very quickly after you add new documents. I can deal with this, but it'd be nice to have some sort of "refresh" button to force the issue if I wanted.
5. Google Calendar Gadget
Want to compare network applications products? View our IT Product Guides now.How it helps do no evil: One of the fundamental problems with Web-based e-mail and productivity suites is a lack of integration, where each app is walled off from one another. One of the most important aspects of any on-premise e-mail system like Lotus Notes or Microsoft Exchange has been the integration with your calendar. By adding the Google Calendar gadget,you have that capability in Gmail on the left side of your page. You can add events to your calendar (the full version can be found by clicking the "Calendar" link in the upper left side of Gmail). In the widget, under options, you can click to show a mini-calendar of the current month.
How it works: Go to Gmail Labs, click enable, and save. The widget will appear on left column of your Gmail page.
Doing no good: When you start to add an event, you can't add many details other than the time and the activity (Tuesday, 7 p.m. dinner with Anna at Nick's Crispy Tacos). If you click to add more details, you're sent to a more robust page with fields for addresses, numbers, etc. (that will open as a tab in your browser). While that's really not a huge deal, a smaller pop-up beside the widget might be preferable.
I have a few favorites from Gmail Labs that have helped me cut down on the time I normally take to toggle between applications. Ironically, one of them is even designed to cut down on how much time I spend in e-mail, addressing an endemic problem that plagues the 21st century worker like me.
Related Content
Google Subnet: The independent voice of Google customers
Google, Microsoft square off on education techVIDEO
Google covers the OlympicsBLOG
Securing endpoints by unifying essential components in a single agentWHITEPAPER
Google to bolster Apps, not the priceBLOG
Google search appliance gets bigger, easierBLOG
Vint Cerf explains privacy remarksBLOG
HTC: Android phone out by year endBLOG
Windows Vista(R) Migration:WHITEPAPER
Google's Blogger failure underscores risk of cloud computingBLOG
View more related contentView all related articlesTo add any of these features, click on the green beaker in the top right corner of your Gmail account (just to the right of where your e-mail address appears in bold lettering). Once you're in Gmail Labs, you'll see a list of the add-ons with brief descriptions. You simply click "enable" or "disable" for any of these, and make sure you hit "save" at the bottom of the page. (If more work is required in setting one up, I've noted that in the application info below.). Also, each lab feature has a "send feedback" link where you can write to Google Apps and Gmail developers.
One caveat: As the Google guys and gals like to remind us, this is their test kitchen, so these add-ons could (and probably will) break from time to time.
1. SMS Text Gmail Chat
How it helps do no evil: Gmail automatically sets you up with a Gmail Chat widget that lets you send your Gmail friends instant messages (and you can also upload your AOL Instant Messenger screen name Chat contacts). But often, these contacts either leave their computers to run to the store or out for lunch.
You could send them an e-mail, but not everyone owns a smart phone with e-mail. But many of those folks have SMS Text, at least. As a result, this add-on is handy because it allows you to send an SMS text message to them from your Gmail chat box.
Want to compare network applications products? View our IT Product Guides now.How to set it up: There is a little legwork involved after you click to "enable" SMS text on the Gmail Labs page. After you enable it and click save, return to your Gmail inbox and go to the chat widget (it's on the left column of your Gmail by default, but there's actually another feature in Gmail Labs that allows you to move it to the right side if you wish). Go to the search bar in the chat widget (it says "search, add or invite"). In that field, begin typing the name of the desired contact. Once the name pops up, scroll down to the name. Once you scroll over the name, you'll see an option that says "Send SMS Text."
From there, add and save the number for that contact.
Now, go to that person's name on your buddy list in the chat widget, and you'll be able to send him or her an SMS Text.
Related Content
Google Subnet: The independent voice of Google customers
Google, Microsoft square off on education techVIDEO
Google covers the OlympicsBLOG
Securing endpoints by unifying essential components in a single agentWHITEPAPER
Google to bolster Apps, not the priceBLOG
Google search appliance gets bigger, easierBLOG
Vint Cerf explains privacy remarksBLOG
HTC: Android phone out by year endBLOG
Windows Vista(R) Migration:WHITEPAPER
Google's Blogger failure underscores risk of cloud computingBLOG
View more related contentView all related articlesAbove is the SMS Text Gmail Chat Window.
Doing No Good: Be mindful that normal text messaging fees apply for your recipient, and that only U.S. phones can utilize this feature for now. Because SMS texts have 160 character count, it would be nice to see a character countdown as you type the text (like you would on Twitter).
Also, when you receive a text from a Gmail sender, a random phone number appears (we presume from wherever it gets routed). When I sent my colleague and mobile expert Al Sacco a text message (see screenshot below), a Montana-based number appeared in the message on Sacco's BlackBerry screen. This could throw off a recipient who doesn't memorize your number (since my number, for instance, is a San Francisco-based 415, and calling me back at this Montana number would be useless).
