Monday, November 17, 2008

Software as a Service - A response to Scatterbrain

Scatterbrain had a posting (http://klcollins.org/2008/11/17/software-as-a-service/) where he responded to an article on zdnet web site (http://blogs.zdnet.com/SAAS/?p=609&tag=nl.e539) about a company saving a considerable amount of money by switching from internal exchange servers to using Google mail.

I was going to just leave a comment on his site, but as I thought about it and started responding, it was enough that I thought I would put it here and share with both my readers. So, the “you“‘s in this response are to Scatterbrain… you are intelligent, you can figure it out....

--- a response ---

I think you are glossing over MANY issues and questions that need to be addressed. However, to boil things down, I can EASILY see where moving your company’s mail to Google would be valuable, good, wise, and the right move. However, I would be speculating on a lot of things in making that argument. So, let’s stick with the article and the information it provides.

Your contention, based on the question, “who owns the data?”, is that if a company uses Google mail (or any other 3rd party service) then they cease to “own the data”. This is ludicrous. Ownership of the data never changes. However, what does (potentially) change is the network(s) that the data goes over and where it is stored.

The article stated that they had:

800 users
18 countries

They also stated that they were using Postini. Postini is a hosted message security and compliance product owned by Google. Hosted where? Google servers.

So, in their environment, ALL the data is already going to Google servers.
In their environment, ALL accounts are already set up on Google servers.

Your next argument was that once the data leaves your premises, It leaves your control and you have no idea how it is handled, who is handling it, and what’s being done with it.

Umm… this is the internet. That already happens.

You make a case for all the data being in your care where you can ensure that backups happen. It runs in your own colo facility. You control the process end-to-end.

Okay, so you use a colo facility. So, your data goes over a network that you do not control, where others have access, and you have no visibility. Thus, it is not internal. It is mostly internal, but not completely.

To bring this back around…

You state that interanl corporate collaboration data needs to stay internal.

My question to you is why?  Is the data such that if it got out it would substantially harm the business?  I would suspect that for MOST data the answer is no, it is not.  There is probably a few pieces that might fall into this category.  My response to that is then the wrong medium is being used.  Try the phone.  Oh, sorry, can’t do that based on your response - as you certainly do not control that public utility.  Try a fax… nope, again, public utility.  Oh, I know… try printing it out and hand couriering it.  Lawyers do that for sensitive stuff, so there is a precident.

--- end response ---