As Microsoft Office 365 and Google Apps continue to vie for supremacy in the cloud, emerging revelations have suggested that organizations may be willing to forgo some degree of security in favor of other benefits.
Although Microsoft has built its reputation as a pillar of enterprise computing, Google has been steadily gaining ground in recent years. Late last month, the University of California – Berkeley provided uncommon insight into the matter with a detailed discussion of why it has chosen Google Apps for Education as its new calendar and email platform.
"This decision has been reached after an extensive analysis over the past few months that compared Google Apps for Education and Microsoft's Office 365 offerings," school officials explained in a statement released to the campus community. "While both products are feature-rich and offer advantages over our current environment, the analysis concluded that the Google offering was the better overall fit for the campus at this time."
Alongside this announcement, the university also released a comprehensive and transparent summary of its analyses. The Google offering garnered particular praise for its fast and simple deployment process, providing customers with an accelerated 6- to 10-week migration plan. School officials also appreciate the flexibility of its configuration models and relatively low infrastructure costs in comparison to the Microsoft alternative.
These sentiments have been echoed time and again by organizations adopting Google's cloud productivity suite. According to InformationWeek, even U.S. government agencies are throwing their support behind this new computing paradigm. The National Oceanic and Atmospheric Administration – which houses the National Weather Service – highlighted the Google Apps' alignment with workforce mobility objectives and suggested that the suite was approximately half as expensive as an on-premise solution.
However, despite these operational benefits, cloud security concerns have routinely stalked Google.
Most notably, the Los Angeles Police Department (LAPD) recently offered a highly publicized rebuke of Google Apps' data security fundamentals and deemed the solution unsuitable for its email management needs. According to the Los Angeles Times, the original contract was procured after a contentious bidding war with Microsoft, but ultimately Google could not live up to its promises.
"There was definitely a time when Google seemed positive they were going to meet the [security] requirements," LAPD chief information officer Maggie Goodrich told the Times. "It would be difficult for law enforcement to move to a cloud solution until the [requirements] and cloud are more in line with each other."
In an interview with the Times, Gartner data security analyst John Pescatore noted that the case was a prime example of a "cash-strapped" client jumping at the chance to reduce operational expenses without a full assessment of its needs.
But surprisingly enough, the analysis conducted by the University of California – Berkeley not only spoke to Google's security troubles, but plainly stated that the data protection features contained in Office 365 were actually better aligned with the school's requirements.
In the report, analysts noted that Microsoft did a superior job of providing administrators with stronger and more flexible access control capabilities, secure credential storage options and superior encryption and eDiscovery tools. Conversely, Google's security and privacy features were deemed to be "inferior on all fronts, but only by a small margin."
Nonetheless, university officials were able to overlook these shortcomings and have decided to commence migration to Google Apps. In doing so, the school has drawn attention to a trend that could be discouraging to Microsoft – and the cloud security community at-large.
Whereas Google has been slow to respond to the pressing data protection concerns introduced by cloud computing, Microsoft has accepted prior criticism and turned negative feedback into crucial progress.
In response to the concerns aired by European and American regulators – alongside many industry professionals – Microsoft announced last month that it has brought Office 365 into compliance with several leading standards. The move was also specifically designed as a remedy to the recent swell of data breaches seen across the international healthcare sector.
"Until recently, concerns about the security and privacy of patient data have been the most common barrier to healthcare organizations realizing the full potential of cloud-based technologies," explained company official Michael Robinson. "Microsoft is helping remove that barrier by embedding privacy and security capabilities in Office 365 that enable health organizations to address their HIPAA compliance requirements. Today, Office 365 can help hospitals, insurers and clinics confidently empower their staff to be efficient and productive virtually anytime and almost anywhere while substantially reducing their IT operating costs."
Unfortunately, these efforts may not provide the expected return on investment for Microsoft if potential cloud customers continue to prioritize financial factors over data security imperatives. The University of California – Berkeley need not be demonized for its decision, as many are surely following similar strategies behind closed doors. Instead, the school has shed light on an important development that will require the attention of cloud security innovators.
Cloud Security News from SimplySecurity.com by Trend Micro