2. Forgotten Attachment Detector
How it helps do no evil: It happens all the time. You craft an e-mail message, explaining what you'd like done or someone to see in an attached file. But, of course, you send it and forget to attach said file.
If you enable the Gmail forgotten attachment detector, a pop-up reminder will come up when you use words like "attach" or "attachment," asking if you've forgotten it.
How to set it up: Go to Gmail Labs, click "enable," and save. Doing No Good: Unfortunately, this detector doesn't always work. In fact, I only got it to work on two of five attempts using pretty obvious diction in the body of the e-mail. There's a lot of discussion in the Gmail Labs about this feature. It has a lot of potential, but needs work.
Want to compare network applications products? View our IT Product Guides now.3. E-Mail Addict
How it helps do no evil: We spend too much time in e-mail. With e-mail addict, once an hour your e-mail will shut down, asking you to "take a break" and you will become invisible on Google Chat for 15 minutes.
How to set it up: Go to Gmail Labs, click "enable" and save.
Doing no good: If your boss sends you a very important e-mail during that time period, you may not be happy camper. But odds are, your boss has other ways of getting in touch with you, and I find very little wrong with people who decide to enable this add-on. Again, we spend WAY too much time in e-mail.
4. Google Docs Gadget
How it helps do no evil: While some of you might say "pry my Microsoft Office from my cold dead hands," the Google Apps developers have spent a lot of time during the past year building upon their Web-based Documents, Spreadsheets and Presentations apps.
While each still lacks some of the features in Office, Google Docs has some upsides. Mainly, it doesn't require that you store files locally (so if you lose your laptop, you're only out the hardware, not the files). It also has amazing version control. If you liked how a document looked 20 minutes ago, you can revert back.
For the full web-based version of Google Docs, you've typically needed to click on the "Documents" link in the top left side of Gmail, launching a new tab in your browser. Now, with this Google Docs Gadget, you can see your recent documents as a widget beside your Gmail inbox. It has a "new" tab that immediately allows you to begin a new document, spreadsheet, presentation or form writer.
How it works: Go to Gmail Labs, click enable, and save. The widget will appear on left column of your Gmail page.
Doing No Good: The document list in the widget doesn't always update very quickly after you add new documents. I can deal with this, but it'd be nice to have some sort of "refresh" button to force the issue if I wanted.
5. Google Calendar Gadget
Want to compare network applications products? View our IT Product Guides now.How it helps do no evil: One of the fundamental problems with Web-based e-mail and productivity suites is a lack of integration, where each app is walled off from one another. One of the most important aspects of any on-premise e-mail system like Lotus Notes or Microsoft Exchange has been the integration with your calendar. By adding the Google Calendar gadget,you have that capability in Gmail on the left side of your page. You can add events to your calendar (the full version can be found by clicking the "Calendar" link in the upper left side of Gmail). In the widget, under options, you can click to show a mini-calendar of the current month.
How it works: Go to Gmail Labs, click enable, and save. The widget will appear on left column of your Gmail page.
Doing no good: When you start to add an event, you can't add many details other than the time and the activity (Tuesday, 7 p.m. dinner with Anna at Nick's Crispy Tacos). If you click to add more details, you're sent to a more robust page with fields for addresses, numbers, etc. (that will open as a tab in your browser). While that's really not a huge deal, a smaller pop-up beside the widget might be preferable.
Corporate users migrated to Google Apps
While Google is often cited as having a golden touch, the company's productivity application suite is still a mere bronze competitor to Microsoft's Office and collaboration tools despite upgrades over the past year that focused on evolving and securing the online tools for corporate users.
Google Apps Premier Edition (GAPE), the vendor's US$50 per user productivity suite targeted at businesses, has proven worthy in certain situations, most involving universities or small and midsize businesses (SMB) looking to cut costs.
The platform, however, still lacks some key features for large companies that build applications around productivity tools and demand tight integration and security, along with administrative controls.
GAPE is made up of messaging, including Google Gmail, Calendars and Talk; collaboration including Google Docs, Video and Sites; and e-mail security and compliance.
Over the past year, Google has been adding tools and APIs to satisfy customer demands, as well as Web 2.0 tools such as video that put a new twist on collaboration. But the work is far from over.
Model for success
Even critics, however, believe Google has the right model to succeed -- delivering the software as a service to corporate users.
Microsoft, whose Office suite boasts more than a 90% share of the market, is among those critics.
It endorsed the online model in October when it introduced the first online versions of fully functional Office applications available via a browser. Office Web Applications are in private testing and are slated for inclusion with Office 14. Microsoft already has its toe in the water with Office Live Workspaces and with Exchange and SharePoint Online Services.
While the future may hold promise, the current position for GAPE is the role of worthy alternative and not as serious contender to replace Office or other collaboration platforms.
Google, however, may make its mark not by rising to the top of the heap, but by redefining collaboration and carving the most innovative turns around Web 2.0.
Growing up
"The Google model is not wrong, it is just immature," says Guy Creese, a Burton Group analyst who for years has been tracking Google's efforts to produce online productivity tools. This month he is releasing a report entitled: "Is It Time to Ditch Microsoft Office?"
