Google Enterprise 2.0

An opinion piece by Aric Bandy. 

Google is the world’s biggest cloud provider.

They have 7 products with 1 billion+ users (YouTube, Android, Gmail, Google Play, Search, Maps, and Chrome). Google spends $10B every year on infrastructure alone. Yet with all this capability, why do Fortune 500 customers continue to run their own data centers or go to online retailers (Amazon) infrastructure?  

Google has done a terrible job of explaining their capabilities to the market.

In November 2015, Google hired Diane Greene, formerly the CEO of VMware, as Senior Vice President of Google’s Enterprise Business shortly after the acquisition of her previous startup, Bebop. Instead of being “Googly,” she’s picked a fight with Microsoft and Amazon.

A fight I believe she can win.

Since Greene was acqui-hired, there’s been a timeline of events that serves as an indication of Google’s intent. But what is Greene doing that wasn’t done before?

What Greene Has Done

The most refreshing thing about Diane Greene is that she’s a woman of action. When I met with her a short time ago, she outlined a plan to evolve Google for Work and win in the enterprise space.

Diane Greene is keeping her word so far:

November 2015 – Google buys Bebop, Greene’s start-up company, dishing out $380 million to close the deal. Word on the street is that following the acquisition, Bebop will continue to work on developing and maintaining enterprise applications.

February 2016 – Google announces it will be building its first engineering team devoted to Southeast Asia. To kick-start the venture, Google buys Pie, a communications service based in Singapore.

March 2016 – Google acquires Synergyse, an interactive training service for Google Apps for Work. The Toronto based company, launched by a former group of Google employees, has trained over 4 million people in 3,000 different organizations.

August 2016 – Google acquires Orbitera, a startup that developed a platform for buying and selling cloud-based software. The $100M sale is agreed upon to help Google improve how it competes with Amazon AWS and Microsoft Azure in the cloud.

August 2016 – Google announces partnership with Okta, an identity management vendor, to provide a more unified IdM solution for Google Collaboration tools.

September 2016 – Apigee is purchased by Google for roughly $625M. The API software acts as a channel between companies and their customers and partners.

September 2016 – Box partners with Google to integrate Google’s suite of productivity tools, Google Docs with Box.

In total, this equates to about $1.1B in acquisitions just to evolve the Google enterprise offering.

Why She Did It

Prior to Greene stepping in, Google hasn’t had what I would call “enterprise acumen.” This isn’t to say that Google hasn’t won big customers, Agosto alongside of Google has won some of Google’s biggest Fortune 500 customers.

However, the Google for Work team wasn’t aligned to fully capitalize on the opportunity. Google owns the SMB and online market, but to win Fortune 500 in a big way, Greene had to align product teams, service teams and sales teams. Before Greene, Google for Work sales and marketing teams were not able to steer the product roadmap. Greene now has engineering and product teams aligned with the sales teams.

The Power of Partnering

Google doesn’t have the luxury of time.

According to BetterCloud, 62% of all organizations will run 100% of their IT in the cloud by 2022. The customer landgrab is happening now and Microsoft and Amazon are both aggressive in their pursuit. Greene’s only option is to acquire and partner to compete. Google has the cash, $72B to be exact, and Greene appears to have ability to leverage it.

Apigee and Orbitera acquisitions addresses gaps in Google’s offering while bringing Google upwards of 60,000 enterprise stacks to the platform.

The partnerships with Okta and Box extend Google’s products with proven enterprise products, which are widely adopted by Fortune 500 customers.


Greene is showing her willingness and ability to evolve Google for Work into a serious enterprise competitor.

While some might suggest that Greene’s moves are not always the most “Googly,” they are the most prudent. Google can be THE dominant player in the enterprise public cloud.

They have the technology. They have the cash. The market is there.

All they needed was a leader to make it happen. With Greene, I believe they have that leader. Google is well on its way to beat Amazon AWS and Microsoft Azure. Google Enterprise 2.0 is going to be big.

What Are the Differences Between IBM Notes and Gmail?

Are you or your business considering a switch from IBM Notes to Gmail? Wondering what the differences between IBM Notes and Gmail are?

These two workplace managers have similarities as well as some key differences, both in terms of layout and overall user experience. Understanding these features and their many applications will help your business make an informed decision.

See how a switch to Gmail will affect—and improve—your daily business tasks.

Immediate Impressions: Layout and Formatting

You’ll notice differences in formatting and overall user design from the moment you first open a Gmail. Intuitive navigation systems and information hierarchies make Gmail an incredibly popular email system. Here are some formatting differences you may notice between Gmail and IBM Notes:

  • Messages. In IBM Notes, each message is independent and appears individually in your inbox. On the other hand, Gmail offers grouped conversations, so you can follow messages as a single thread. If you prefer to keep your messages separated, you can change this option in the settings tab.
  • Organization. IBM Notes allows you to store messages in separate subfolders: personal, important, social, and so on. Gmail does the same, but you can add multiple labels to emails and search for them based on any of their tags. So in Gmail an email could be categorized in four tags for example, but in IBM Notes, an email conversation could only be stored in one folder.
  • Keep your inbox clean. IBM Notes offers an option to delete emails. If you’re the type of person who hates the finality of deleting, Gmail offers another option. Archive your emails when you want them out of your inbox but will need to refer to them again later — still able to search for them within the built-in search functionality.
  • Labeling emails. If you want to mark an email as important, there’s a flag for that. When you’re using Gmail, you have two options: either mark as important as a tab, or put a star next to it. You can easily filter all your starred items by clicking that icon under your inbox menu.
  • To-do lists and other tasks. IBM Notes features an option to create independent tasks that sync to your Calendar. Gmail has the same service, linking your to-do items to your Google Calendar, but with an extra option: you can add email messages to your to-do list to avoid retyping your assignments.

Because of its attractive layout and intuitive navigation, Gmail is an efficient way of doing business.

Comparing Email Composition and Accessibility

Compatibility is an important question you should consider when choosing an email service. Gmail and IBM Notes differ in this aspect.

While IBM Notes requires that you use its service on a device on which it’s installed, Gmail allows you to access mail over any device. Even if you want to access your IBM Notes online, you must do it from a device where software is installed.

This is a vital point.

With Gmail, there’s no installation required—access your mail from anywhere with an internet connection (and there’s offline capabilities).

When you log into your Gmail account for the first time, you’ll find that composing and sending email is a piece of cake. Gmail has all the options you love about IBM Notes, with added features. Draft your correspondence with the fonts, headings, and alignment features you want, and sign in your own personal style.

With Gmail, you can add attachments, links, and images for seamless collaboration. For larger files and more effective ways to communicate, take advantage of Google Drive. Drive links allow you to share work tasks with coworkers, managers, and employees. Just insert the link, and everyone can work from the same document.

Thanks to Gmail, effective communication has never been easier.

Do More Business With Gmail

We live in a mobile world that requires constant communication to keep up with the competitive marketplace. Gmail lets you keep with that pace. For mobile networking on the go, download and install the Gmail app.

You’ll never miss another email.

Sometimes, our lives take us off the grid. When you’re offline, you can still keep working. Compose emails, and Gmail will automatically send them when you’re back at an internet connection.

If you’re in the business of sending large files, Gmail has a solution for that too. With Google Drive, you can send files as large as 30 GB—or 30 TB if you have a storage plan.

