That's where a proposed new cloud-app security process could give Google a big boost, in competing for both government and business contracts.
The U.S. government is proposing a new process, called FedRAMP, to certify whether cloud-based apps meet federal security requirements. As my colleague J. Nicholas Hoover writes:
If implemented, FedRAMP will develop common security requirements for specific types of systems, provide ongoing risk assessments and continuous monitoring, and carry out government-wide security authorizations that will be posted on a public Web site. Agencies would also be able to see what security controls have been implemented in different products and services. This way, complicated certification and accreditation processes would only need to be carried out once per cloud service, and agencies could leverage shared security management services.
Google has a strong security reputation. But this kind of certification would give it an official seal, one that suggests it's executing on the specific security needs of enterprise IT. It's only a start, since agencies can and must still consider a range of risk factors beyond the apps' capabilities. But it would help make sure security doesn't get the door slammed in Google's face. If Google can get certified, an IT leader in business or government who's tempted to write off Google for security concerns would have to answer "Why's it good enough for the U.S. army, or the IRS?"
Security's only table stakes, though, and in fact we'll see security becomes less and less of a barrier to companies choosing online e-mail and collaboration. Microsoft CEO Steve Ballmer says every single CIO he talks with is discussing online e-mail. Certifications like the FedRAMP will accelerate that discussion. But security is falling as a concern already. Our most recent InformationWeek Analytics research, just out of the field, shows 31% of companies who aren't using SaaS cite security, down eight points from a year ago.
No, the battle will increasingly shape up over features, prices, and flexibility, not security. Microsoft's the team to beat, with its powerful suite that includes Exchange and SharePoint, and now promises to bring in Office in a meaningful way, for the first time. But Google will get its shots, even without the lawsuits and hair pulling.