It is an interesting question because Google isn't lagging for lack of trying.
The company is refining its platform to include new features and controls that appeal to -- and are required by -- corporate users. And it is adding Web 2.0 twists and integrating social software.
In July 2007, Google made its biggest investment yet toward satisfying corporate users when it laid out $625 million for e-mail hygiene vendor Postini, which provided the compliance, archiving and e-mail protection GAPE lacked.
The Postini service provides security for e-mail, instant messaging and the Web; archiving; message encryption; and policy enforcement of Transport Layer Security.
And because Postini's archiving and compliance only covers e-mail, Google last month released an API to address documents.
"We let you connect your Google Docs with the others systems you use for compliance," says Rajen Sheth, senior product manager for Google Apps. "We continue to mature the product set."
To further back that claim, Sheth also cites the addition of Google Sites, a wiki-based team sharing tool, and Google Video, based on capabilities inherited from its YouTube division.
Google also has added an service-level agreement and is working on an administrative dashboard that shows how its systems are running and their health. The tool comes after a string of outages that crippled GAPE in the past months.
And in November, Google earned its SAS-70 Type II certification, which public companies under the Sarbanes Oxley Act require from their hosting providers.
In addition, Google and its partners are busy ratcheting up the feature set, such as Panorama Software, which has developed a slick -- and free -- business intelligence tool called Analytics for Google Spreadsheets.
"This is not about replacing, it is about solving old problems in new ways with Google Docs," says Oudi Antebi, vice president of strategy for Panorama. Antebi, who came to Panorama after eight years at Microsoft, says one reason for lagging enterprise interest in GAPE is that many are looking at it as a replacement instead of an extension to what they already have.
Seeing is believing
One example of Google's potential power is seen in the District of Columbia government, which is using Google's productivity suite to foster cost reduction, anywhere access, mobile integration and a collaboration platform that evolves on Internet time for its 38,000 employees.
Vivek Kundra, the CTO for the D.C. government, is blazing such a path with his Google-based projects. He is rumored to be helping President-elect Barack Obama's transition team work through its technology agenda focused on "cutting-edge technologies to create a new level of transparency, accountability and participation for America's citizens."
Kundra's innovations around Google Apps include a video job board, where D.C. hiring managers post descriptions of openings; a wiki built with text and video explaining and soliciting participation in D.C.'s procurement process; and his latest project where he has provided a list of contractors D.C. has hired, the projects they are working on and their pay rates. Â
"What we have created is transparency," Kundra says. "Taxpayers can hold us accountable."
Kundra also launched Apps for Democracy, a contest to build applications on top of the Google platform using any of the 216 data feeds from the D.C. Data Catalog, including most recent road-kill pickups.
The contest yielded 47 applications in 30 days at a cost of $50,000. Kundra estimated the price would have been $2.6 million if done using D.C.'s old form of in-house development. Seven of the applications are now running in production.
"This is the power [you get] when you greatly democratize the ability to create, publish and distribute content," Kundra says. "Before, you relied on a massive IT operation with developers, Web editors and writers. Now we shift power to the individual employee."
But Kundra recognizes Google Apps also has its weaknesses.
D.C. still uses Microsoft Office, which he says is better suited for creating complex documents, and he is still waiting for Google integration with Exchange calendars.
Climbing the mountain
One barrier to Google's success is the fact that it is a crowded race to become second fiddle and take a run at Microsoft's dominance.
Since launching GAPE in February 2007, Google has earned $4 million compared with $12.2 billion for Microsoft's Office, according to Gartner. Google won't clarify its number of paid users other than to say it has "hundreds of thousands."
And there are a host of other competitors including IBM Lotus Symphony, Corel WordPerfect Office, OpenOffice.org, Sun StarOffice, ThinkFree and Zoho, as well as lesser known vendors such as Ability Office, Celframe Office, Koffice, GNOME Office and Softmaker Office.
In a study released last month, ClickStream found that use of free versions of productivity tools such as Google Docs and OpenOffice remain low and that use of Microsoft Office showed no decline.
ClickStream spent six months tracking usage among 2,400 adults using the tools at home and found that 51% used Microsoft Office, while only 5% used Open Office, 1% used Google Docs and 0.3% Google Spreadsheets.
ClickStream concluded that "although Google Docs and Spreadsheets has been touted as a potential competitor to the Microsoft Office suite, OpenOffice is currently the more likely app to take that position, possibly indicating the value of offline and local processing enabled by installed applications."
What's missing?
Critics and Google agree there is work to do.
Burton Group's Creese says Google provides only rudimentary e-mail distribution lists, lacks the ability to do administration via roles, and does not support Office 2007 file formats.
"If you standardized on [Office 2007] you are in trouble," he says. The software also does not translate all graphics from Word documents, supports only a dozen or so fonts, does not provide in-box delegation features and imposes file size limitations when importing documents.