Today’s business watchword is efficiency. Maximize yours by taking advantage of Gmail’s convenient features:

  • Canned responses. Do you tire of sending the same emails over and over again? Use Gmail’s “canned response” option: simply type a response once, and save the text as a canned response in settings. The next time you need to send the same email, it’s there waiting for you.
  • Auto filters. If you love nothing more than an organized inbox, auto filters are for you. Set recipients as important, or file them by position: employee, vendor, boss, etc.
  • Undo send. We’ve all sent emails we wish we wouldn’t have. The next time you make a typo, forget a recipient, or accidentally reply all, you can undo it using the “undo send” option. Just make sure it’s enabled in your settings.

Tips and Tricks for New Gmail Users

For the novice Gmail user, there are plug-ins and extra add-ons that make your email service experience even better. Try using one of these options to make the most of Gmail:

Boomerang for Gmail is a plug-in that allows you to write emails when you have the time and schedule them to be sent later. For example, you may write an email late at night, but schedule it to send when you know a co-worker is going to be sitting down at a desk for the morning. Your email is the first thing he or she will see.

Gmail Snooze is another handy plug-in that allows you to hit the snooze button on your email, much like your morning alarm clock. If you open an email and don’t tend to it right away, Gmail Snooze will remind you whenever you choose—within minutes, hours, or days. You’ll never miss a follow up again.


Gmail has all the features of IBM Notes with added convenience and efficiency. Nothing beats its user experience and intuitive design.

Skype vs Google Meet: The Ultimate Comparison For Business

Plenty of people have experienced the consumer version of Skype in their personal lives. Video chatting is fun, effective, and more intimate than emails or phone calls.

Many businesses use these factors to their advantage as well, but they may not have access to the full potential of these applications. A switch to Google Meet unlocks new features while retaining a comfortable familiarity.

Here are a few differences between Skype and Google Meet for business.

Skype vs Google Meet: A Modern and Sophisticated Layout

  • Conversations. Across both applications, it’s fairly easy to navigate between conversations. A list of chats is located on the left side of the screen, and active discussions show on the right side. While Skype only allows for one active window, Google Meet gives you the option to pull up several conversations at once. Skype also operates with fixed window widths, and Google Meet provides the ability to rearrange and scale the windows as needed.
  • Minimized menus. The tabs inside Google Meet are sleek and non-intrusive. By moving them to the sidebar versus the general menu in Skype, you have more room to access contacts, phone calls, and conversations.
  • Smooth navigation. The user-friendly toolbar in Google Meet is collapsible. You can easily examine or change profile settings in seconds. The menu options are repeated as well, so every selection is always close by.

Moreover, if you’ve used Gmail, Drive’s layout will be immediately familiar. You’ll intuitively know your way around its interface because you check your email every day. Customizing your tools, layout, and user experience are also easy. If you need to make any tweaks to complement your business or highlight personal preferences, it can be done in a flash.

The interface is familiar enough to use immediately and features a unique and modernized quality.

g suite google hangout

Skype vs Google Meet: Accessibility and Composition

The original Skype application can be opened two ways: via desktop and mobile device. These options work well but are limited.

Conversely, Google Meet adds several new means to open the software, allowing for more freedom and productivity. Along with the regular functionality of your desktop and mobile, you can also enter the application from:

  • Gmail
  • Google Calendar
  • Chrome browser extensions

Most calls to the United States and Canada are free with Google Meet, whereas Skype charges for this function.

Many businesses benefit greatly from the savings and effectively use Google Meet for meetings without worry of additional costs.

If you are looking for additional pros and cons of both Google Meet & Skype check out this article.

Google Meet Brings Flexibility & Increased Connection

Google Meet also allows you to schedule and control such conferences with flexibility and ease. Both Microsoft Outlook and Google Calendars integrate with the software, so you can add appointments easily. You can also choose between guest permissions, such as common use across your domain.

Switching to Google Meet also enables you to engage more people. Skype allows simultaneous connection for up to 10 different devices. Google Meet more than doubles that number, with enough power to link 25 participants at once. This greatly increases the number of people you can reach with each meeting, which is often a requirement for large companies.

Put Simply Google Meet Lets You Do More Than Skype

p>Since the software integrates flawlessly with other Google Apps for Work, you experience maximum benefits with a few taps or clicks. Sharing Google Docs with your team (without even leaving the video call) allows all participants to collaborate on notes.

It’s especially useful for following along with a meeting agenda.

You can also provide your remote audience with presentations at the push of a button. Simply load the Google Slides project and turn on screen sharing so everyone can follow along. Participants can easily ask questions and more thoroughly absorb information.

The Google Meet History keeps tabs on previous conversations and allows you to search for keywords and important information. This feature also proves useful for exchanging statistics and other data during virtual meetings, since the information can be retrieved at any time.

Tips and Tricks for Google Meet

google meet example

There’s an abundance of useful features in Google Meet, but it also has several options to personalize and improve your experience.

  • Easily mute notifications during important meetings. Under the Settings menu, you can choose a specific time period to disable notifications, such as 1 or 8 hours. You can also pick the notifications you want to receive. Google Meet gives you the option to turn off call ringing and message sounds independently.
  • Adjust call bandwidth. This feature is excellent if you have issues with the quality of your audio or video. Move the slider to the right or left to control the level for that call. It can be readjusted for each conference for total customization.
  • Choose how others see you. Along with statuses that provide a custom message, you can let others know when you were last online, what device you’re using to access Google Meet, and if you’re currently engaged in a video or phone call from the application. Checking these boxes automatically provides feedback and information for those looking to contact you.
  • Take control of your invitations. You can turn notifications on and off by simply checking a box. Plus, you can add personal details so users with your phone number or email can send you a direct invitation. No more searching for usernames and wondering if you contacted the right person.
  • Quickly access the Help menu. Click or tap on the Help and Feedback button at the bottom of the More menu, and type in your questions to easily find solutions or clarification.

For more good info on google meet, check out this Google Meet cheat sheet!

Conclusion on the comparison between Skype vs Google Meet for business

Video conferencing has come a long way, but Google Meet makes it even better.

An elegant design and easy-to-use interface offers a revamped experience that’s still comfortable. This sophistication and power is impressive in itself, but the built-in ability to work through other apps makes it truly incredible.

Switching from Skype for Business means access to all these features and benefits as well as the reliability that you expect from Google. When capability and efficiency matter, trust your business to Google Meet. Do you have other thoughts in mind? We’d love to hear the other different ways you use Skype vs Google Meet in the comments section.

If Google Meet is starting to pique your interest, we have a unique opportunity for you! Now through September 30th, Google is offing premium features for businesses. Check it out here.

Agosto HQ, the Historic Ford Center, Wins TOBY Award

The Ford Center won the 2016 TOBY International award.

Established by the Building Owners and Managers Association (BOMA) International, The Outstanding Building of the Year (TOBY) Awards, is truly a distinguished award. It was developed in 1985 to honor and recognize the quality in office building operations and award excellence in office building management.

The TOBY Award is the most prestigious and comprehensive of its kind in the commercial real estate industry, recognizing quality in office buildings and awarding excellence in office building management.

All facets of a building’s operations are thoroughly evaluated during the judging process, including tenant relations programs, community involvement, emergency preparedness, security standards, and continuing education for building personnel.

Agosto is proud to be in an historic landmark like The Ford Center, and at an office with such high values and standards to serve the tenants. It’s a pleasure to office here in Minneapolis.

How to Migrate to Gmail from Microsoft Exchange

Many businesses are migrating from Microsoft to Google, saying the reason they migrated was largely financial or logistical. Though potentially intimidating to consider a major company-wide migration, many are finding the migration easier than expected. Better, easier and faster data migration service with GSMME.

Why Make the Move?

