Far from being a major player in IT security today, Google has ambitious designs on becoming a big name in the burgeoning hosted security market, begging the question: Will your organization ever be ready to let the world's largest information retrieval company safeguard your crown jewels?
To hear Google talk of its plans for a multifaceted filtering system geared toward locking down data, you might have to answer this question sooner than you think.
At the center of Google's security push are talent and technology brought on board in this year's acquisitions of message filtering specialist Postini and browser-based security software maker GreenBorder Technologies. According to Google officials, the company is confident that these pieces lay the necessary foundation on which to build significant IT security and compliance automation capabilities.
In fact, Google company officials claim it is now as committed to creating tools to help end-users defend their data as it is to helping them search for information online.
But providing consumer-grade protection is one thing. Whether Google can successfully navigate the sophisticated security issues businesses face online is another. And the stakes could be significant, as a more security-minded Google Apps hosted productivity suite could give Microsoft a run for its Office desktop app money.
Postini's security platform
Shrugging off doubts about Google's ability to rise to the business-worthy security challenge, Scott Petry, founder and CTO of Postini, which Google acquired in July, said the search giant's security footprint has only just begun to take shape.
"When Google bought Postini, and in fact when Postini built its underlying architecture, it was not all about keeping spam from reaching peoples' in-boxes," Petry said. "They didn't buy bits on a server; what they bought, and what we built, was a platform for creating a range of different services around protecting content and monitoring usage patterns."
As evidence, Petry pointed to Google's recent integration of Postini's e-mail content policy management system into Google Apps Premier Edition, the first of a slew of online services Google plans to launch to help businesses and consumers safeguard their data.
Added to the release were data analysis tools for identifying credit card and Social Security numbers in e-mail messages, as well as policy enforcement options such as encryption. Google also added protection against zero-day attacks, and expanded message archiving features.
Additional security and compliance services already under development at Google will build on those capabilities, Petry said.
"We feel that we can build a broader umbrella by recognizing spam and malware before it reaches the network on one end, and by helping people monitor the outward flow of information on the other," Petry said. "We want to provide a stronger level of control for security over all types of content."
Should IT professionals assume consumers and small businesses will be the only beneficiaries of Google's security push, Petry points out that many of the e-mail and content management features added in the latest revision were designed specifically for large businesses.
Hooking the enterprise on hosted security
Chief among the obstacles Google faces in making a security services push deep into the enterprise is the fact that many larger organizations are reluctant to buy into the hosted security model. Petry, however, remains undeterred, citing Circuit City, Merrill Lynch, Mitsubishi Motors, and the National Hockey League as examples of existing Postini customers. And with major security vendors such as Symantec making SaaS (Software-as-a-Serivce) plays, the security services model shows signs of catching on.
From building additional compliance policy enforcement and DLP (data leakage prevention) services to creating new malware detection and e-discovery tools, Google is examining a wide range of opportunities to leverage its place in the IT stack into a more comprehensive security offering, Petry said.
"We'll start with some of the simpler things and move into some of the more complex areas," Petry said. "We feel that security has to be an anchor tenant of the entire Google applications infrastructure; what Google has today is a framework for creating a lot of new tools down the road."
Blending security tools into Google Apps is another priority for the search giant, as providing self-defense capabilities in those services will be essential to convincing larger businesses that the hosted applications model is industrial-strength, said Rajen Sheth, senior product manager at Google.
"Security remains one of the biggest issues for getting people more confident about putting more of their data outside the firewall," Sheth said. "Having policy-based services in place for protecting all different types of data -- as with the engine that came to Google from Postini -- will be critical to the success of Google Apps."
Deep pockets, worthwhile possibilities
Industry watchers agree that Google has the potential to successfully spin its existing security holdings into worthwhile security services.
Enterprise Strategy Group analyst Brian Babineau underscored the strength of technology brought on board in the Postini and GreenBorder acquisitions as key to Google's security push.
Marrying message filtering and archiving to Enterprise Gmail, along with the introduction of DLP tools, indicate the direction Google is likely to take, Babineau said.
Here, the vast financial and development resources at Google's disposal will prove advantageous, the analyst added.
"It's hard to ignore the resources that they have to use on any technology investment. Postini had a good customer base, and by adding that delivery mechanism, you can certainly envision some interesting things they can do around Enterprise Gmail and Google Apps," Babineau said.
"Something like archiving for compliance or governance purposes makes a lot of sense, especially in the messaging arena," Babineau said. "There will be some financial services and health care companies looking for service providers who can handle a lot of this work, and those that would consider using services like this will probably find it attractive to have a one-stop shop when they can find one."
Rethinking security
Smaller organizations will likely be the first to adopt such services, but larger companies do seem increasingly open to the hosted applications delivery model, Babineau said.
"Google has the ability to move in a lot of different directions, but they will need to move cautiously and ensure that they hit the right price points that customers want for services like archiving, DLP, and data discovery," Babineau added.
Of course, as other experts are quick to point out, many enterprises remain skeptical of the SaaS model, especially when it comes to employing services aimed at ensuring the security of business and customer data.
Those same market watchers, however, concede that Google's security proposition is significant.
"It's still unclear how much market movement we will see with adoption of security software as a service; how enterprises in particular are viewing use of the tools in the future remains uncertain," said Andrew Braunberg, an analyst at Current Analysis. "Google certainly has the infrastructure in place now to create some interesting choke points for data and, of course, can bring a lot of processing power to the table."
What may also help ensure Google's success in the hosted security market is an evolving outlook toward security already under way at many organizations, the analyst said.
"People are rethinking where security should live, especially in the context of the dissolving perimeter," Braunberg added. "If Google can push clean pipes in the cloud or take a datacentric approach on the desktop, you could see how some customers might be interested."
This story, "Is Google your next hosted-security partner?" was originally published by InfoWorld.