"If you are trying to collaborate on PowerPoint you could hit the limit," Creese says.
He thinks SMBs may be able to go completely to GAPE, but "a large corporation cannot do that. It will always have a mixed environment and you have to worry about these translation issues."
He adds that for Google Apps to take off it has to present new ways of working rather than just making software less expensive. "In the long run, we will see a movement to the software-as-a-service office suite in some form," he says.
Google's Sheth would not provide details of coming features for GAPE, but agreed with the list of issues cited by Creese and others. "I think we already have a robust enterprise offering, of course there is more we can do. We are building that list and adding more and more functionality," he says.
The challenge is clear to many.
"Google needs to keep innovating around new ways that people work," says Tony Safoian, president and CEO of SadaSystems, a consulting and development firm that is both a Microsoft and a Google partner. "I can work with five people at the same time on the same spreadsheet and get the work done. That is how people work today. Google needs to continue to move along the lines of the collaborative work environment where people find things in a few seconds instead of hours or days. That is where Google's edge is now."
SadaSystems has made a significant investment in building Google Apps implementations and will continue to move users to the cloud.
"We are betting big on this technology," Safoian says.
Now the question is whether corporate users bet big on Google and its innovations or stick with Microsoft as it moves to its hybrid world of software and services
Google Apps Premier Edition (GAPE), the vendor's US$50 per user productivity suite targeted at businesses, has proven worthy in certain situations, most involving universities or small and midsize businesses (SMB) looking to cut costs.
The platform, however, still lacks some key features for large companies that build applications around productivity tools and demand tight integration and security, along with administrative controls.
GAPE is made up of messaging, including Google Gmail, Calendars and Talk; collaboration including Google Docs, Video and Sites; and e-mail security and compliance.
Over the past year, Google has been adding tools and APIs to satisfy customer demands, as well as Web 2.0 tools such as video that put a new twist on collaboration. But the work is far from over.
Model for success
Even critics, however, believe Google has the right model to succeed -- delivering the software as a service to corporate users.
Microsoft, whose Office suite boasts more than a 90% share of the market, is among those critics.
It endorsed the online model in October when it introduced the first online versions of fully functional Office applications available via a browser. Office Web Applications are in private testing and are slated for inclusion with Office 14. Microsoft already has its toe in the water with Office Live Workspaces and with Exchange and SharePoint Online Services.
While the future may hold promise, the current position for GAPE is the role of worthy alternative and not as serious contender to replace Office or other collaboration platforms.
Google, however, may make its mark not by rising to the top of the heap, but by redefining collaboration and carving the most innovative turns around Web 2.0.
Growing up
"The Google model is not wrong, it is just immature," says Guy Creese, a Burton Group analyst who for years has been tracking Google's efforts to produce online productivity tools. This month he is releasing a report entitled: "Is It Time to Ditch Microsoft Office?"
It is an interesting question because Google isn't lagging for lack of trying.
The company is refining its platform to include new features and controls that appeal to -- and are required by -- corporate users. And it is adding Web 2.0 twists and integrating social software.
In July 2007, Google made its biggest investment yet toward satisfying corporate users when it laid out $625 million for e-mail hygiene vendor Postini, which provided the compliance, archiving and e-mail protection GAPE lacked.
The Postini service provides security for e-mail, instant messaging and the Web; archiving; message encryption; and policy enforcement of Transport Layer Security.
And because Postini's archiving and compliance only covers e-mail, Google last month released an API to address documents.
"We let you connect your Google Docs with the others systems you use for compliance," says Rajen Sheth, senior product manager for Google Apps. "We continue to mature the product set."
To further back that claim, Sheth also cites the addition of Google Sites, a wiki-based team sharing tool, and Google Video, based on capabilities inherited from its YouTube division.
Google also has added an service-level agreement and is working on an administrative dashboard that shows how its systems are running and their health. The tool comes after a string of outages that crippled GAPE in the past months.
And in November, Google earned its SAS-70 Type II certification, which public companies under the Sarbanes Oxley Act require from their hosting providers.
In addition, Google and its partners are busy ratcheting up the feature set, such as Panorama Software, which has developed a slick -- and free -- business intelligence tool called Analytics for Google Spreadsheets.
"This is not about replacing, it is about solving old problems in new ways with Google Docs," says Oudi Antebi, vice president of strategy for Panorama. Antebi, who came to Panorama after eight years at Microsoft, says one reason for lagging enterprise interest in GAPE is that many are looking at it as a replacement instead of an extension to what they already have.
Seeing is believing
One example of Google's potential power is seen in the District of Columbia government, which is using Google's productivity suite to foster cost reduction, anywhere access, mobile integration and a collaboration platform that evolves on Internet time for its 38,000 employees.
Vivek Kundra, the CTO for the D.C. government, is blazing such a path with his Google-based projects. He is rumored to be helping President-elect Barack Obama's transition team work through its technology agenda focused on "cutting-edge technologies to create a new level of transparency, accountability and participation for America's citizens."