There are several advantages to migrating to Gmail over Microsoft Exchange—beginning with price. Hosted Exchange averages $141 per user per year, while Gmail costs about $50 per user per year.

Larger companies in particular see a clear financial advantage migrating to Google over time.

Businesses are ensured consistent upgrades and innovations from the creative team at Google. With the all-encompassing Google for Work platform integrating all of your vital apps, workspaces, and communications in one place, lower cost is just an added bonus.

Over five million companies in the United States have migrated to Gmail, and over half of all Fortune 500 companies are on this list.

If your enterprise is considering the migration from Microsoft 365 and Exchange to Google for Work and Gmail, read on for a basic guide to this transition.

Due to the level of complexity with migrations, most companies use a Google Partner to handle the migration process seamlessly.

Many times it can even be done when it’s not business hours so there’s no interruption to daily work.

However, if you’re a small company and have a deep knowledge of technical migrations and the Microsoft and Google ecosystems, then the Migration Assistant might be right for you.

Google’s migration services support Microsoft Exchange servers so companies can avoid installing extra migration tools and complex programming. Google’s migration tool enables a smooth and simple transition.

Email, contacts, and calendars can all be migrated from Exchange to Google. You can migrate hundreds of employees’ data at once or migrate one individual at a time.

This process doesn’t disrupt workflow—employees may continue to use their mail, contacts, and calendars throughout the migration process.

To begin your migration, follow these steps:

1. User accounts. Register for Google for Work, and open the Admin console. Depending on how many accounts need to be created, you can add them individually or en mass. To create accounts one at a time, go to the “Users” tab in the admin console. Select the plus sign, and click “Add User.” Fill in the employee’s organizational unit, name, email address, and domain.

You can input a temporary password and additional contact information as well. Hit “Create,” and email user instructions to the new account holder. If you have a large number of accounts to create, consider using the Google Apps Directory Sync tool. You can easily transfer information such as profiles, contacts, and groups—but passwords aren’t included in this process, since they’re encrypted in the LDAP directory.

2. Configure Gmail. Once user accounts are created, configure your domain to deliver email. Setting up direct delivery to the mail servers is the easiest and most direct method. However, many opt to employ a dual delivery system for the short-term during transitions, allowing mail to be delivered to Microsoft and Gmail accounts for each user. Establish a secondary Google email address for each account holder that needs Microsoft mail forwarded. Configuring dual delivery can be helpful during transitions, but it isn’t a long-term solution.

3. Migration. You have a few options for migrating contacts and calendars, depending on data location. The Google Apps Migration tool for Microsoft Exchange is ideal for transferring information contained within the Exchange server. A similar tool is available for Microsoft Outlook, which enables each user to transfer his or her own data from mail and calendars. If information is stored on local machines, however, use the Google Apps Sync tool.

4. Training. Provide your team with needed information to delegate account access, create shared contacts, manage shared calendars, and move from public folders to Google Drive. Familiarizing employees with these features prior to the launch of Google for Work in your company will ease the transition and increase engagement.

You can use the Google Apps Sync for Microsoft Outlook plug-in to give users access to their Google data through an Outlook client. Users who would like to retain a familiar look to their apps may choose this option. All data is synchronized, providing continuity while emulating your legacy system.

For The Times You Shouldn’t Do It Yourself

The migration from Exchange to Google for Work is made easy with Google’s Sync and Migration tools. If you tackle your move with a Google for Work Reseller and Partner, the transition is made even simpler and more comprehensive, whether you’re starting with on-premises or hosted Exchange systems.

Partner teams manage the transition from beginning to end. Coexistence between Exchange and Google mail and calendars during the transition is simplified, as they ensure all parties can communicate clearly and without glitches.

Your Partner team verifies that calendars can be overlaid and seen by users on both systems and that directories are properly synced.

While setting up mail accounts is relatively straightforward, incorporating mobile devices creates an extra level of complexity. Google Apps and Google Drive for Work provide real-time collaboration capabilities that should be leveraged right away.

A Google for Work Partner will provision each account, giving employees access to a full multi-device experience.

In addition to providing technical support, your Partner team takes the lead on training. By assessing your employees’ needs, the team can tailor webinars and on-site training sessions to fill knowledge gaps and boost interest in new systems. From start to finish, Google for Work Partners deliver a fast, efficient, and comprehensive implementation of Google for Work and its products.


Google for Work is extremely popular due to its ease of use, lower cost, and all-encompassing tools.

The transition is complex. Some companies prefer to do it themselves and like to be very hands-on.

Using a Google for Work Partner ensures a smooth process every step of the way.

3 Reasons Why You Should Choose Google for Work Premier Partner Instead of Going Direct to Google

In your company’s transition to Google for Work, you may wonder whether it makes sense to go through a Google premier partner or go directly to Google.

What’s the difference, and what are the benefits?

What is a Google Premier Partner?

Google for Work Premier Partners provides amazing products for an all-encompassing business solution. Their product suite has many solutions from email, collaboration, word processor, video chats, storage, intranet builder… and more.

But you already know that.

Think of going direct to Google as going to an auto parts store. You know your car. You know how to do the installation yourself and you have the time.

Going with a Google Partner is like going to a mechanic. You get services to make sure everything runs properly and you won’t stall out on the highway. Google partners provide clear and knowledgeable guidance with support from start to finish while implementing these tools for you.

Many businesses enjoy the benefits of working with a partner for an easy transition and to have Google product experts foresee situations for them and provide solutions to ongoing business challenges.

So, here are 3 things (among many others) you can get from a Google for Work Premier Partner that you can’t get if you go direct to Google:

Develop a Custom Strategy

Google for Work Premier Partners bring Google into your business in an efficient and knowledgeable way, from strategy, rollout, deployment, training, change management, and onward.

Before making changes, partners assess where your company is and where you want it to go.

It’s a tailored approach to make sure each Google product fits well with your business goals and your teams can adapt.

If you need a custom solution, some partners are experts in developing scalable products on Google Cloud Platform. Application developers guarantee that your company isn’t forced into a mold.

Your partner team will guide you through recommended Google products as well as suggested custom alterations. Once a strategy and product suite is settled upon, you’re guided through a seamless purchasing process. Google Partners handle all of the logistics, allowing you to focus on managing a single account.

Working without a Google for Work Partner, your business is left with a one-size-fits-all solution. Though Google for Work products are versatile, companies benefit immensely from customized solutions that maximize ROI and productivity.

Migration, Deployment, and Change Management

Choosing to migrate your company to Google for Work on your own can be time-consuming and interrupt flow of business.

Using a Google for Work Partner allows you to focus on work while they handle migration and deployment. With decades of experience, a partner team understands the requirements of each legacy system. They can deploy new products and seamlessly migrate your data with little to no impact on workflow.

Change management professionals are vital to the success of any major transition in a company. A lack of support and education can cause even positive changes to stall.

Your partner team will closely examine the organization, judging previous change patterns, methods that were successful, number of users, and the company’s needs. An implementation strategy is then tailored to fit the specific business.

Preparing users for the transition and determining an efficient and realistic timeline are a large part of successful implementation: downtime and redundancy are reduced while productivity increases.

Your partner team will conduct a series of trainings to ensure employees feel confident moving forward with a new system. Basic trainings cover the transition process and how to use new products.

Additional sessions are available to encourage user engagement. They’re conducted on site or remotely. A benefit of using Google for Work Partners is that every training is fitted to the client. Surveys are distributed and analyzed to determine the level of user confidence and the location of knowledge gaps.

As a result, employees feel heard, their concerns are addressed, and user engagement is heightened.

