Have had a great day at Google CAB. Some of it was under NDA (non disclosure agreement), but there was a lot I can report on. This first post is going to concentrate on a topic that I think is really important - and much misunderstood. Security and privacy. It's the main topic of discussion when we tell people we've gone Google.
Let's start with data centre security. The scale of Google's operation is that they can afford to spend much more on security than we can. In fact, they can afford to spend more on security than most governments. They use biometrics including retinal scanning and thermographics for access control, their data centre hardware is built by them, and they completely destroy decommissioned discs by overwriting the data, crushing them, shredding them, and then recycling the materials. Their infrastructure is built with failure in mind, they have multiple connections from different providers to the internet, and all of their data centres can run independently to the power grid. There's an excellent video about their data centres here:
In terms of security of the data, they employ a full time team of security experts including cryptographers, specialists in application security, expert hackers. They have automated intruder detection and repulsion systems - and much more that they weren't prepared to share with us, understandably.
I can assure all of our users, your data is much more secure with Google than with us.
But what about privacy I hear you say - the Patriot Act means the US government can intercept and read your data, Google doesn't know where your data is, it's illegal to export our research data, data protection means we can't do this, it's OK for students but not staff - I could go on and on quoting the many things people have said to me. And they're all wrong!
So, lets bust some myths:
Google is the data processor, we are the data owners. They do not own our data.
Our data is stored in data centres in Europe and the US, where there is confidence in the policies of the countries where these are located - it is not stored all over the world.
All of our data is protected by Safe Harbor, which is fully compliant with the EU Data Processing Directive, and the UK Data Protection Act.
Moving to Google Apps does not increase our exposure to export controls (important in terms of research data).
The Patriot Act is a red herring. Exactly the same laws exist in the UK, but they aren't run through the courts. In the US there is a judicial process, here there isn't.
There's a number of reasons why you might chose not to go with Google, but concerns about security and privacy shouldn't be part of them. Trust me. I'm not that stupid. Neither are they!