When Google went public last week to announce that it had been targeted in a cyber attack from within China, it was quick to point out that this was not an attack on the cloud, but rather one on the infrastructure itself. The attackers used a "very sophisticated" piece of malware that relied on an old-school method of infiltration - spoofing e-mail addresses and using phishing scams to get real people to unintentionally launch the malware. It's something that's been used on legacy systems for years, but just more complex and harder to detect.
It's an important detail for the company to emphasize as it continues its push to sell businesses on Google Apps, its cloud-based suite of business software tools. In 2009, conversations with potential customers were largely centered around cost savings. Oh sure, those folks wanted some reassurances about security on the cloud and had questions about the sort of features they'd be giving up by moving away from systems like Exchange or Lotus. But, the economy kept bringing conversations back to cost savings.
Then came China.
Google has been pretty tight-lipped since its initial statement about the attacks, not commenting on much of the information that's been sporadically leaking out. The company is scheduled to report fourth quarter earnings on Thursday and analysts are sure to grill executives about the China developments and its impact on the company as a whole.
But as it relates to Google Apps and the company's pursuits of business customers, there doesn't seem to be a big shift in the way the company will approach it this year. Matt Glotzbach, director of products for enterprise, said security is always part of the conversation with a potential customer - and it usually goes one of two ways.
The first involves customers who admit to being unsavvy around security issues and are happy to let a company like Google manage the whole thing - security, support and the system. The second involves the type of customer who has extremely sensitive data, such as a financial institution, and isn't willing to give up control of its security. In those cases, the company keeps the conversations alive as a means of building trust, going so far as to share information about ways they implement security and defend data.
In some ways, I see this China thing playing out in the long run to benefit Google's security arguments around Apps. First, the company correctly notes that this was not a direct attack on the cloud. As a trojan, its target was the PC itself. Second, Google said it discovered the malware before it did any serious harm - and experts have been quick to note that this was a "very sophisticated" piece of malware. Third, Google notified other companies - anywhere from 20 to 34 of them - that they had also come under attack. It's unclear how many of them knew about the attack before Google notified them. Finally, Google went public about the attacks to raise awareness, fully recognizing that it was opening the door for critics to question the security of the cloud.
One of the ways Google can shift the focus away from security is to bring more functionality to the equation. It used to be that Google Apps - which weren't as beefy as legacy apps - offered 80 percent of the functionality for 10 percent of the price. Glotzbach likes to say that Google is pushing towards offering 150 percent of the functionality for 10 percent of the price.
When it comes to updates, Google is no Microsoft. Don't look for a "major update" to Google Apps anytime soon. With major updates comes major headaches - for IT staff who have to go around and install the updates on all of the employees' computers, for office workers who have to re-learn how to use the software, and for HR folks who have to implement and manage training programs for the upgrade.
Instead, Google updates an app when a new functionality is ready to be added. It doesn't stick by launch dates and sometimes it doesn't even tell anyone that it made a change - there's just an extra item on the drop-down toolbar or an extra button somewhere on the screen. In some cases, the feature could be something that users were missing from legacy apps. In other cases, it could be something a feature that centers around real-time collaboration, something that gives it additional functionality.
Google isn't revealing growth numbers on the Apps business, though it does point to noteworthy deals, including a recent victory against Microsoft to manage the e-mail system for the city of Los Angeles and its 30,000 employees. It was a big victory for Google - but not as big as IBM's big Panasonic win, which involves migrating 300,000 employees to LotusLive.
In its still early in the game and Google is positioned well for a competitive battle - not just with other companies but also naysayers who bash the cloud and the change it represents. There's money in the bank and the company has been willing to spend some of it by raising awareness of Google Apps via advertising, something it rarely does for its products beyond its own web sites. (Even Android phones are advertised by the wireless carriers or the device manufacturers, not Google.)
And it's also got the support of the company's top executives, including co-founders Sergey Brin and Larry Page, as well as CEO Eric Schmidt, who are closely involved with the continued development of Apps. After all, Apps isn't just about tools that happen to reside in the cloud. Selling apps is about selling a new way of doing business, of being at the forefront of a new way - one that's less expensive, more efficient and more collaborative.