Internal marketing and communications trainings are conducted between Google for Work Partners and internal marketing teams.

Your change manager will discuss techniques to increase enthusiasm among employees adopting new platforms. Internal teams will be guided in communicating useful and energizing information throughout your company, enhancing adoption and engagement.

Maintain Support

After Google for Work has been deployed, your Google for Work Partner team remains with you each step of the way.

Account administrators are assigned to your company, ensuring ongoing technical support. Especially in the early days of a new system implementation, existing IT departments and account admins can feel overwhelmed by big changes.

Working with a partner removes that.

If you work alone, in-house technical support can inadvertently slow things down. By using a highly experienced team to complement your on-site support, both the transition and ongoing use of new platforms are made easier.

Ongoing trainings are also available to companies that use a Google for Work Partner. These cover a range of topics and are tailored to fit your business needs. Project management and coordination meetings are conducted at regular intervals. Each meeting addresses whether target timelines and objectives are being met.

Additional trainings can include case development. Every development training is designed for your particular company and its needs. Workflow requirements and business scenarios specific to your enterprise are addressed.

Your partner team will discuss how to streamline work and increase productivity in your field, leveraging Google for Work’s specific capabilities for your company.

Ongoing webinars and events keep your team informed of changes, updates, and helpful hints to maximize Google for Work’s applications.

Newsletters are also distributed frequently, containing tricks for better productivity with Google systems. If you find that your teams need further training in a particular area, your premier partner will create a custom 30-60 minute training session to be conducted remotely or in person. You can issue brief quizzes before and after each training session, assessing the effectiveness of each meeting. Additional training can be designed around continued knowledge gaps, and materials can be further tailored to your specific employee base. By providing your team with the tools needed to succeed, productivity and ROI increase.


Google for Work Premier Partner is a comprehensive and versatile suite of products that make the most of speed and efficiency in the cloud.

Optimize your investment in these products by using a Google for Work Premier Partner. With support from start to finish, these experts provide amazing insight, support, strategy, and knowledge throughout the entire process.

Going directly with Google can be a good solution for some small businesses who feel confidant doing a technical deployment. But for most mid to large-sized companies, product experts are required to guarantee a smooth transition.

Google Premier Partner for Your Business?

Agosto is a Tier 1 Google Cloud Premier Partner and cloud product development company. We partner with companies looking for a fresh perspective to work smarter with Google Cloud. Learn more about the services we offer, give us a call at 612.400.9563 or contact us here.

What Happens to My Data in Google? (Pt. 3 of 3)

This is the 3rd of a 3-part series on Google Cloud Security. You can read the first part here, and the second part here

When I talk to customers, we get past the security conversation pretty quickly. 

When I explain to them how Google does things, they have lots of independent verification, your rate, you can test Google, they buy the security very quickly.  

The problem now is people worry more about what’s happening to their data. 

It quickly goes from a security conversation to, “No, no, I believe Google’s security is better than ours,” to a conversation more like, “I want to know what happens to my company’s data within Google’s hands.”  

What happens to your company data in Google?

Now, there’s a lot of misinformation about this.  

So, how does Google think about data protection? They think about it two ways. I always like to start this talk with security, because without security, you’re not going to have data protection.

The other component is privacy. If you don’t have a solid privacy policy and policy practices in place, you’re not going to have it either. 

The number one piece of misinformation is that people confuse Google’s consumer services (the ones that Google offers for free) with the services they offer to companies, businesses, schools, and nonprofits. 

They’re completely different offerings. Just to be clear, for that free Gmail account that you sign up for, yes, they’re using that data for advertising. Yes, there’s profiling. Yes, there’s scanning.  

But for all the products that they offer to businesses, schools, nonprofits, that’s not the case. In that case, in the original case, you guys own the data. Google is simply considered the data processor.  

Google can only use the data in the way in which you’ve instructed them. Let me go into a bit more detail here… This has three big components, like three legs in a stool, really.  

1. Transparency

What transparency means is that they’re going to tell you what they’re doing with your data. And it’s about being transparent before you’re a customer, without having to sign some sort of magical, special agreement.  

So, I mean sharing things like where their data center locations, Google’s security reports, their SOC 3 reports, their ISO reports. All of their contracts are public. Meaning their data processing and who their subprocessors are, all these components, all of their commitments on data deletion, information on what data can be used for… this is all publicly available. 

You can look it up now. It’s on the web.

And what it comes down to is what can Google use the data for?

We can use the data for absolutely nothing but what you instruct us to do.  -Google

So just to be clear, Google cannot use your data for advertising. They cannot mine your data for any purpose whatsoever, even to improve their own product; they’re simply not allowed to do so. And this is part of their business contract with companies.  

The intellectual property of the data is yours. You get the idea: Google literally has zero rights on your data. They own the rights to their service.  

So, as long as you don’t try to reverse-engineer Gmail, you’re going to be OK.

They’re also extremely portable. 

You could literally take your entire organization’s data and shift it into Google over the weekend. And you could change your mind next week, and move everything out Google. You can do that too.  

There’s no penalty. It comes out in usable file formats. It works so well, Google’s competitors have built tools around it to quickly expedite the movement of data in and out of their platform.  

2. Strong Contracts

All of Google’s contracts are written in a way that’s European-centric language. It’s not because they’re a European company. It’s just that the standards there are very, very specific when it comes to data.  

So there, you’re the data controller and the data owner. You give Google instructions, they’re the data processor. They can only do what you tell them. They have a global data privacy policy that applies to businesses, schools, and non-profits

It’s different from the one that if you look up “Google Privacy Policy,” it’s not that one. That’s for consumers.  

This one is publicly available and they update this all the time. Because they’re constantly getting feedback from data protection authorities in the US, in Europe, in Asia and our position is that they will only strengthen their commitments, not weaken them. So one of the more recent ones is they put an SLA on data deletion. Google made ongoing commitments to maintain compliance with their security audits and data privacy audits, which I’ll talk to you about here in a moment.

These sorts of things, this is all available, which is very useful for a business.  

So if you’re a parent, and you want to know what’s happening to your children’s data, you can just go and read it. There’s no advertising. There’s no scanning. It’s not some secret contract that each company has their own thing agreed upon.

They build on it. Google tells you what they’re going to do, they’re transparent. They legally commit.

But how do you really know what they’re doing? Google’s perspective is that you should trust them, but verify yourself.

3. Auditing

The problem in the past is that all of Google’s audits had been very, very focused on security. They start with security. Security’s strong. They have all the ones you’d expect– ISO 27001, SOC 2, SOC 3, SSAE in 16, ISAE 3402.  

These are all independent security audits. But again, we get past that security conversation pretty quickly and it goes into data usage. People don’t argue about security. They know what good security is.  

They argue about data usage, and how data should be protected.

Should it be transferred internationally? How does all that work?

So, what did Google do? They went and worked with their buddies over at ISO, their Swiss friends, Google’s standard-setting organization. And they worked with them to develop a new standard.

The new standard is called ISO 27018. This is about data privacy, the processing of personally identifiable information by public clouds, which is Google.

It’s exactly what Google’s looking for.

The next thing Google did is work with their auditor to be able to audit them against this new standard. So remember their infrastructure, everything I talked about being completely customized?  

Google can’t run an audit sending a college kid in with a clipboard saying, “Oh, there’s my blade server, and what’s my patch level?” 

It doesn’t work that way.  

At Google, everything is customized. They have to embed their auditors with their engineering teams. It takes a long time. It took over a year for the auditors to be trained on Google’s platform, and then be able to conduct an audit afterwards.

