Since we chatted about this last week, and thanks to an engaging reader, I've been watching the drama surrounding Google's handling of the allegations from the Department of Justice that its Google Apps for Government offering doesn't have the proper security certification. With the U.S. Senate now investigating, this seems to be getting worse. The term "caveat emptor" comes to mind. Maybe this is why v3.co.uk's new poll has 3 out of 4 people suggesting Google's first priority should be not doing evil.
This is largely because I've been up to my neck in complaints from the company's Android partners that are also being sued at the moment. Not to mention the failure of the Xoom tablet has, apparently, caused other companies to put the brakes on shipping them. This is on top of the failure of Google TV and recent allegations that it has committed tax fraud in China. You may think that the tax fraud issue is off-topic, but the kind of fraud in which you fake invoices tends to get the folks whose invoices you faked into hot water as well and I bet that many of these folks are also Google customers.
Let's chat about Google's caveat emptor ("Let the buyer beware") attitude this week.
Over a decade ago, I watched a similar fast-rising company, Netscape, which also struggled with the idea that its products should be very cheap or free, enter the enterprise and government markets. I was brought in as a consultant when some of our largest clients, including Boeing and Bristol Meyers, considered Netscape's offerings. I, and most of my peers at the time, warned that Netscape was largely untested at scale and that it simply didn't have the maturity yet to protect the companies it served. While most listened, one didn't, and as the offering failed, I watched as the entire team on the company side of this deal got pushed out, regardless of whether they had supported the decision or not.
This is the downside of trusting a vendor that hasn't learned to protect its advocates. A decade before, a lot of folks who supported Windows NT ended up in much the same way while Microsoft was learning that lesson. This is why vendor selection is so critical and why allowing a vendor to buy into a market before it has learned how to protect the folks who favor it is foolhardy.
Google's Battle in Los Angeles
Like it was for Netscape and its first big reference account, it is now for Google and Los Angeles. With huge budget shortages, you can imagine that Google's nearly free offerings would be very popular, but with reports that Los Angeles is about to sue Google over problems, that doesn't appear to be the case. Remember in a named reference account, because it is so visible, the firm typically bends over backwards to ensure things happen as expected.
The customer was happy even though most of us were still recommending that folks run away from this as-yet-unready solution at the time and, from a customer perspective, they don't care if Microsoft or Google are profitable on the deal, they just care that what they purchased actually works. And it looks like Google, in what feels like a similar decision process to Netscape's, didn't adequately resource the Los Angeles effort, which is why it seems to be imploding. Trust me, when a reference account starts talking about suing a vendor, as Los Angeles is doing, something has gone terribly wrong with the executive decision process with the vendor.
Google FISMA Political Dance
As some of you may recall, I was a compliance officer for a time at IBM doing government audits. That job truly sucked because if you don't find a mistake, folks wonder if you are competent, and if you do and it is significant, they act as if you cost the company the fines and payments that result. I fell into the latter class way too often. But you develop a questionable skill in terms of understanding government-speak.
After my last post, the GSA released the following, which seemed to suggest that Google was certified:
GSA certified the Google Apps Premier environment as FISMA compliant in July of 2010. Google Apps for Government uses the Google Apps Premier infrastructure, but adds additional controls in order to meet requirements requested by specific government agencies. The original FISMA certification remains intact while GSA works with Google to review the additional controls to update the existing July 2010 FISMA certification.
By the way, it is interesting that the GSA is sending this out for publication while refusing to put it up on its website.
Now if the GSA wanted to say Google Apps for Government was FISMA-certified, it could have just said "Google Apps for Government falls under the existing certification for Google Apps Premier and is certified." The fact that the GSA specifically did not say this is why it was red-flagged when I read it. In the first sentence, it says that Google Apps Premier is certified and in the second that Google Apps for Government is different than Premier. In the third, it says that the original certification for Google Apps Premier is in place and that a certification for Google Apps for Government is in the works. The only body directly involved in this process saying it is certified is Google. Last time I checked, Google is not the U.S. government, at least not yet.
No wonder the GSA won't post this on its site, and I doubt it is happy that Google put it in this ugly position because it is clearly now covering up the mistake of not catching this lack of certification.
This paragraph, which is being used to say that the GSA says Google Apps for Government is certified, says nothing of the kind. It simply reasserts that a different product is certified, asserts the difference between the products and clearly states that Google does not have the needed certification yet. But it is written to imply otherwise. Got to love political bodies, but clearly Google and Google supporters are reading into this statement things that simply aren't there.
I do a lot of work for companies that license Android or work in the Android ecosystem. Many are being sued by a variety of vendors and they constantly complain that Google is leaving them in the dark and delivering incomplete products. The failure of the Motorola Xoom has Motorola talking about doing its own OS now and it is concerned about Google's lack of customer care.
Google seems to be starving the Android group to a degree where they can't address vendor concerns and the only thing that seems to be keeping the vendors on board is the lack of a viable alternative. The rather humorous part of this is that many of these vendors have been complaining about Microsoft and now seem to see Microsoft in a vastly better light at the moment thanks to their treatment by Google. Ironically, Google seems to have done more for Microsoft's own image than anything Microsoft itself has done.
But the clear lesson again, even here, is that you can't depend on Google to have your back.
Google: Caveat Emptor
In the end, it looks like Google basically has taken the position that folks should be happy that what it provides is either free or very cheap, and should be covering their own backsides and not complaining to Google. This is likely because Google still gets over 90 percent of its revenue from advertising and it just doesn't feel the need for much customer care at the moment. This kind of defines the difference between frugal and cheap. Frugal is when you avoid unnecessary expenses, cheap is when you avoid spending that is critical. From my perspective, it is critical to use vendors that will protect their accounts over those that believe your satisfaction is immaterial. Your perspective may be different. I respectfully suggest, if that is true, that you look at Los Angeles and the Android licenses and change that perspective.
And, in any case, until Google steps up to its responsibilities, you should remember that with Google, it's caveat emptor.