I've been surprised to see such unanimously negative comments on a recent MSNBC article regarding the potential use of Google Apps by LA county California. I wouldn't be at all surprised to learn of Microsoft employing large scale commenting operations to push negative PR on the net.
This pretty much summarizes the sentiment:
"A decision to place confidential data into the hands of Google instead of simply upgrading the City's own IT infrastructure and retaining behind-the-firewall control of its data and digital resources would be one of the worst decisions it could ever make," said one poster.
There are some very disastrous misunderstandings about the decision being referenced here. Let's start with email. Do you think that the city of LA has a secure email system? Email definitely travels outside the office, where you can't control communication. People check their city email all the time from home or while on the road. I will wager any amount that the email component of Google Apps is much more secure than what they are currently using. Here's why:
1. Everything is 100% encrypted. At this point, there is no way the city of LA is emailing conversations to employees through an encrypted connection all of the time. That means they are at risk of being snooped on at any point along the chain, from their local ISP to the big communication providers.
2. The architecture at Google is far stronger and more reliable. I feel it would be wrong to assume that whatever method they are currently using to store backups of email and maintain uptime for email service is superior to Google. If you think that Microsoft Exchange, and lots of hard drives is your idea of security, then ok, move along. It simply costs taxpayers money if email is not working, and Google Apps email works. If anyone wants to argue against that point, show some evidence of comparative down times.
3. The filtering is superior. Google Apps email will prevent inefficiencies and, more importantly, viruses from spreading. If you think the city of LA has some kind of standardized, broad virus/spam filter that works better than Google currently, then, well, just move along. If you think they can implement a standardized broad system (like corporate Symantec) that will be less expensive and work just as well at filtering, then you are mistaken.
Now, that's just email. There is no argument here. Google can provide a more reliable, safer, and most of all more cost effective solution and taxpayers need to realize that. Google Docs is another issue altogether. The main question is, how is the city of LA currently sharing documents? There is a misconception that whatever they are doing now is secure because there is not currently some kind of scandal or break-in. I will again bet any amount of money they are:
a) Attaching sensitive documents to emails and sending them around, unencrypted, to co-workers.
b) Using some kind of VPN / web-based solution to log in to their office data through some kind of remote access setup.
Both a) and b) are huge security risks. People need to access some documents remotely. They are most likely doing it with Microsoft products currently, attaching documents to Outlook email and sending them along, unencrypted, and they are also using 3rd party software and Microsoft tools to get access to "behind-the-firewall" content. Does anyone have any clue about the history of the security of Microsoft products? It's terrible, sorry.
Finally, this really has nothing at all to do with anything about Google. The platform is entirely irrelevant, really. What matters is their internal security policies, period. If they are not equipped with a method to prevent "social hacking" for example, criminals are going to get access to "behind-the-firewall" content no matter what platform they use. If people choose stupid passwords or if IT administrators place terminals with access to sensitive documents where a criminal can physically get to them, then no amount of amazing "upgrading" you do will matter.
Fundamentally, the city of LA needs to decide what information can be accessed remotely. A smart security policy would be that, no, you can't get access to important data unless you gain access to a building with armed guards, an ID check and 3 methods of authentication on system that is physically disconnected from the internet. You don't use Google for that, sorry folks, that's something else entirely. The Google Apps product is just not the total solution, and it is a mistake to assume that stuff like "FBI investigations" are somehow magically accessible by they Chinese if they can just guess someone's password. If that's the case when they are using Google Apps, it was the case BEFORE they were using Google Apps.
IT decisions, especially in cases of large scale, are not based on all-one solutions and policy is more important than platform.
16 July, 2009
Twitter Google Apps Not Hacked, TechCrunch, Michael Arrington, and Online Security
Today, there is drama surrounding the trendy social networking website Twitter. To summarize, someone managed to get into their corporate Google Apps account and then proceeded to email confidential documents to (at least) TechCrunch. TechCrunch is run by Michael Arrington, who has begun publishing those documents. It's important that everyone understand that this drama has absolutely nothing to do with Google Apps security. In fact, Mr. Arrington states incorrectly "the original security hole seems to be Google, via Google Apps for your Domain."
