It is now five years since web giant Google launched a business version of its online office application suite, Google Apps. In that time, the company says, it has won four million customers, including many US government agencies and “61 out of the top 100 US universities”.
Still, it has a long way to go before it catches up on Microsoft’s ubiquitous Office suite. Last year, the company claimed that it sold one copy of the software every second.
Many of the high-profile customers that Google has won for Apps, including the UK’s Premier Foods and the US General Services Administration, have adopted it in place of IBM’s Lotus Notes.
So far, only a quarter of Google Apps customers are based in Europe, but the company wants that to change. It has therefore launched a number of initiatives to ease the security and compliance concerns of European companies.
One problem is that, while it does operate data centres in Europe, Google’s distributed cloud model means that it cannot guarantee that European customers’ data will not be transferred out of the EU.
Moving EU citizen data outside the Union is ostensibly banned by the Data Protection Directive. However, like many cloud and Internet service providers, Google has a ‘Safe Harbour’ agreement with the EU that means it can move data to the US on the condition that it meets the EU’s strict data protection guidelines.
However, to ease any residual compliance concerns, Google is preparing to introduce 11 ‘model contract clauses’ into its legal agreements with European customers. These are a set of contractual agreements drafted by the EU that oblige the service provider, among other things, to process data in accordance with local law and submit to a data protection audit by the customer if required.
Adopting these model contract clauses brings Google up to date with Microsoft, which introduced them for its hosted Office suite last year.
“This provides greater assurances from a regulatory perspective,” explains Marc Crandall, senior manager of global compliance at Google’s enterprise division.
“We will continue to use Safe Harbour for compliance with our customers in Europe, but the EU is not a homogeneous place and it’s nice to be able to provide additional options based on any particular customer.”
Meanwhile, Google Apps recently won ISO 27001 security certification for Google Apps, denoting management control over information security.
According to Eran Feigenbaum, director of security at Google’s Enterprise division, achieving the certification was not so much a matter of introducing new security precautions as of explaining its security practices to the auditor, Ernst & Young.
“Auditors are used to looking at just one secure development process, but our development lifecycle is composed of many different processes,” he explains.
“Google Apps is made up of many different products, and we want each team to develop software in a way that works for them. But we still want them all to do it in a secure manner.”
The ISO 27001 certification was welcomed by Google’s international sales team, Feigenbaum claims, as they believe it will make Google Apps easier to sell in Europe.
Again, however, Google trails Microsoft, whose Office 365 is already ISO 27001 certified.
Many predicted – hoped, even – that Google Apps might disrupt Microsoft’s stranglehold of the desktop productivity software market. And with four years’ head start on Office 365, it has every opportunity to do so.
However, in order to crack the enterprise market in Europe, the company is taking measures that make it look less and less like a plucky web start-up, and more like a conventional enterprise IT provider.
Unfortunately for Google, Microsoft has many years more experience at that game than it does. “Google is taking measures that make it look less and less like a plucky web start-up”