In response to my post regarding the CapGemini/GoogleApps relationship, in which I espoused the benefits of the upcoming service offering, Alan Shimel obviously forgot to take his meds as he referenced some bizarre military campaign reference in his post titled "Yesterday's Argument, Tomorrow's Solution."
I really tried to keep up with Alan's logic in this post, but try as I might, I could not make heads or tails from Alan's arguments in which seemed to contradict himself and ultimately make the same argument I did in my post.
As far as I can tell, Alan is suggesting that I'm out of touch with the realities of market economics and that security, privacy and compliance have no impact on the adoption of SaaS:
One of the classic mistakes that armies on the losing side make is fighting the next war with the last wars weapons and tactics. I am afraid Mr Hoff is guilty as charged in talkingGoogle/CapGemini deal. In case you have not heard, CapGemini will offer Google Apps to the one million strong corporate desktops that it services.
Firstly, this announcement is less than 12 hours old. I hardly see how I'm on the "losing" side of anything? I've been suggesting that Google is in a position to encroach upon and own multiple markets currently monopolized by titans. Alan's already disagreed with me on Microsoft vs. Google once before, but that's not what this is about. I really don't understand what the heck he means by my supposed "guilt" in "taking the losing side."
Chris does a nice job of explaining how CG will make money on this and some of the advantages of Google Apps. However, Chris seems to side on the camp of those who think that SaaS based, centrally managed applications and the data that goes with it, will present compliance and security concerns that could slow adoption.
Um, yeah! Want some electricity for that cave you're living in!? You're not seriously suggesting that privacy, security and compliance do not hinder the adoption of technology and services are you, and more specifically, centrally-hosted applications and data?
I say poppycock to that.
I guess you are.
I heard the same thing about Qualys storing vulnerability data 5 years ago and over the intervening time have seen that argument melt away except for maybe in the federal government space. In fact Qualys has now become the tester of choice for PCI compliance in many cases. But beyond that, the whole issue of outsourcing application hosting brings me back to my days at Interliant, an early entrant into the ASP market. We hosted Lotus Notes, PeopleSoft and other enterprise level applications. As well as managed security (mostly checkpoint firewalls, which was sold to Akiva).
Just so I understand this, Alan is ignoring the history of my blog and then attempts to shore up his point by citing the poster child of Security SaaS for the last 6 years or so, Qualys. For those of who who read my blog regularly, you already know that (1) I am a huge proponent of SaaS, and (2) I was a Qualys customer and advisory board member. Alan obviously doesn't recognize either of those points.
To wit, storing scrubbed and encrypted vulnerability data (as Qualys does) is quite different than storing unparsed, unencrypted sensitive corporate data which is intended to be collaboratively shared.
The issue has not melted away, Alan...in fact, it's the impetus of probably half of the security industry's income statements, including yours.
One thing that we learned the hard way at Interliant is that people will not outsource applications which they consider critical and core to the business. So for instance, if they were an accounting firm, they would probably not outsource the hosting and management of their accounting software. However, critical, non-core applications are good candidates for outsourcing. I think for the most part, this is exactly where the Google Apps fall. I think the success of hosted CRM like Salesforce.com also shows that people are willing to outsource critical, non-core applications.
So there's been no movement in the adoption of SaaS from your experience 6 years ago at Interliant? Look, SaaS is certainly on the uptake and it's bringing new and interesting avenues to market for services that range from hosted apps to security, but it's far from ubiquitous and it's certainly got its fair share of scale, security and privacy concerns to deal with.
Poppycock away all you like, but riddle me this, how is it that you do not consider email, spreadsheets, presentations and documents "...critical and core to the business?" I dare you to turn off your email fora week and tell me it's not critical.
Now the fact that it is Google after all, raises in my mind anyway, two other issues. One is the privacy of my data from Google. Is Google going to use that to hone the ad words they serve up to me? The other is that as Google continues to grow, will it suffer from Microsoft like "evil empire" syndrome, where people attach dark aspirations to everything they do. I guess we will have to see how this plays out.
You just contradicted yourself and reinforced the exact point I made! So now you're concerned about privacy and hosted data? That's what my post was about entirely.
SaaS does and will absolutely continue to drive privacy concerns, especially for the very reasons at the end of your argument you make such a big point about highlighting. I even talked about this in this post here titled "On-Demand SaaS Vendors Able to Secure Assets Better than Customers?"
I can't figure out what point Alan's making here; he seems to agree and disagree with my posting in the same post.