Update: This statement was later removed, but there is another statement "It's not our fault that Google has a ridiculously easy way to get access to accounts via their password recovery question." The word "Google" in that sentence really should be replaced with "Google's Gmail service."
Tell you what, how about you try and hack OUR Google Apps? Go to http://mail.blisstechnology.net/ and look down where it says "Can't access your account?" and click on it.
You will get nowhere.
And this is the DEFAULT setting for Google Apps across the board. There is no "security question" for Google Apps users, period.
Now, Gmail is a different story. So are a million other online services that offer security questions as a "password backup." What happened was someone at Twitter, Inc. had a gmail account (@gmail.com, not @twitter.com) which had a very poor security question that someone guessed. From inside the gmail account, they were able to find an email that provided access to Twitter's Google Apps. Oops.
So what lessons can we learn here? Google Apps is stronger than Gmail. Security questions are not something anyone should use ever and if a security question is required, then you make up something utterly ridiculous and unguessable as your answer and write it down in a secure place. Never use personal email for business. Think seriously about security in general in 2009 and beyond - it's way past time to be nonchalant about the subject. Oh, and don't read TechCrunch.
Now, Bliss Technology can't comprehend why Michael Arringon would sacrifice good sense for a quick rush of drama through publishing "secret" documents he obtained, but in our opinion, it's probably not a wise idea to annoy Twitter and their users. A quick search of http://search.twitter.com/ shows his "cool commodity" dropping like a lead stone into a bottomless pit, the social wildfire burning with hatred across the twittersphere, instant and raging.
As we take security seriously, we advise clients about these issues all the time. We also realize that Google Apps, cloud computing, and the online world in general have some PR challenges ahead, in spite of the extensive and shockingly awful history of true hacks and exploits (not just password-guessing) of software, usually Microsoft, that is not in the cloud. That is why I wrote this - to explain clearly the issues surroudning this drama and add our voice to reason, voices who loudly support Google and the cloud, who sing every day about the need to take security seriously, and who speak with distaste when reporters just get our industry flat wrong.
07 July, 2009
Change of password by administrator
This guide is for administrators who are changing the password of a given email account.
1. Log into your administrator account.
(if you are the administrator, this will most likely be your normal email account)
2. In the top right portion of the screen there are a series of options, "Manage this domain, Settings, Older Version, Help, Sign out". Click, "Manage this domain".
3. The screen that appears is your, "dashboard" screen. Click the, "users" button next to the, "Create new users" button. There will be a number in front of the word, "users" that depicts the number of active accounts.
4. Select the user who needs their password changed by clicking their name.
5. Click, "Change password" and create the new password.
6. Click, "Save Changes" at the bottom of the screen.
06 July, 2009
Bing and Google; Bing vs Google
Very few would argue that Google isn't on top of the pile when it comes to preferred search engines. Yet, Microsoft will never go unheard. Enter "Bing" Microsoft's bid in the world of search engines.
Being an avid follower of Google, I find Bing troublesome in the same way I find a new pair of boots that will never quite fit right troublesome. I suppose this could be chalked up to the normal friction that comes from using a new piece of technology.
I'm playing around with Bing, comparing my findings with Google's and so far things have stayed pretty interesting. As interesting as they can when your comparing search engines that is.
First thing I searched for, "write for me" Google shows twice as many results as Bing. Could this be better optimization? Or is this just a new search engine not getting the full picture just yet? Honestly, I have no idea. I'll probably never need 500 million results. I don't really need 250 million results either.
Next, I searched something with a slightly vague, but much more obvious goal in mind, "Dave Tate". It isn't like searching for Chuck Norris. Tate isn't Bubba Gump, but he has a substantial following, all be it a tightly nit group.
Google brought me nearly 1million results. Again, I didn't look at them all, duh, but the first result was the man's store, exactly what I was looking for. Under that were articles and whatnot written by Mr. Tate.