Kundra's innovations around Google Apps include a video job board, where D.C. hiring managers post descriptions of openings; a wiki built with text and video explaining and soliciting participation in D.C.'s procurement process; and his latest project where he has provided a list of contractors D.C. has hired, the projects they are working on and their pay rates. Â
"What we have created is transparency," Kundra says. "Taxpayers can hold us accountable."
Kundra also launched Apps for Democracy, a contest to build applications on top of the Google platform using any of the 216 data feeds from the D.C. Data Catalog, including most recent road-kill pickups.
The contest yielded 47 applications in 30 days at a cost of $50,000. Kundra estimated the price would have been $2.6 million if done using D.C.'s old form of in-house development. Seven of the applications are now running in production.
"This is the power [you get] when you greatly democratize the ability to create, publish and distribute content," Kundra says. "Before, you relied on a massive IT operation with developers, Web editors and writers. Now we shift power to the individual employee."
But Kundra recognizes Google Apps also has its weaknesses.
D.C. still uses Microsoft Office, which he says is better suited for creating complex documents, and he is still waiting for Google integration with Exchange calendars.
Climbing the mountain
One barrier to Google's success is the fact that it is a crowded race to become second fiddle and take a run at Microsoft's dominance.
Since launching GAPE in February 2007, Google has earned $4 million compared with $12.2 billion for Microsoft's Office, according to Gartner. Google won't clarify its number of paid users other than to say it has "hundreds of thousands."
And there are a host of other competitors including IBM Lotus Symphony, Corel WordPerfect Office, OpenOffice.org, Sun StarOffice, ThinkFree and Zoho, as well as lesser known vendors such as Ability Office, Celframe Office, Koffice, GNOME Office and Softmaker Office.
In a study released last month, ClickStream found that use of free versions of productivity tools such as Google Docs and OpenOffice remain low and that use of Microsoft Office showed no decline.
ClickStream spent six months tracking usage among 2,400 adults using the tools at home and found that 51% used Microsoft Office, while only 5% used Open Office, 1% used Google Docs and 0.3% Google Spreadsheets.
ClickStream concluded that "although Google Docs and Spreadsheets has been touted as a potential competitor to the Microsoft Office suite, OpenOffice is currently the more likely app to take that position, possibly indicating the value of offline and local processing enabled by installed applications."
What's missing?
Critics and Google agree there is work to do.
Burton Group's Creese says Google provides only rudimentary e-mail distribution lists, lacks the ability to do administration via roles, and does not support Office 2007 file formats.
"If you standardized on [Office 2007] you are in trouble," he says. The software also does not translate all graphics from Word documents, supports only a dozen or so fonts, does not provide in-box delegation features and imposes file size limitations when importing documents.
"If you are trying to collaborate on PowerPoint you could hit the limit," Creese says.
He thinks SMBs may be able to go completely to GAPE, but "a large corporation cannot do that. It will always have a mixed environment and you have to worry about these translation issues."
He adds that for Google Apps to take off it has to present new ways of working rather than just making software less expensive. "In the long run, we will see a movement to the software-as-a-service office suite in some form," he says.
Google's Sheth would not provide details of coming features for GAPE, but agreed with the list of issues cited by Creese and others. "I think we already have a robust enterprise offering, of course there is more we can do. We are building that list and adding more and more functionality," he says.
The challenge is clear to many.
"Google needs to keep innovating around new ways that people work," says Tony Safoian, president and CEO of SadaSystems, a consulting and development firm that is both a Microsoft and a Google partner. "I can work with five people at the same time on the same spreadsheet and get the work done. That is how people work today. Google needs to continue to move along the lines of the collaborative work environment where people find things in a few seconds instead of hours or days. That is where Google's edge is now."
SadaSystems has made a significant investment in building Google Apps implementations and will continue to move users to the cloud.
"We are betting big on this technology," Safoian says.
Now the question is whether corporate users bet big on Google and its innovations or stick with Microsoft as it moves to its hybrid world of software and services
FAQ on Google app security
Need proof that the computing world is dominated by applications engineered by search giant Google? Just stare into your laptop.
The Web-wandering public has increasingly forsaken Microsoft Outlook and Lotus Notes in favor of Gmail as their e-mail program of choice. Companies that sell software to measure Web site performance have a tough competitor in Google Analytics. And the list goes on.
Naturally, this makes the Google universe a tempting target for those who would exploit application security holes to infect computers with malware, steal credit card and Social Security numbers, and make off with a company's intellectual property.
In this Q&A, Eran Feigenbaum, senior security manager for Google Apps, and Adam Swidler, product marketing manager for Google Apps, explain the steps Google has taken to defend its users against online evil and how, as a result, the company has become a serious contender in the security industry.
There's been some debate over whether it's truly possible to have secure cloud computing. What's the Google argument in favor of it? Eran Feigenbaum: The reason we're doing cloud computing and we think it works is -- first of all, we see tremendous security issues with the traditional client-side server: misconfiguration, missing patches, having things turned on you didn't know you had turned on and so on. Then there's the complexity of running multiple versions of different applications on the network. It all becomes very difficult to secure. Before joining Google in 2007, I lived that problem at my last job as CSO in a financial services organization.