But the good news here is that they’ve adopted the standard, and they’ve had this since September.

Google announced it almost a year to the date after the standard had been released. Just so you understand how important this is, let me talk a little bit about how these standards work, if you’re not familiar with them.  

ISO 27001 is a family of standards.  

The first level is around security. There’s 114 security controls, which goes back to our story. You have to have security before you can have privacy. After you’ve gone through, and we talk about all these different controls that are in place for Google’s platform, you’ll learn that ISO 27018 is built on top of it.

You have to have security before you can have data protection and these are looking at different things. This is asking if Gmail is secure? Is it locked down? Are all those controls in place?  

And the next one is looking at the question: what’s that data being used for? Is it guaranteed that it’s not being used by other systems? What’s out there? How is this being protected? 

This is what’s important.  

So now, for the first time, you have independent, third-party, audited verification on what’s happening to your data.

This is something that you can take to your board. This is something you can tell your users about. But what makes it interesting, when we start talking about things like data privacy, is that it just doesn’t apply to services like security.  

So security on Gmail, Drive, and all of those products are covered. But, data is different; you can get to that from all kinds of different ways.

For Google’s privacy standard, yes, it had to cover the applications. But it had to cover every way that you could get to the data, so all the APIs, all the SDKs, or the software development kits, and tools that you might want to run on top of them.

So all these have been included as well.  

Another benefit of working with a company like Google who operates around the world is that they operate around the world. And that means that different countries and regions have different standards relating to data privacy.  

And for Google, they always have to take the strictest one.  

International Security Compliance

Sometimes it’s Europe, sometimes it’s Korea, and sometimes it’s the US. And these sorts of things, knowing that they have to meet all of these strict standards, you can have peace of mind that this is something that’s important to them, and that they’re going to be on the leading edge of what’s happening with data protection around security and data privacy.

Google has a very, very large team, both in DC, in Brussels, in Singapore, working with governments, who focus on working with data protection authorities because this is an evolving thing.

In Europe, there’s a lot of change happening right now. Google is compliant with everything that’s happening there now. They work very, very closely with them. But this is something that is constantly developing and because Google has such a vested interest in all these markets, it’s in their interest to be compliant and to be a leader.

And this is something that they’re really trying to bring home to the US. So when you talk about moving to the cloud, now, you can think about the abilities, but it does this increase the risk for what you’re doing on a day-to-day basis at your business?  

We think that you should look at it as a risk assessment. We talk about having extraordinarily strong, world-class, leading-edge security. That’s great, but it’s only part of the problem.  

You have to understand how that data is being used and know what systems there are.

Having all this information available, it’s fun to share with you guys extraordinarily detailed security audit reports to back all these claims up.

You can run your own penetration testing. Having strict, bulletproof contracts about what your data can and cannot be used for and having very, very strong enforcement mechanisms for them there. 

Don’t look at Google’s platform as being the same as you have on your personal accounts, or being equivalent. It’s 10 times better.

How Does Google Handle Cloud Security? (Pt. 2 of 3)

This is the second post in a three-part series on cloud security. To read the first post on, click here. 

We live in a mobile-first world. What have we learned from the security mishaps in the past few years?

The traditional thinking of having walls around everything, putting everything on your secure network, well that doesn’t work anymore.  

The reason people did that is because they don’t have infinite budgets, and they said, “Okay, we need to focus on security. The logical place to focus security measures on is the network.”

Google’s philosophy is a bit different. 

Big surprise there. 

Google’s Philosophy With Securing a Network

Google believes there’s no such thing as a secure network anymore, whether it’s run by a government or a company.

At Google, they assume everything is breached. They assume everything is broken. They assume these things because they believe that it is the only way to protect yourself.

When talking about secure architecture, you can’t just be good at one thing. You have to own the entire stack. And for most companies and organizations, this is far too expensive.  

There’s no way you’re going to get budget to do this.

So Google, at the scale that they operate on, literally invests billions of dollars in this. Because they’re investing at this scale, they’re able to do things that other companies simply can’t.  

Google looks at their data centers (their network) and they secure all the information.  

But where do most of the breaches occur?  

Hackers haven’t breached a data center. But, they’ve hacked social networking, or they’ve installed something on your browser or your device. So, Google has taken the steps to protect you there as well.

How Google Protects Your Users From Attacks

First thing’s first, Google has Chrome as a browser.

There’s a version of Chrome called Chrome for Work. You can use it, it’s free.  

But, with Chrome for Work, what makes it different is the fact that you can apply up to 280 security policies to Chrome. And you might say, “Well, I could do that with Internet Explorer.”

But, Internet Explorer just runs on Windows. Chrome runs on Windows, Macs, Linux, iPhones, Android, and all the Chrome devices.

You can now have one set of security policies, apply it across all your different devices, and have them all act as first-class citizens.

So, where are those breaches happening?  

It’s that old enemy of ours, the username and the password. And what happens? It’s that thing that you tell your users not to do. You say, “Please don’t use your password on other sites.” 

What do they do? Everyone has their favorite password and they reuse it over, and over, and over again.

So, at Google, what they’re trying to do is to make the password irrelevant. In fact, we have multi-factor authentication. 

With multi-factor authentication, the username and password become irrelevant without a code or having a phone nearby, which is connecting via Bluetooth or et cetera.

This is the next step to get around that social engineering.

There’s a Chrome extension called Password Watch. It’s a Chrome extension you can require via policy for all your users. 

It takes a portion of your corporate password – a portion of it, not the whole thing. It’s hashed, it’s salted, it’s stored on the browser (not at Google). And what happens is it watches what your users are doing.  

Then, if someone tries to reuse your corporate password on another website, it locks the account.

So, it’s the end of the night, I’m sleepy, I go to another website. That password’s muscle memory, right? I accidentally put in my corporate password on a different site.

I’m like, oh no, now I need to reset, everything is off now and I need to go back and reset all my accounts.  

It’s that kind of proactive security you need to use to protect yourself.

Encryption in Transit

As I talked about in Part One of the series, Google has an amazing story on encryption at rest in their data centers. 

Encryption in transit at Google, they use a technology called Perfect Forward Secrecy.

It’s stronger than most military-grade VPNs.  

Effectively, what this is, is that for every single user, for every single web session, they have a unique set of certificates, hardened to 2048-bit strength.  

If you’re using mobile devices, it’s a mobile-first world out there. On Google’s platform, there’s Android for Work. This uses SELinux to create a secure container on the device where you can store your corporate information and manage the device.

But not everybody’s on Android.

So you can do the same thing for the iOS, for the native iOS MDM, MAM APIs.

Again, enforcing things like encryption and data management, that’s all part of our platform. But, if you have another third-party solution, Google plays nice with everyone else.

It uses the bits that makes sense for your organization. If you guys have a robust authentication system for your company (Google works with governments and militaries as well), if you want to be able to have a username, a password, a token, a retinal scan, a blood sample, if that’s what you want to do you want to manage that, that’s something Google can integrate with all those different systems.

They have lots of customers with great examples.  

How do Google’s Products Work in Light of Security?

There’s a product called Google Drive. I’m sure you’ve used it and are familiar with it. 

For those who don’t know what it is: it’s a huge, unlimited hard drive in the sky for your data. The only limit is that of file size; the maximum size a file can be is five terabytes.  

So, if you have one that’s bigger than that, I’m sorry, not yet.  It’ll probably be coming. But you can have as many of those 4.9 terabyte files as you want.

The amazing thing about Google Drive is that it works with all the different file formats, not just Google stuff. It works with Microsoft OpenOffice, Adobe, whatever.