Bing's results went in a different direction. Apparently there is a singer/songwriter named Dave Tate. Regardless, Google was more spot on in this instance with less than half of the results of Bing. This could point to social quirks on my part, sure. But I was looking for gym advice, not soothing melodies.
I have no idea what these searches mean just yet. Or if they mean anything at all. In some cases Google returned more results, in some Bing had more. I think there is enough space in the open spans that is the internet for more than a handful of super interesting search engines.
Each search engine will have its own way of finding the query, sometimes they will fail utterly, other times they may bring you exactly what you want. If you are die hard Bing'er, give Google a shot when you're frustrated and can't find what your after. Same thing goes for us Google folks. There is no reason why Bing and Google can't play nice.
30 June, 2009
What is Google Voice? Personal Phone Number, Custom Fowarding, Voice Mails, & Text / Transcribing
Google purchased a company called Grand Central and is turning it into something called Google Voice. It's a lot of things, but most of all, it's a revolutionary phone service for you that's free. First, you need to pick a phone number.
Once you have a number, you can do all kinds of cool things with it. For example, you can assign custom voice mail messages to individual callers or groups of callers. Like, "Thanks for Calling Bliss Technology" for business associates or "Hi, Honey, On the Airplane Until 5pm" for your wife. Also, you can get text transcriptions of voicemails sent to your phone or you can access them on the web. No, it's not perfect, but close enough!
Ultimate forwarding power. You can actually assign forwarding to specific groups. In other words, you could automatically route business accounts to specific representatives or unknown callers to the secretary.
Advanced tracking. Here at Bliss, we intend to combine Google Voice with online advertising so we have a simple way to track leads! Basically, we'll set up a custom phone number for each ad campaign and then route those calls in-house or to a designated client rep. Each call that comes in will be entered into a database (just the stats, not the content of the call). Now, THAT'S cool.
29 June, 2009
Unlocking Captcha in Google Apps
We recently were having trouble with a Blackberry (on Verizon) and adding a Google Apps account. We were 100% we had the password right, but we kept getting a kickback on authentication. What was the problem? Captcha.
In order to unlock your Captcha authentication (triggered by failed login attempts), go to http://google.com/a/yourdomain.com/UnlockCaptcha. There, you will be able to enter a captcha code once and then your account will no longer require it. As soon as we unlocked it, our troublesome blackberry account installed with no issues!
23 April, 2009
Labs Spotlight: Attachment Reminder
Google Labs is a breeding ground for new ideas that need to be put to the test. Google does a great job of testing new products they think will make our lives easier, more efficient, or just more fun. They make it a new toy, stick it in Labs, and let us play. If we like it, we send them feedback and tell them so. If we hate it, everybody lets them know. When Google decides that we simply cannot live without whatever tool they have cooked up, they make it official by moving it out of labs into the general population of gadgets.
Otherwise, nails are driven into the digital coffin, and the gadget is forever done away with.
Our first installment of Labs Product Highlights is going to look at the attachment reminder, or what Google calls the "Forgotten Attachment Detector".
This handy little gadget aims to prevent you from going on and on about how cool what the document you are getting ready to attach is, and then smacking the Send button without actually attaching the file. I can't convey how many times this happens to me, or how many times I've groused at people who aren't around to defend themselves when they forgot to attach a document.
Here's how it works:
As best I can tell, you mention the word "attachment" anywhere in your email. If you forget to actually do the attaching, poof! A pop-up window alerts you that you're about to send that email without the attachment. Some might think it's a little Big Brother-ish, but I don't mind as long as I don't look like a fool when I'm emailing a client.
The only problem I see is that it really needs to key in on other forms of the word "attach" (e.g., attached, attaching, etc.). Currently, it doesn't work if, for example, you type "I've attached some photos..." instead of something involving the word "attachment" specifically. It is still under development, however, so hopefully we'll see that feature implemented soon.
