Your data: safe in your hands?

I have to take issue with two of my fellow ZDNet bloggers, both of whom I greatly respect, but who let the side down yesterday by recycling the tired old mantra about hosted applications being untrustworthy. First of all the excellent Mary Jo Foley compared Google Apps to Hailstorm, Microsoft's ill-judged identity play, as if it failed solely because it was Web-hosted. She asserted:

"Many businesses don't want their data to be stored offsite. Many also don't want a third-party middleman (even one that pledges it will 'do no evil') to host their data."

Then Ryan Stewart, whose Universal Desktop blog is essential reading, weighed in with this astonishing statement:

"The great thing about the desktop is that users have total control over things like privacy and security. The data is residing on servers they control behind networks they manage. Even small businesses are going to be loath to turn their most sensitive data over to Google."

So here is a selection of news stories culled from the past few months that allow us to objectively evaluate what happens when users "have total control over things like privacy and security" as Ryan puts it:

• U.K. company fined over laptop theft
• Hard drive vanishes from VA facility
• Stolen Boeing laptop held ID data on 382,000
• Commerce Department counts 1,100 missing laptops
• Theft of laptop puts thousands of identities at risk

Would any of those laptop thefts made the headlines had the data been stored in Google Apps? No, of course not, because the data would have remained inaccessible on Google's servers. And how likely is it that Google will be so lax as to allow any unauthorized access to its servers? As Talkback regular Donnieboy noted in a comment to my post on Google Apps last night, Google doesn't even hand over search data to Federal investigators. Donnieboy made another excellent point in a separate comment:

The seedy local MS reps maintaining your email server are about 100x worse. Also, small and medium businesses can NOT afford to take all of the steps really needed to protect themselves from hacks. Google will have privacy agreements, and they have very deep pockets. If they do not respect privacy, they will open themselves up to some very hefty lawsuits.

I think the message is clear — especially when you remember that all the stories I've listed above feature large, well-resourced enterprises and government departments rather than resource-strapped small businesses with limited in-house IT skills. If you value the security of your data, then the sooner you hand it over to Google or some other reputable on-demand SaaS vendor, the better.