Whatever you have, or just big, big, big files of data, you can upload them here, it becomes very easy to share, and it’s available on different devices.

Now, the great thing about Drive is that it’s easy to share. But, the scary thing about Drive is also that it’s easy to share.  

I want to be able to control what’s happening to my information. So, if you’ve never seen a sharing dialogue within Google Drive, the way that it works is that every single document has strict permissions.

Now, with the strict permissions, I can invite individual users within my company to have access to that. I can have them view it. I can have them edit it. I can have them collaborate it.  

All these things are there and I can actually put information rights management on it. This is a problem Google has been trying to solve in IT for a long time. So I want IRM. I want to be able to prevent people from copying, downloading, or printing this information.  

When you combine IRM with permissions like this, you have real control of your data.

When I want to share a document with you, I send an email. It has a link. I click on the link, and if I decide later that you shouldn’t have access anymore, I remove your access.  

That data has never left the cloud, and it’s not available on their device anymore. But let’s say you really want to control who you share it with. Lots of folks say, well, I want to share my information, I want to collaborate, but I want to control the collaboration.

So, now Google has said you can whitelist organizations outside of your own who you’d like to collaborate with.

So, it’s not just the entire world.

You can limit it to a set of other organizations- this is having real control of your data. And again, this works within any file format.

How Google Protects You Against Hackers

Scale matters in security more than anything else. If you’re going to scale in any area, you have to scale in security. At Google, they have over 500 full-time engineers working on security all the time.  

That’s more the most IT departments. And their guys (as you can imagine) are very, very good, but there are lots of smart people outside of Google.

So they collaborate with the academic research community and the security community. They’re published over 160 white papers on security.  

If you don’t believe any of the claims I’m making, Google was the first company to have a bug bounty program.

Hey, if you don’t believe that their security is so good, you’re welcome to try and hack it yourself.  

Conduct your own penetration test. You don’t have to call me. If you can find something interesting, Google has money for you. It can make you famous, give you a swag T-shirt, and, if you do something really impressive, maybe even a job.

This is the proof that’s in the pudding. I was talking with one of the head security guys at Google and he was mentioning that six of their large customers in the last six months conducted penetration tests against Google… with no results. 

A government customer for Google in Australia, in the military, was talking about the security of their network. Google proposed, “Well, let’s run a pentest on your network and mine. I know who’s going to come up on top. And this can be part of an evaluation.”  

This is not being cocky, but it is saying there’s a difference between perceived security and actual security and that Google is interested in actual security.

Of course, it wouldn’t be any fun for Google just to say, “Come try and hack us” if they didn’t try and hack other people.  

So they have a team called Project Zero.  

This is where they’re hacking their friends in Redmond and their friends in Cupertino. Of course they’re nice, not bad guys.

So when Project Zero finds vulnerabilities, they tell them about it. But the only catch is that they only give them 30 days to fix it.

Now for Google, 30 days is a very long time. For some of Google’s competitors, 30 days is not near enough. And if they don’t fix it, Google shames them publicly about their security vulnerabilities, and releases it to the press.

So, that entices the companies to do the right thing.

Now, the reason that they do this is not to be mean. It’s their philosophy that if the cloud is not secure for everyone, then it is secure for no one.

So, we’re all better off working together. Now, the way in which Google runs their infrastructure makes them very agile with security.  

And when I’m talking about agility, you could think about a zero-day attack. 

So, if there’s a new zero-day attack, what do you have to do today? Well, it has to come out, and it has to be discovered. After it’s discovered, you’re going to go and work with your AV vendor.

You’re going to say, please give me a fix. They’re going to develop a fix. They’re going to give it to you. Then you’re going to have to distribute it. You’re going to have to install it. You’re going to have to go through all this. How many days have passed already?  

But you’ve already been taken. The Chinese are in and out.  

Since Google is the world’s largest email provider (with over 900,000 active accounts), they have to be ready for zero-day attacks.

With AV and vulnerability scanning, Google has multiple layers. In addition to that, there’s a company out there called VirusTotal. That’s a Google company. Their sole reason for existing is to facilitate the identification and addressing of malware and threats.  

Now, in that same zero-day attack scenario, there’s a new zero-day attack, it attacks a Gmail user in Mumbai. Not only can Google protect that one user in Mumbai, they then immediately protect all other accounts in real time. 

This is the speed you have to move at to stay ahead in today’s world. 

Google can actually prevent incidents before they even happen now.

You guys heard about the Heartbleed SSL vulnerability? That was a big one last year. The POODLE SSL exploit? Google discovered all of those.

So, before they were even announced, Google was patched and fixed for those vulnerabilities over their entire platform, network, and user base.  

Google’s not always going to be the first one to find a bug. But, because of the way that they run their infrastructure, when it’s fixed once, it’s fixed everywhere.

This is the only way you really have a chance to stay ahead when it comes to cloud security.

Click here to read part 3/3

How Does Google Handle Cloud Security? (Pt. 1 of 3)

Why should you think about moving to the cloud?

And what does that mean from a security standpoint?

You’ve probably wondered that, as many people have — how does Google actually secure their data for enterprise use? 

What’s Driving the Migration to the Cloud?

When you think about what is available out there, you think about WhatsApp, or you think about Snapchat, it’s all built in the cloud.

These companies weren’t even thought of a couple years ago and they’re making a huge impact in the business world.

Take Uber. They weren’t around a couple years ago. They started out driving people and connecting people directly with the end-users and with the suppliers.

Now they’re moving people, and now they’re thinking about how can I actually even move products and services? So they’re growing very rapidly.

And because they started out in the cloud, they were able to scale themselves, and continue to grow and look at other products and services that they could be offering, actually in the space.

Airbnb, which is now valued more than Marriott, needed to scale. And the way they were able to scale was how quickly their business could grow – which had no limits since they are in the cloud. 

And so what are the driving factors for large companies like these to be born in the cloud or to migrate to the cloud?

Well, there’s a huge shift.

People are moving to mobile. And the only way that you can actually build applications in scale with people is actually have them build those applications into the cloud.

We know that even from a statistic from 2014 said that most people and internet traffic is now coming from mobile. 

And it’s only increasing.

As you think about your legacy systems that you have, how do you stay on top of this and the rate of change? How do you stay on top of it in front of your consumers and your customers, and also your employees? 

How do you give the right tools to your employees so that they can actually make quick decisions, get a product to market, and communicate and collaborate with each other?  

Considering that the cost of computing is almost zero, when you think about how you enter this space, if you look at just going pure cloud, or if you look at a solution that’s half cloud, half on-prem, it’s very inexpensive to move to the cloud.

So you can actually make good business decisions based on low cost.  

And then the rise of public infrastructure and the shift to mobile is something that I think we’re all looking forward to trying to figure out. How do we tap into those consumers? How do we get them?  How do we meet them where they are? How, when I walk into a store, can I put relevant information in front of them?  

And security plays a huge role in all of this changing landscape. If you think about the breaches that have just happened over the last couple of years, there has to be a serious focus on cybersecurity, whether it’s on-prem or in the cloud.

I think that’s what a lot of us are thinking about: to really understand how can you move to this place where we all want to go, and still make sure that your customer data is secure, make sure your employee data is secure, and make sure that you’re making the right impact for your business, but also making sure that you’re protecting those assets as well.

The Evolving Cloud Security Threat

When talking about security threats, my goal is to evolve your thinking about how to address these new security threats.

When Google thinks about threats that are addressing your business or your users, you have several new problems.

The bad guys out there are becoming increasingly more sophisticated. Their attacks are often well-organized, and very, very, very complex in nature, and difficult to defend against.

