Google announced this week that it was going all in on the cloud. It doesn’t seem like a bold statement for a company that was one of its earliest proponents, but The Wall Street Journal reports today Google is moving almost all of its internal applications to the Internet.
Consider that as recently as 2013, Google resisted using external cloud applications because of security concerns. It seemed laughable at the time that a cloud company was preventing its employees from using cloud services because it didn’t trust them.
Maybe it recognizes what so many big companies are learning. There is no safety behind the firewall. Google is assuming everyone, no matter where they are or what device they’re on, needs to confirm their identity and it encrypts connections regardless of where the employee happens to be, even inside its own building.
Steven Sinofsky, who spent more than 20 years working for Microsoft (and now advises Box), believes the cloud is very likely safer than most companies operating a traditional security model behind a firewall in the datacenter. As he wrote on his Learning by Shipping blog right after the Sony breach:
“It is also a reality that the cloud companies are going to be security first in terms of everything they do and in their ability to hire and maintain the most sophisticated cyber security groups. With these companies, security is an existential quality of the whole company and that is felt by every single person in the entire company,” he wrote.
Although he wouldn’t guarantee a cloud provider would never be breached in the fashion of Sony or Target, he said it was much more difficult because of their laser focus on security — and therefore much less likely.
David Cowan, a partner at Bessemer Venture Partners, who has been investing in computer security companies since the 1990s doesn’t disagree with Sinofsky, but he cautions that not all cloud companies are created equal.
“I absolutely agree the security of a mature cloud infrastructure vendor like Amazon or Google is going to be much better than almost any home-grown information system,” he said.
“[The problem is] most of the apps and websites we use have cloud backends that store and monitor our activity, and these nifty little accessories of our digital lives do not all come with all of the security of a Google or Amazon cloud,” he told TechCrunch.
Consider that cloud company Box, uses almost all cloud products in-house, and has been for some time. In a March 2014 article on CITEworld, then CIO Ben Haines said Box runs practically everything in the cloud.
“We really are drinking the Kool-Aid on cloud here and avoiding at all costs bringing things on premise,” Haines said at the time.
Apparently Google is just beginning to get that and with this week’s news is finally committing to the cloud. In a world where employees need access to company data and applications wherever they happen to be, on whatever device they happen to be using, this approach makes sense in a modern context.
The trouble is that IT pros cling to their old notions of security. If we have learned anything over the last 18 months from Sony, Target, Anthem, JPMorgan, et. al.; it’s that there’s no safety behind the firewall anymore.
Google has simply acknowledged that and put its users first by making it simpler for them to access information wherever they happen to be.