Talk about what Google has done to learn from those problems. Feigenbaum: With cloud computing and specifically Google apps, we've been able to learn from those lessons and design a relatively newer infrastructure that doesn't have those problems. For example, our millions and millions of servers all look identical. We manage all the physical and virtual components, the hardware, the operating system, and since everything is identical, it's easier to manage the technology. When you need to make a change it's much easier to do when everything is more uniform.
Chris Hoff [chief security architect for the systems and technology division at Unisys and an adviser on the Skybox Security customer advisory board] is one of the more vocal skeptics of cloud computing and virtualization security in general. He believes there's too little understanding of the technology to secure it properly. Feigenbaum: There's a misconception around grouping cloud computing with virtualization. Cloud computing is just saying, we have a large infrastructure -- one that is identical in our case and easier to manage -- and we are going to use that to benefit customers via a shared service. Google Apps, specifically, is built around message application, security and compliance. A lot of companies and vendors intentionally or unintentionally get it mixed up.
Adam Swidler: When we talk about cloud computing, this is not a virtualization strategy. This is about outsourcing a lot of the security to us. We build in the security from the ground up. The only way to be more secure is to constantly test your defenses. Google is always under attack, and so we are currently adjusting and hardening security. We feel increasingly that the cloud is the best place to solve your e-mail challenges. The fact that your first line of defense is in the cloud, in the path of incoming threats like e-mail spam, putting a solution in the cloud keeps all of this out of your infrastructure, which makes things more cost-effective and allows us to stay a half-step ahead of the bad guys, who are always getting smarter and more sophisticated.
How is Google using the recently acquired Postini filtering service to address application security concerns? Swidler: We really continue to sell Postini as a separate offering, separate from Google Apps, for companies that are still running their own e-mail servers such as Lotus Notes or Microsoft Exchange. We have taken a big chunk of Postini's technology and incorporated it into the Gmail client. But the heaviest usage is still among companies that have not yet switched to the cloud. But given how Postini technology has been incorporated into Google Apps, companies using Postini are in a better position to make the switch over to cloud computing.
The Web-wandering public has increasingly forsaken Microsoft Outlook and Lotus Notes in favor of Gmail as their e-mail program of choice. Companies that sell software to measure Web site performance have a tough competitor in Google Analytics. And the list goes on.
Naturally, this makes the Google universe a tempting target for those who would exploit application security holes to infect computers with malware, steal credit card and Social Security numbers, and make off with a company's intellectual property.
In this Q&A, Eran Feigenbaum, senior security manager for Google Apps, and Adam Swidler, product marketing manager for Google Apps, explain the steps Google has taken to defend its users against online evil and how, as a result, the company has become a serious contender in the security industry.
There's been some debate over whether it's truly possible to have secure cloud computing. What's the Google argument in favor of it? Eran Feigenbaum: The reason we're doing cloud computing and we think it works is -- first of all, we see tremendous security issues with the traditional client-side server: misconfiguration, missing patches, having things turned on you didn't know you had turned on and so on. Then there's the complexity of running multiple versions of different applications on the network. It all becomes very difficult to secure. Before joining Google in 2007, I lived that problem at my last job as CSO in a financial services organization.
Talk about what Google has done to learn from those problems. Feigenbaum: With cloud computing and specifically Google apps, we've been able to learn from those lessons and design a relatively newer infrastructure that doesn't have those problems. For example, our millions and millions of servers all look identical. We manage all the physical and virtual components, the hardware, the operating system, and since everything is identical, it's easier to manage the technology. When you need to make a change it's much easier to do when everything is more uniform.
Chris Hoff [chief security architect for the systems and technology division at Unisys and an adviser on the Skybox Security customer advisory board] is one of the more vocal skeptics of cloud computing and virtualization security in general. He believes there's too little understanding of the technology to secure it properly. Feigenbaum: There's a misconception around grouping cloud computing with virtualization. Cloud computing is just saying, we have a large infrastructure -- one that is identical in our case and easier to manage -- and we are going to use that to benefit customers via a shared service. Google Apps, specifically, is built around message application, security and compliance. A lot of companies and vendors intentionally or unintentionally get it mixed up.
Adam Swidler: When we talk about cloud computing, this is not a virtualization strategy. This is about outsourcing a lot of the security to us. We build in the security from the ground up. The only way to be more secure is to constantly test your defenses. Google is always under attack, and so we are currently adjusting and hardening security. We feel increasingly that the cloud is the best place to solve your e-mail challenges. The fact that your first line of defense is in the cloud, in the path of incoming threats like e-mail spam, putting a solution in the cloud keeps all of this out of your infrastructure, which makes things more cost-effective and allows us to stay a half-step ahead of the bad guys, who are always getting smarter and more sophisticated.