Now at the same time, your user base is not making your job any easier. Your users want to do things on mobile devices. They want to do things across platform. They want things to be easy, which is often a counter-intuitive proposition.  

Now when we start talking about the types of security threats that are being addressed today, we want to talk first about the ones that are kind of the standard, same old, same old. Situations like, “I have an on-premise system. It needs to be patched on a regular basis.”

Which is ultimately not successful.  

But here’s an example from the press, where both the Ukrainian government and NATO were attacked by hackers going through a known vulnerability on an existing on-premise platform.

This is the kind of security threat that Google has addressed for years.  

But this is not really interesting.  

The new threats are much, much more sophisticated.  You can’t really talk about hacking without having to talk about Sony.

The Sony attack, for those of you who don’t know, was a malware-based attack that came in – no one is actually sure – via an email or via a web session.

And it spread through all of their on-premise systems.  

They went in, they took all their email, all their documents, pulled them out of the system, and then they went ahead and wiped all of the servers clean.

This is the new sort of threat that you need to be able to defend yourself against. If you would like to go a step further, we can talk about JPMorgan Chase.

This is the largest data breach in US history.  

Again, an unpatched server on the edge, but what makes this different is the types of attackers.

This was an organized group operating internationally from countries from the US, to Israel, to Eastern Europe. And what happened is once they breached their systems, they found the sensitive data, and then they held it.

They didn’t expose it or use it until the price of that data hit the appropriate level on the black market.

You’re working against not just a couple of geeks in their basement trying to make a name for themselves, you’re working against a sophisticated set of users in a very for-profit business.

Last, but not least, let’s talk about state-sponsored tax.

So in the US, the FBI has gone on record and said there are basically two kinds of organizations out there. You have companies that have been hacked by the Chinese. And then you have companies that don’t realize that they’ve been hacked by the Chinese.

Now we can’t just pick on one group or one government because there are many, many governments, both friendly and less friendly, who are attacking infrastructure for data-mining purposes.

Google’s Scale and Approach to Cloud Security

Most people don’t understand the scale in which Google operates.

So I’m going to share a few Google secrets with you.  

Firstly, this is a picture of one of their data centers.

It’s not a particularly exciting picture, but what you see in this picture is special.

Everything here is custom-made for and by Google.

And what does that mean?  

That means on any given day of the year, Google is the world’s third or fourth largest manufacturer of servers in the world. This is sourcing our own silicon, everything from custom motherboards, proprietary operating systems, networking equipment, HVAC, etc… is all custom-made for and by Google.  

Let me give you a further example.  

Here is a picture of Google’s Jupiter Superblock.

This is a switch Google designed that pushes 40 terabits a second of data across their network.

That’s the equivalent of 40 million high-speed home internet connections.

And here is another one of their innovations, the Pluto Switch.  

The Pluto Switch sits on top of a storage array.  

Now, Google didn’t do all this customization just to be cool. They had to meet requirements that effectively didn’t exist in the market before. They couldn’t go and buy things off the shelf to solve their problems.  

And from a security perspective, this gives them some really amazing advantages.

We have security by obscurity.

Because you can’t go out and buy our server, or our OSes, or anything, and reverse-engineer them, people don’t understand how we operate.  

It makes it difficult for Google to be attacked. Since they own the whole stack, they’re actually are not inheriting security problems, whether built-in, on purpose, or by accident, from third-party vendors. They’re in charge of everything.  

And if there is a vulnerability, Google is in charge of fixing it. So they can respond very, very quickly.

This customization at the networking level, when we talk about building this equipment, it’s not just about providing a service. They’ve actually had to build their own internal networking protocols.  

So their equipment speaks a language internally to Google that doesn’t get spoken outside. And they have different protocols in different parts of the country in different data centers to further segregate and secure our information.  

And we haven’t even gotten to the cool stuff yet.  

The cool stuff is their network.

It doesn’t matter how you measure the network: by length, traffic, ingress, or digressive data, Google has the largest network in the world.

This photo shows Google’s dark and light fiber across every continent on the planet other than Antarctica. 

They have 13 undersea cables across the Atlantic and the Pacific. Their network just doesn’t connect data centers to each other, it connects their data centers to nearly every ISP in the world.

There’s a couple dark, dark heart-of-Africa places where they’re still two hops away. But this is Google’s differentiator.

Now what does this mean from a security perspective?  

Well, we can talk about where your data is at risk. It’s typically at risk when it’s in transit. And with Google, your users are typically one hop away. It doesn’t matter what device they’re on. They go from their device, their ISP, and you’re on Google’s network now.

And this also has great other benefits like: being able to collaborate in real time, have low latency, and you can operate across the world without having to worry about where data centers are located.

It just works. And this is how Google delivers all of their solutions. Whether it’s Search, YouTube, et cetera. Their network is so big on any given day, they’re holding between 25% to 38% of total internet traffic.

Because we operate globally, we can correlate security events that other regional players, or even larger players, simply can’t.  

So what might seem like a little anomaly here, it actually could be part of something much bigger. Think about things like a DDOS attack (Distributed Denial of Service attacks) Google can not only detect those in real time, but they can stop them because of it.

Google has even extended this as a project to protect journalists and free speech advocates from being blasted by third parties.  

This is something they can just do in real time without their engineering team needing to be paged.

Reliability of a Service

Google is known for being reliable. For example, when was the last time you saw down?

Google has actually solved one of the more difficult computer science problems at Google but they’ve not done a very good job of explaining it to the world.

If you’re in IT, we typically measure reliability with a Service Level Agreement (SLA). In SLAs, a company guarantees the service is available for x amount of time.  

With modern solutions, this has gotten foggy. Somehow everyone seems to boast getting 99.999% availability (five nines), but they’re down for maintenance on Sunday.

How is that possible? 

Google prefers to use a more precise engineering metric. It’s called MTBF – Mean Time Between Failures – and if you go out and buy one enterprise-grade device, you can expect that to last for 10 years before it catches on fire and it catastrophically fails, on average.  

The problem is scale.

Go from one device to 100,000 devices, your failure rate drops from one failure every 10 years to a failure every hour. Now scale that up to Google size, with literally millions, and millions, and millions of devices.

There’s always a constant rate of failure.

Hardware, network, software, something’s always broken. And this is the problem when we start looking at large enterprise solutions. It’s great when it’s small, but as soon as it becomes big, it’s hard to manage. It’s hard to secure. It’s hard to keep it up and running.

We talk about where you invest in your spend. If you’re spending 70% of your money keeping the lights on, then that’s not a good thing.  

So with Google, at their scale, with a constant rate of failure, how are they able to provide one of the most resilient internet services out there?

And it comes down to how they actually store and process data.  

How Google Stores and Processes Data

Now if you work at Google – it’s hard for them to say this without coming off as arrogant – but they’re really, really ahead.

They’re not on the cutting edge, they’re on the bleeding edge.  

They’re 10 years ahead.  

The technologies that they used 10 years ago are the ones that are being sold in the market.

You hear about big data. Google invented the NoSQL database. They invented these technologies and they’ve been iterating since then.

So let me explain how we store and process data, which is completely different from how everyone else does it. But it’s easy to get your head around.

So think of it like this: every single application that Google has, let’s say it’s Gmail, or Google Drive, or what have you, you have an instance per user.

Those are database associated with you – your email, your attachments, the index so that you can search that content. What happens when you actually store it at Google is the following.

I want to upload a file to Google Drive. I upload the file. It goes to the storage layer. It gets put to my personal database. I’m going to take that database. First, I’m going to break it into literally thousands of pieces. And then I’m going to run what’s called algorithmic encryption.  So this is running it through an algorithm.  

