Archiving101.com

Remember this article that I wrote? It doesn’t seem that hackers need to try to get to your information when its in the all praised buzzword SaaS cloud. Techcrunch reports that even the almighty Google can mess up and had private documents shared without permissions.

http://www.techcrunch.com/2009/03/07/huge-google-privacy-blunder-shares-your-docs-without-permission/

There are a LOT of reasons why I don’t like Software As A Service (SaaS) for some mission critical applications. The biggest one is giving up control of your data! I don’t like having potentially sensitive client documents and work product in the hands of unknown parties. “Oh, but it’s Google, it’s safe!” Sure.

As the article above explains, even Google can sometimes mess up and compromise your documents. How about if it was a strategy memo for a client that ended up in the hands of opposing counsel? Potentially nasty? You betcha. Can you imagine the headlines when a hosted archive vendor was running both Merck and Pfizer and their information was freely shared amongst the users of the archives?

And do you know who has keys to your server room at your office? I’m sure you do - you can probably count those people on one hand; you may even eat lunch with them on a regular basis. Do you know who has the keys to Google’s server room? No. And you can say that about just about any online provider - you just don’t know who has access to those servers and that means you don’t know who has access to your documents.

That worries me. And if you handle confidential client work-product then it should worry you too.

Just before I was about to enjoy my first days off on vacation since September of 2007, I saw the news about Heartland Payment Systems suffering from a major breach.   About 250,000 companies leverage the payment services of Heartland and millions of creditcard numbers got stolen.   The whole SaaS archiving thing is something I understand, but also am concerned about for something that might not be as obvious to some.

At Heartland, the hackers went after creditcard information.  Why at Heartland?  Well … there were about a 100 million of them in one place .. once they got in .. they basically got the motherload .. no need to go after the small stuff right?  The deal with SaaS archiving is about the same.  About 75-80% of corporate IP is in email these days.  Its not just your ‘I’m going to lunch’ invite anymore. People are exchanging contracts, blueprints, personal/business records and who knows what more in email.  It is the defacto standard .. its all there.

When you are thinking about one company .. it might not be such a big deal .. once you start to put all of the corporate IP of lets say .. 4,000, or 10,000 .. or maybe 20,000 companies all in one bucket … we are all of a sudden creating this enormous honeypot of extremely valuable information right there and then.   Now .. I pretty much expect that all hosting companies are going to fall over this article and claim that customers data is secure and that data is encrypted and in a sense they are right … Heartland Financial also says that they provide “Technologically advanced security that safeguards personal and account information“.   Those smart enough all know that encryption is just a fancy word for “It will take longer for you to read it”.

My concern is simply that cyberterrorists might not simply want to go after our creditcard numbers, but opt to go after our bucket of corporate IP instead (especially when so much of it will be all in one place).

Today Google announced that it has added new option for archiving messages up to ten years for their Google’s Message Discovery solution, which is based on its 2007 acquisition of email archiving services vendor Postini. This new option is available for a flat fee of $45 USD per user per year, which raises the biggest question of all instantly. Isn’t Google pricing itself out of the market with this steep price?

Not only pricing, but a recent Forrester Research report also attributed relatively slow adoption of email archiving SaaS to network latency in accessing off-site archived messages and searching them for e-Discovery.

Google will continue to offer a one-year retention period for the existing fee of $25 per user per year. Both packages also include spam and virus filtering, policy management tools and, of course, search.