99.984% Gfail free
One afternoon in September 2009, Gmail – a centerpiece of the Google Apps suite – was offline for an hour and forty minutes. Users across the globe were unable to access the service after the company made a mistake when updating the request routers that direct queries to Gmail's web servers. The incident followed a series of other, smaller Gmail outages – all widely reported by the tech press – but Google always argued that, compared to client-server email systems, the service was far more reliable.
Nearly a year and a half on, the argument holds up. Like Google's search engine, Google Apps is built atop a highly distributed infrastructure that spreads both data and code across myriad servers and data centers. This uniform back-end is designed so that if one data center goes down, another can immediately step into the breech. "Typically, others will have one data center go down, and then they'll fire up the other data center, and there will be some lag, and some loss of data that you have to recover later," Girouard told us. "Our [infrastructure] is set up so you don't even know."
What's more, he said, Google uses custom-built tools that allow it to upgrade services without taking them offline – though he declined to discuss these tools specifically. "It's something we inherited from our search system," he said.
Obviously, Google isn't immune to outages. But that distributed backend has allowed the company to promise "no scheduled downtime" with that change to its terms of service, and if there is downtime – no matter how small – it gets counted towards the customer's agreement, which guarantees 99.9 per cent availability. In 2010, according to Google, Gmail was available to both business users and consumers 99.984 per cent of the time - roughly seven minutes offline per month – and yes, there was no scheduled downtime.
At $50 per user per year, Google Apps is also relatively inexpensive. Some estimates indicate that traditional systems eat up closer to $200 a year. And setup is far simpler with a web-based system. Most big enterprises, Girouard said, install their own authentication servers for use with the service, but otherwise, everything is hosted by Google, and it's all accessed via the browser. In another moment of humility, Girouard said it's still far too difficult for small businesses to sign up for the service – an overhaul of the signup process is on the way – but either way, it not as annoying as installing your own application servers.
And yet many businesses are reluctant to make the switch, as Girouard freely admits. Some are concerned with security. Others chafe at the idea of hosting their data on someone else's servers. Some don't like the UI. Other just want to use what they've always used.
Google v Angry Free Software Man
Girouard argues that Google Apps is actually more secure than an in-house system. "I think we can make a case that your data is safer with us, that we invest so much money in security and that our protection rate is better, that it would be hard for any one company to match what we do," he said.
The past few years have shown, he said, that cloud computing offers a superior security model, putting control in the hands of companies with the necessary experience and resources. "You can look across Salesforce, Amazon, Google. There hasn't been a large-scale disaster in terms of data leakage. If you look at the rest of the world, it happens every day. The track record is beginning to prove this logical argument that your data is safer."
He also downplayed the possibility of a rogue Google employee nabbing a customer's data, saying that the company limits who has access to passwords and that these employees undergo strict background checks. "This is a problem for any company," he said. "If you manage your own system, you have to manage your own employees."
In September, Google dismissed an engineer who had access to its back-end systems after he violated the company's internal privacy policies and apparently accessed customer Gmail accounts. In the wake of the dismissal, the company said it was "significantly increasing" the amount of time it spends auditing logs in an effort to ensure that its internal security controls are working as they should.
Outside of the employees who have access to customer passwords, Girouard said, no one at the company view customer data. This is another product of Google's distributed back-end. "Your data is split and written across tens of hundreds of thousands of servers," he said. "No one can point to a server and say 'There is Jaguar Landrover's email.' It's digitally shredded and spread across servers. If someone were to walk into a data center and make off with a server, it would just be a bunch of gibberish."
When we asked about subpoenas and National Security Letters that compell Google to give up customer data, Girouard at first dodged the question. But ultimately, he argued that this isn't the problem that pundits - including Free Software Foundation founder Richard Stallman - make it out to be. In most cases, Girouard said, if a court or a government wants your data, it will come to you. And only rarely, he said, will Google be forced to give up your data without your knowledge or against your will.
"Only in very rare circumstances is [the data truly] out of your hands," he said. "First of all, they'll go to you, not us, if they want to get your data. They know where you live. They will go to you. That really is the reality. We've worked through this issue with many companies. That's not to say that a National Security Letter could be issued and we could be forced to turnover data without notifying you. It is a theoretical possibly ...But it's a corner case, and it's not practical reality."
In January of 2010, Google announced that Chinese hackers had stolen unspecified intellectual property from the company's internal systems, and it said "a primary motive" of the attacks was to gain access to the Gmail accounts of Chinese human-rights activists. The incident showed that Google security is breakable, but for Girouard, it also demonstrated the company's commitment to protecting user data. Following the hack, Google vowed to stop censoring search results in China, and eventually, it moved its search operation to Hong Kong, giving up much of its foothold in the country.
"Google has shown its stripes over the years, that we view the protection of your data as sacred," he said. "We'll fight the government if we need to fight the government. I think we've proven ourselves over time. Look at the China incident. Google will put its commercial interests aside to protect users' data. There's never an absolute answer here. It's a judgment call. But it's an area where we're creating a nice track record."