How is Google using the recently acquired Postini filtering service to address application security concerns? Swidler: We really continue to sell Postini as a separate offering, separate from Google Apps, for companies that are still running their own e-mail servers such as Lotus Notes or Microsoft Exchange. We have taken a big chunk of Postini's technology and incorporated it into the Gmail client. But the heaviest usage is still among companies that have not yet switched to the cloud. But given how Postini technology has been incorporated into Google Apps, companies using Postini are in a better position to make the switch over to cloud computing.
Top 10 Cloud Computing Predictions for 2009
SAN MATEO, CA, Dec 18, 2008 (MARKET WIRE via COMTEX) -- As the year draws to a close, many companies are left wondering what next year will bring for this year's hottest technology trend -- cloud computing. To answer these questions, Appirio ( www.appirio.com) today released its top 10 predictions for how cloud computing will evolve in 2009 and the impact those trends will have on IT and business. Appirio is a leading on-demand product and professional services company, and one of the fastest growing companies in the cloud computing space.
Appirio's predictions reveal that in spite of our current economy, cloud computing will continue to see strong growth and investment over the next year -- a prediction that industry analysts agree with as well. As more and more companies like Flextronics, Genentech and Harrah's publicly discuss their experience with cloud computing, it will pave the way for even more adoption over the coming year.
"This year cloud computing made the leap from an interesting proposition to a viable option for even the largest of enterprises. In 2009 it becomes mandatory," said Appirio co-founder, Narinder Singh. "Today's economic climate will force enterprises to pick technology winners and losers for their environment in order to cut costs, be more efficient and deliver business-relevant innovation. Cloud computing makes this seemingly impossible task a possibility -- much more so than with traditional software. This is why we believe cloud computing will be counter cyclical, with SaaS and Platform as a Service (PaaS) investment accelerating, and traditional software spending declining."
Appirio's 2009 predictions include:
1. The "cloud of clouds" expands but sees traction revolve around open platforms. We'll see Microsoft and other traditional software players invest even more in new but closed cloud platforms. At the same time, proponents of a more open approach, like Amazon, Facebook, Google and Salesforce, will push more and deeper "cloud connections" like they did this year. This will create a more heated debate between the value of closed versus federated platforms.
2. At best, Microsoft Azure will be a better platform for Exchange. Microsoft will continue to shower attention on Azure but will see relatively limited adoption from ISVs and customers. While it will likely disappoint users and remain well behind established cloud players for the first few years, it will become a viable platform by 2010 -- primarily as a better foundation for Microsoft Exchange and existing on-premise .NET applications.
3. Google doubles down on the enterprise; enterprises return the favor by racing to Google Apps. Google has already shown they're serious about winning over enterprises with acquisitions like Postini and investments in Google Apps. They'll continue to expand their support for enterprise-class security, transparency, and development languages. In return enterprise customers, faced with economics that overcome preconceptions, will substantially increase their pace of adoption. We expect to see at least 3X the number of enterprises evaluating and moving to Google Apps, at the direct expense of Microsoft Exchange, Office and Lotus Notes (the Asbestos of Software).
4. A major SaaS 1.0 company will fail. Although SaaS and cloud investments will increase next year, a number of SaaS 1.0 companies -- stand-alone companies who built their SaaS products from scratch on their own -- will either falter due to the demands of creating infrastructure, or chose to re-platform. The progress of enterprise-ready platforms like Force.com makes it much easier for SaaS 2.0 companies to build advanced products that can leap ahead of the competition at a much lower cost.
5. A rise in serverless companies with 1000+ employees. In 2009, the market will start to hear about more and more companies going completely server-less. While this is already happening at smaller companies, larger and larger companies will optimize their business processes and cut IT expenses by outsourcing to cloud providers
6. The rise and fall of the private cloud. While private clouds will continue to generate a significant amount of hype, customers in most cases will realize they are little more than a better data center implementation. They will be valuable for customers who have significant transaction volumes and stringent regulatory or security requirements, but will have little ROI for the average IT organization. In the end, private clouds will create more value for service providers than for customers.
7. Business Intelligence (BI) becomes the next functional area to SaaSify. Just as CRM and HRM applications became poster children for the shift to SaaS these last few years, we'll see the same thing happening with on-demand BI. We'll also see a bifurcation in this space, with one set of applications built from the ground up to leverage the inherent benefits of cloud computing and one set a repackaging of traditional BI features just delivered over the Internet.
8. SAP or Oracle gets into the PaaS game. While these companies may have hedged their bets in 2008 (or even berated the SaaS model), we believe one of these companies will see the writing on the wall and start at least talking about a new cloud platform they're building over the next few years. In fact, they will attempt to switch the conversation and convince the market they have been working on this for years but called it something different.
9. Enterprises will figure out how to use social networks in the right way. Companies -- especially their HR and marketing organizations -- will finally figure out how to utilize social networks in day-to-day operations. More and more business (employees, leads, market intelligence) will come directly through business applications that tap into Facebook, Twitter, LinkedIn and other social networks that are already being used by employees and customers outside the workplace.
