Frankly Speaking: Google Chrome's SaaS model should worry IT

Google Chrome? Hold that thought.

First, let's say your organization has confidential data -- Social Security numbers, credit card transactions, customer sales information, anything like that. Would you rather keep it in your data center or have it sitting on a user's laptop?

That's easy: You want it safe in the data center. But that makes the data much less convenient to an employee who might have used it to analyze a trend, identify fraud or close a sale. It's a trade-off; to put that data to its best use, you might have to give up some control and entrust that user with the data.

Now what about this: Say you're going to hand over a critical chunk of your IT infrastructure to an outsider. Where do you draw the line? At turning over all IT operations to an outsourcer? At letting own your sales force automation? At bringing in a consultant to run your online retail operation? At third-party Web hosting? At leased T1 network lines?

Chances are your comfort zone ends somewhere in the neighborhood of Salesforce. Software as a service still makes many IT people a little queasy. Will the advantages be worth having an outsider so involved in everything that your sales users do? Maybe -- but that requires a lot of trust, and it's not a decision that anyone in IT should make lightly.

Which brings us back to Chrome, the Web browser that Google released in beta form last week.

Much ink and many electrons have been spilled over the fact that Chrome is fast and simple and designed to run Web applications well (especially Google's Web applications), that it won't let one bad Web site crash the whole browser, that it grabbed a 1% share of Web browsing in less than a day.

And, of course, that it's Google's "Windows killer" (and good luck with that one, kids).

But it's really just a Web browser, right? No. At least, not the way we've thought about Web browsers before.

Most browsers send HTTP messages to far-off Web servers, which respond with HTML pages. Chrome spends nearly as much time phoning home to Google as it does talking to other Web servers.

Type in a Web address that doesn't exist and Chrome will send it to Google for help finding the right address.

Type in an address that Google has flagged as a phishing or malware site and Chrome will send an obfuscated version of the address to Google to get more information about the risk.

Type anything at all into the address bar and Chrome will send the keystrokes to Google for help suggesting what you may be looking for.

And that doesn't include the usage statistics and other information that Chrome sends home for Google to use "in order to operate and improve Google Chrome and other Google services," according to Google's privacy notice for Chrome.

You can turn much of that phoning-home off, or at least reduce it. But it's clear that Google doesn't see Chrome as just another browser. It's more like the front end for a Web-browsing software-as-a-service offering.

Feeling queasy?

Relax. Right now, Chrome is a beta with significant security problems yet to be addressed. By definition, it's not ready -- that's what beta means.

Bugs and security holes will be fixed. But Chrome's basic business model won't change.

So when you start evaluating it -- and you should -- don't just test how well it serves up Web applications, how robust it is or whether it really is a better browser.

Think about this: Are you ready to trust a software-as-a-service model for just about everything your users do?

Because that's Google Chrome.

Frank Hayes is Computerworld's senior news columnist. Contact him at

Copyright © 2008 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon