Sometimes I just get it plain old wrong.
Yesterday’s entry on using Google Apps as a risk management decision, and then to consult your internal legal team.
Then as one reader pointed out, the idea was sound, but then I advocated using Drupal and Linux on any old shared environment. So basically, I advocated against Google Apps, and then said to do the same thing that Google Apps do, which is provide a shared collaborative environment that the company does not control by buying some 5 dollar a month hosting company.
The reader was dead right, and I was dead wrong.
Here’s why.
Google Apps provides storage on their servers, from what I know of Google security the odds of someone breaking in from the outside are very poor. Internal hackers are a different matter for everyone so I won’t even go there.
The advocacy for Drupal on a cheap hosting company is basically the same thing that Google apps does, but Google apps is probably going to do it better.
The same issues apply to both solutions, neither one is where the company has control over their stuff, as well foreign system administrators have access to all the good juicy corporate secrets that the company may be hosting somewhere else.
So really, the advocacy here is that corporate data should remain on corporate assets, and the use of any third party to host company data needs to meet the same legal requirements as data being stored internally at the company. Any 3rd party storage or application farm should be providing a certicicate of compliance for all the things that HIPAA, SOX, and etc require from a company.
Anything short of that, anything short of the ability to audit who access what, or where it is being stored is going to run afoul of legal requirements for a company that needs to meet those legal requirements.
Google probably stands a better chance of offering that kind of certification of legal compliance than a 5 dollar a month hosting company. Actually, it would be a major selling point if Google could offer a guarantee of compliance. If Google did that, then Google Apps will probably fly off the shelf and everyone will be more tied to Google than they are now.
So the bottom line, I should have been more clear in what I was saying, and I should not have said “Google apps is bad because you store company data off site” and then advocated “storing data off site” using some other program.
I would like to thank Randy for pointing this out, and as always, keep the comments coming, because I can not be right all the time.
Add to Del.icio.us | Digg | Reddit | Furl