10. There will be at least one $100M software product built on Force.com. The myth that it is impossible to build a big business on an on-demand platform will finally be debunked by the emergence of a PaaS-enabled application in 2009 that has the potential for a $100M run rate.
These predictions are loosely based on what Appirio is hearing and seeing first hand from industry insiders around the globe -- from a base of over 2,000 customers, partnerships with leaders in this space, and conversations with industry influencers.
Appirio's predictions reveal that in spite of our current economy, cloud computing will continue to see strong growth and investment over the next year -- a prediction that industry analysts agree with as well. As more and more companies like Flextronics, Genentech and Harrah's publicly discuss their experience with cloud computing, it will pave the way for even more adoption over the coming year.
"This year cloud computing made the leap from an interesting proposition to a viable option for even the largest of enterprises. In 2009 it becomes mandatory," said Appirio co-founder, Narinder Singh. "Today's economic climate will force enterprises to pick technology winners and losers for their environment in order to cut costs, be more efficient and deliver business-relevant innovation. Cloud computing makes this seemingly impossible task a possibility -- much more so than with traditional software. This is why we believe cloud computing will be counter cyclical, with SaaS and Platform as a Service (PaaS) investment accelerating, and traditional software spending declining."
Appirio's 2009 predictions include:
1. The "cloud of clouds" expands but sees traction revolve around open platforms. We'll see Microsoft and other traditional software players invest even more in new but closed cloud platforms. At the same time, proponents of a more open approach, like Amazon, Facebook, Google and Salesforce, will push more and deeper "cloud connections" like they did this year. This will create a more heated debate between the value of closed versus federated platforms.
2. At best, Microsoft Azure will be a better platform for Exchange. Microsoft will continue to shower attention on Azure but will see relatively limited adoption from ISVs and customers. While it will likely disappoint users and remain well behind established cloud players for the first few years, it will become a viable platform by 2010 -- primarily as a better foundation for Microsoft Exchange and existing on-premise .NET applications.
3. Google doubles down on the enterprise; enterprises return the favor by racing to Google Apps. Google has already shown they're serious about winning over enterprises with acquisitions like Postini and investments in Google Apps. They'll continue to expand their support for enterprise-class security, transparency, and development languages. In return enterprise customers, faced with economics that overcome preconceptions, will substantially increase their pace of adoption. We expect to see at least 3X the number of enterprises evaluating and moving to Google Apps, at the direct expense of Microsoft Exchange, Office and Lotus Notes (the Asbestos of Software).
4. A major SaaS 1.0 company will fail. Although SaaS and cloud investments will increase next year, a number of SaaS 1.0 companies -- stand-alone companies who built their SaaS products from scratch on their own -- will either falter due to the demands of creating infrastructure, or chose to re-platform. The progress of enterprise-ready platforms like Force.com makes it much easier for SaaS 2.0 companies to build advanced products that can leap ahead of the competition at a much lower cost.
5. A rise in serverless companies with 1000+ employees. In 2009, the market will start to hear about more and more companies going completely server-less. While this is already happening at smaller companies, larger and larger companies will optimize their business processes and cut IT expenses by outsourcing to cloud providers
6. The rise and fall of the private cloud. While private clouds will continue to generate a significant amount of hype, customers in most cases will realize they are little more than a better data center implementation. They will be valuable for customers who have significant transaction volumes and stringent regulatory or security requirements, but will have little ROI for the average IT organization. In the end, private clouds will create more value for service providers than for customers.
7. Business Intelligence (BI) becomes the next functional area to SaaSify. Just as CRM and HRM applications became poster children for the shift to SaaS these last few years, we'll see the same thing happening with on-demand BI. We'll also see a bifurcation in this space, with one set of applications built from the ground up to leverage the inherent benefits of cloud computing and one set a repackaging of traditional BI features just delivered over the Internet.
8. SAP or Oracle gets into the PaaS game. While these companies may have hedged their bets in 2008 (or even berated the SaaS model), we believe one of these companies will see the writing on the wall and start at least talking about a new cloud platform they're building over the next few years. In fact, they will attempt to switch the conversation and convince the market they have been working on this for years but called it something different.
9. Enterprises will figure out how to use social networks in the right way. Companies -- especially their HR and marketing organizations -- will finally figure out how to utilize social networks in day-to-day operations. More and more business (employees, leads, market intelligence) will come directly through business applications that tap into Facebook, Twitter, LinkedIn and other social networks that are already being used by employees and customers outside the workplace.
10. There will be at least one $100M software product built on Force.com. The myth that it is impossible to build a big business on an on-demand platform will finally be debunked by the emergence of a PaaS-enabled application in 2009 that has the potential for a $100M run rate.
These predictions are loosely based on what Appirio is hearing and seeing first hand from industry insiders around the globe -- from a base of over 2,000 customers, partnerships with leaders in this space, and conversations with industry influencers.
Subscribe to:
Posts (Atom)
Posts