It makes it non-humanly readable. If I were to write it to a disk at this moment, I wouldn’t be able to tell who it belongs to or what application it goes to. After I’ve done algorithmic encryption, I’m now going to do key-based encryption.

So then I’m going to encrypt it with AES, as you’d imagine, normal standard encryption. Then I’m going to take the key that I used to encrypt it. I’m going to wrap that and encrypt it a second time, and keep it in an enterprise key management store.  

Now after I’ve taken the data, sharded it, obfuscated it, and doubly encrypted it, now I’m going to replicate it. So each tiny piece I’m going to take, I’m going to replicate it five times – data center number one – different drives, different servers, different racks, different connectivity to the internet.

Then bang – five more times data center number two, five more times data center number three, five more times data center number four.  

When it comes time to access this information, what am I going to do? I’m going to go out, the algorithm’s going to say, I want that file again. So it goes out. The algorithm gets every single copy, every single shard. It’s going to race it all back together. It’s going to reassemble it, de-encrypt it, deobfuscate it, and then present it to the user in real time. It’s like a computer science miracle.  

It’s very, very cool.  

And the reason that we do this is because this is the only way that we can get to this.

There’s always going to be a problem, and the idea is that the infrastructure is self-healing. It’s self-adjusting. If there’s an earthquake, or a power outage or something, your screen doesn’t flicker. You continue to be able to consume these services, and because of the way that we store the information, it’s not like we’re encrypting it at a file level.  

Google is taking it as a database, fragmenting it, obfuscating it, and then doubly encrypting it at multiple levels. So if there was to be some sort of breach, or internal actor, or someone trying to do something, they have a piece of a very large puzzle. Makes it very, very difficult.

If you really want to know about how Google does encryption, they’ve actually written and shared a very detailed encryption white paper. This is just one of the flows where we can talk about how we protect the data at rest.  

This is something that we can share with you guys, or you can send it to your security officer. And I’m happy to take questions on it. But we’re very, very open about that. Another thing that comes up is people are often concerned, where’s the data located?  

Now with us, first of all, we tell you. There’s a list of data centers. We have them all here. We share them with everyone.

But the thing to consider here is that your data is not in one or two of these locations. Your data is everywhere and nowhere at the same time. It’s fragmented, obfuscated, encrypted, and then replicated across our global data center network.  

Because of that reach of that network, latency is no longer a problem.

It doesn’t matter.  

I could keep it in Oklahoma, or I could keep it in Finland.

The performance is still going to be the same for you. Now because the way, again, in which this is stored, it makes it very difficult to attack you.

We use these data centers not just for providing services to enterprise customers, we use it for everything. So if someone wanted to attack your company, they need to literally attack all of Google. They need to be able to sort out and try to discover traffic, every YouTube video, cat video we’re showing, internet search, you name it. It’s all going through the same front ends.  

So it’s very, very hard to be able to attack you. Now Google encrypts all of their services while at rest.  

So Google made some huge strides here in engineering.

They used to only do algorithmic-based encryption. They’ve now upped their game. Now they’re not only doing algorithmic-based encryption, but now they’re doing multiple levels of key-based encryption for all of the services they have.

Some of these Google file formats, you can actually embed content from other data sources. So let’s say that you have a WordPress file in Google Drive that you want to put on your website. If you’re embedding third-party information, we’re not encrypting the third-party information.

But everything on our platform is encrypted.

It’s literally that simple.

Read part 2/3 here

Google Chromebit: What This Means for Digital Signage

You might have heard the good news…

Google released the Chromebit! Last month Asus, their original equipment manufacturer (OEM), released what is basically a computer on a stick.

Think: a Chromebox, but a little bigger than a flash drive that you can carry in your pocket and plug into any display, effectively turning it into a computer.

I participated in Google’s early Trusted Tester Program for the Chromebit and tried it out as a digital signage player for the Skykit digital signage service and as an end-user computing device.

I was very impressed.

What Does the Chromebit Mean for Digital Signage?

In the digital signage world, a player that’s truly enterprise-grade (security, manageability, scalability) can cost $800 each or more.

The enterprise-class Chromebit is a game changer at $85.

The Chromebit is a very capable device that performs as well as the larger Asus Chromebox. You can’t tell a difference in performance while playing any type of digital signage content (from videos to images). And it’s half the price compared to the Chromebox.

The Chromebit makes for the perfect digital signage player where wireless networking is a requirement. The low-cost, small form factor, and enterprise manageability make the Chromebit the clear leader in terms of price/performance/management/size.

The Chromebit includes both bluetooth and USB support which enables the connection of a keyboard/mouse combo. 

It is the least expensive stick-PC in history.


The Chromebit has 16gb of storage and 2gb of RAM (same as the Chromebox). It’s powered by a 1.8GHz Rockchip RK3288-C CPU with a separate ARM® Mali™-T624 GPU.

I tested the Chromebit side-by-side with the Asus M004U Chromebox with an Intel Celeron 2955U CPU and embedded Intel HD Graphics 4000/4400. The Chromebox is also configured with 16gb of storage and 2gb of RAM.

While not a true scientific performance analysis, the two devices running a digital signage application with the same content – still images, 1080p full motion video and stereo sound performed identically in terms of playback.

The Chromebit warmed up more than the Chromebox, most likely due to a smaller heatsink in the Chromebit form factor. Any performance differences were imperceptible watching both devices side-by-side.

Networking and USB Connectivity

The Chromebit includes 802.11 a/b/g/n/ac WiFi. Connectivity is rock-solid and there were no perceptible performance differences between the Chromebit and the M004U Chromebox unit. Networking performance was also very good when running the Chromebit as a computing device, browsing the internet and/or working with Google Apps.

The Chromebit was also tested with a USB Ethernet connection, turning off the WiFi through chrome management. Functionally, this worked just fine but the extended device may be more cumbersome to physically manage in this configuration.  

A keyboard/mouse combo connected with a small RFI USB adapter worked very well, as did the Bluetooth connection (Bluetooth V4.0 included).

Enterprise-Enabled Chrome Management

The Chromebit is an impressive computing device. But it truly stands apart from other stick-based PCs when it comes to enterprise management. The Chromebit is a Chrome OS device, meaning it can be fully managed, remotely, in enterprise environments via Google’s Chrome Management Console and enterprise enrollment.   

Power and Display Connectivity

The Chromebit plugs directly into a display’s HDMI port, or alternatively connects via included HDMI extension cable for tight connection locations.  

The Chromebit includes a small separate 18w power supply that requires an AC power connection. A USB-powered device would be ideal, but the Chromebit requires a little more power than that to operate.


All the features available in the Chromebit are matched by many other devices.  It’s the price and form factor that make the difference. This is an $85 stick computer that can be enterprise-enabled and managed as a computing device, or it can be used as an enterprise-class digital player for a your digital signage solution.  

That’s pretty hard to beat! For a more in-depth look at what to look for when evaluating hardware and software, you should check out the complete guide to digital signage

Written by: Jim Crowley
Sr. Director, Product Management

Privacy Settings
We use cookies to enhance your experience while using our website. If you are using our Services via a browser you can restrict, block or remove cookies through your web browser settings. We also use content and scripts from third parties that may use tracking technologies. You can selectively provide your consent below to allow such third party embeds. For complete information about the cookies we use, data we collect and how we process them, please check our Privacy Policy
Consent to display content from Youtube
Consent to display content from Vimeo
Google Maps
Consent to display content from Google