Since when should effective data management and regulatory compliance be mutually exclusive?

Since when should effective data management and regulatory compliance be mutually exclusive?

Summary: If you have not yet taken Google Apps for your Domain out for a test drive, c|net's Rafe Needleman has an introductory video and review available:  Google wants to get inside your small business.  Like many who have examined this dipping of the G-toe into business data management, Rafe thinks "this is a very early, very 1.

SHARE:
TOPICS: Google
11

If you have not yet taken Google Apps for your Domain out for a test drive, c|net's Rafe Needleman has an introductory video and review available:  Google wants to get inside your small business.  Like many who have examined this dipping of the G-toe into business data management, Rafe thinks "this is a very early, very 1.0, small business suite."  And so it may be, at this juncture.  But I wouldn't be surprised if Google is thinking much bigger, and likewise won't be surprised if in the not too distant future large businesses (even publicly traded ones and financial services ones, which are subject to the 1-2 punch of Sarbanes-Oxley and the Investment Advisors Act) embrace this kind of approach to data management — and especially something as effective at search, retrieval, and archiving as Gmail — as more desirable and efficient, in both function and cost, than the compliance strategies in use today.

I have seen a good deal of skepticism about the ability of a non-tailored, Web-based approach to succeed in The Enterprise ("She's breaking up!"), given the fact that the current attitude toward good regulatory hygiene involves having direct (or at minimum contractual) control over the boxes where the data resides.  See, e.g., many of the comments to Mike Arrington's Google Makes Its Move: Office 2.0, and Steve Bryant, Five Reasons You'll Use Google Office (and 5 Reasons You Won't).  But I think the skeptics may be focusing on the legacy/incumbent processes of compliance at the expense of its aims.  Regulatory recordkeeping and reporting requirements concerning internal, non-customer data exist to ensure accountability, and the best way to ensure accountability is to ensure the relevant information will persist and can be called up and organized at will.  I would think that hosting this sort of data with someone in the data persistence business, coupled with uncannily good search, should be at least the beginnings of a good compliance policy.

Some very achievable forward movement on two fronts would complete the picture.  Google and its would-be competitors will need to address the concerns of folks like H&R Block's CIO Marc West, who already acknowledges (as he told CIO magazine back in May), that "many of Google's consumer products are better and easier to use than their enterprise counterparts," and that his company would probably embrace Gmail internally "if Gmail was able to address the archiving, monitoring and reporting requirements that the Securities and Exchange Commission has for financial services companies."  Gmail is nothing if not a continually evolving work in process.  Would you be terribly surprised to see  this kind of functionality rolled out alongside a future GTalk update?  I wouldn't.

And to the extent the applicable regulations themselves may need to be updated to accommodate the ability of businesses to head in this direction, as Steve Gillmor recently pointed out that's certainly feasible as well.

[Updated September 6, 2006 @ 9:05 am:]  Regarding the related data security concerns, which are of course very real, there was a time when people didn't trust banks with their money either.  Today, while you may understand the motivations of someone who still feels it necessary to sock away their savings in a mattress, you recognize the security risk is actually much higher than if it was entrusted to a competent third party.

Topic: Google

Denise Howell

About Denise Howell

Denise Howell is an appellate, intellectual property and technology lawyer who enjoys broad industry recognition for her expertise on the intersection of emerging technologies and law.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

11 comments
Log in or register to join the discussion
  • Work costs money.

    And a public company has to make a profit on investment. What is the business plan you're envisaging for Google?

    Suppose Google's effort required capital to the same degree as Microsoft's entry into search and other functionality. You know, the amount that caused a significant drop in the stock. Google being a smaller company, let's say the investment was only proportional.

    Would you be pleased as a shareholder?

    Or would you take advantage of your next opportunity to remove executives whose grandiose but only vaguely (if at all) profitable plans put your investment at risk?

    Just as Google's use of open source software for its servers made the company seem part of the open source crusade for a time, so software that would be necessary for the success of a portal or other advertising-supported lure is apparently being seen as some kind of challenge to established companies.

    I think Google's management will stop when their efforts are about to exceed those which can produce increased profits.
    Anton Philidor
    • re Work costs money

      Google's has quite an established track record of successfully monetize its services.
      Denise Howell
      • correction

        sorry, "monetizing"
        Denise Howell
      • correction

        sorry, "Google"
        Denise Howell
      • Google makes its profits...

        ... from advertising associated with its very successful search software, no?

        I think that the company can find a way to make a profit from other software, for instance as an attraction to a portal. That's another advertising driven market.

        Selling use of software or even providing directly ad supported, elaborate services online is a different issue. And the decision to do so would be very important for the company's future.

        My expectation is that the company will not do so, properly fearing the reaction of stockholders to reduced profits while the initial investment for a high volume operation are being made.
        Anton Philidor
  • Maybe your doctor will Gmail you

    Something tells me that large corporations and even small businesses using such services as Gmail isn't a good idea. Data breaches are rampant and storing client information and other corporate data in a webmail account is practically asking to get it stolen. http://www.essentialsecurity.com/Documents/article16.htm

    Financial data, personal information, marketing strategies are all valuable pieces of daily email interaction. Such data is already at risk, and using Gmail is not the solution.
    milal@...
    • re Maybe your doctor will Gmail you

      I of course share your concern about that issue, but don't think it should be the end of the story. Doctors, lawyers, financial services providers all are subject to separate regulation governing their treatment of confidential client and customer information. But if we're talking about the Enron sorts of considerations that gave rise to Sarbanes-Oxley, we're talking about a different universe of data. Maybe separating them isn't practical or possible, but maybe too a dedicated host might be in a better position to secure data than, say, AT&T...

      Just thinking out loud. It's a very real issue you raise, but I'm not ready to slam the book on hosted business data even so.
      Denise Howell
      • Usage

        I think that regulatory issues are only a part of the issue.

        I think that large/medium companies have functionality requirements that go beyond what 'G-office 1.0' will offer.

        This leaves smaller businesses and home users.

        Now we get to the interesting part: monetization. Most start-ups today offer a service of some sort, and tend to have a finance plan developed along the lines of 'spend nothing'. But all but the smallest must spend money to employ people - and often realise the need to hire (and therefore spend) well.

        The main opportunity would seem to be gaining information in order to advertise to individuals. (The advertisements would not have to be plastered all over the business suite - getting the information users? impart is valuable in its own right.)
        Peter Cowling
  • Storage On the Cloud

    There is no doubt that many small business will jump at the opportunity to persist their data on the cloud. They get free (or next to free) backup and a potential disaster recovery solution that they otherwise could not afford. Think of the many professionals (lawyers, doctors, etc) that would have faired much better during Katrina with "guaranteed offsite persistent" storage. This is a no brainer and any potential legally hurdles will be, I think, readily cleared. You can file this under the category of "it just makes too much sense!"
    cleyva
  • Storage in the cloud might be able to work ...

    ... for many, if people could store their data in an encrypted state that is virtually impossible to break. If a company e.g. could offer a web service that automatically encrypted a person?s or company?s confidential files before they are stored in the cloud, and automatically decrypted them after they are copied from the cloud back to the company?s computers, then that might be able to work.
    P. Douglas
  • Storage in the cloud might be able to work ...

    ... for many, if people could store their data in an encrypted state that is virtually impossible to break. If a company e.g. could offer a web service that automatically encrypted a person?s or company?s confidential files before they are stored in the cloud, and automatically decrypted them after they are copied from the cloud back to the company?s computers, then that might be able to work.
    P. Douglas