SaaS providers are still learning the hard way that If you trade in dependency, you have to earn trust: "[Clients of] on-demand application providers ... depend on them for everyday functions and operations, and therefore trust is paramount."
Yesterday, in When Google Owns You, Chris Brogan posted about a colleague who came back from lunch on Monday to find he was locked out of all his Google resources because the provider had disabled his account. With no clue how to resolve the problem and no opportunity to call a live person at Google for help, it took him a day and a half to regain access. This morning, the salutary tale is top story on Techmeme.
One point the story highlights is a hard lesson for users: Don't trust the cloud at this early stage in its evolution. Use the SMTP capability that Gmail provides to keep a local copy of your email inbox. If that's not possible, use a third-party Gmail backup service. Use your own domain and host the DNS somewhere else so that you can switch email providers without having to change your email address. Keep a back-up copy of important documents and other vital online assets. Finally, make sure you know what recourse you have when things go wrong — more on that below.
The trust issue for providers was eloquently summed up in a comment on Brogan's post by AboutNewMedia blogger Guinevere Orvis:
"A lot of companies are asking us to trust them with our data and there’s a frightening number of cases of them taking access to our data away without warning or recourse ... Where can I reliably publish my data so I can trust it will be there next time I need it?"
Of course there's another side to the story, which is that any process that allows locked-out users to regain control of their accounts will be relentlessly gamed by fraudsters and hackers trying to exploit the system for illicit reasons. So providers have to try and devise a process that's as painless as possible for genuine users while simultaneously bulletproof against identity-hacking exploits.
It's not an easy balance to strike, and getting the system right includes educating users about the risks. Google is clearly not getting it right, perhaps because it's not taking on-demand services like Gmail seriously enough. One thing it should be doing is giving more prominence to the risk of losing access to your accounts and what to do if it happens. Several commenters to Brogan's post mentioned that Google does have a process that caters for locked-out users. Jay Cuthrell wrote:
"To be very clear on this topic Chris — the 'paying customer' should have called the support number showing on this screen:
"Ideally, this is something that would be printed like his power bill, telephone bill, or any of a variety of utility bills.
"There he would find these numbers:
"* System critical issue support line (Local): 1-800-598-3901
"* System critical issue support line (Global): 1-650-253-7875
"To contact support, you will need the following:
"* Customer PIN: XXXXXXXXXX
"* Support PIN: XXXXXXXXXXX
"Of course, the X’s would be his specific information."
There's also a form that can be used by free account users but it requires quite a few data points that users will be better off assembling before they need it.
Another option that Google might consider is a premium service that allows desperate users to pay for human support when they find themselves in this situation. It may go against the grain of Google's everything-by-machine ethos, but service providers have to be creative about going the extra mile to give great customer service. Automation is all very well but at the end of the day, the on-demand business is governed by the human emotion of trust.