So what do you think? How many times have you forgotten to send an attachment? Was it important or did your frat brothers not get to see some epic shaming of the first to pass out? Did it result in a miscommunication? If you are the type who often forgets to send attachments, this might be just one more helpful tool from Google. I wouldn't be surprised if it sneaks into all Google mail systems once its beta testing is complete.
13 April, 2009
Twitter and Google
Contrary to rumor, Google does not plan to buy Twitter. Well, at least not yet.
There may be a day when Google goes after Twitter's pink slip, but that isn't today. Today they are trying to capitalize on the massive and growing network that is Twitter.
Here is the skinny:
If you advertise on Twitter via Google, your Tweets will be pushed into the AdSense program. AdSense is the advertising program that allows website publishers to generate ad revenue by placing Google ads on their websites. The ads appear around content related to the subject of the ad. For example, if you visit a website that uses AdSense and read an article about shoes, you might see an ad for Zappos.com on the same page as the shoe article.
Google's plan for Twitter would publish advertisers' Twitter posts (or "tweets") as part of AdSense. This is not necessarily a way to increase direct sales. Rather, it works sort of like a blog.
When you write a blog entry for your website, there is of course the ever present goal of SEO (search engine optimization). However, a blog also allows readers to associate a friendly face with whatever is being promoted. Someone is out there talking to YOU!
Creating a Twitter account for your company is much the same idea. It will promote a very friendly atmosphere and give your followers (i.e., your customers and potential customers) a sense of fellowship with your company. It also offers the added advantage being on the "cutting edge" of what's going on with your business. It can ultimately be a very important news feed.
The best way to keep a person's attention is to stay in their line of sight. With Twitter, you essentially are tapping into a free means of contacting your customers FOR FREE all the time.
Let's say there is a corner gas station that has someone tech savvy enough to tweet about his day while at work. Said employee may actually have a fun story line going on his daily tweets about funny little things that go on when people win 1 dollar on their 15th $1 lotto ticket, etc.
This employee has no new material for his lunch break tweet so he decides tweet, "Free hot dog with a tank of case during lunch hours". Technically our employee isn't lying. Sure you can get a free hot dog during lunch hours if you fill up with gas. But the deal isn't new. They always offer that special. However, he is putting it in front of people again. He is stepping into people's line of sight. That day, sales are very likely to increase on gas during lunch hour. When people come in to get their free tube steak they are probably going to grab a ice cold diet coke to wash it down, maybe even a pack of gum to ward off the onion breath.
Not only that, but Twitter users like to share information with friends, often through "retweeting," i.e. republishing another user's post in order to share the information with others. Not only will the gas station gain business from their Twitter followers, they're also likely to be visited by the friends of their followers as well.
Although the delivery mechanism is new, the basic concept is Marketing 101: Stay in front of the customer. Even if you aren't directly promoting a sale or other incentive, just tweeting about your day-to-day business keeps you in your customers' minds. When they need what you have to offer, it's more likely that your company will be the first that springs to mind.
Twitter it. Stay in front of the customer, stay informed, and do it with Google.
There may be a day when Google goes after Twitter's pink slip, but that isn't today. Today they are trying to capitalize on the massive and growing network that is Twitter.
Here is the skinny:
If you advertise on Twitter via Google, your Tweets will be pushed into the AdSense program. AdSense is the advertising program that allows website publishers to generate ad revenue by placing Google ads on their websites. The ads appear around content related to the subject of the ad. For example, if you visit a website that uses AdSense and read an article about shoes, you might see an ad for Zappos.com on the same page as the shoe article.
Google's plan for Twitter would publish advertisers' Twitter posts (or "tweets") as part of AdSense. This is not necessarily a way to increase direct sales. Rather, it works sort of like a blog.
When you write a blog entry for your website, there is of course the ever present goal of SEO (search engine optimization). However, a blog also allows readers to associate a friendly face with whatever is being promoted. Someone is out there talking to YOU!
Creating a Twitter account for your company is much the same idea. It will promote a very friendly atmosphere and give your followers (i.e., your customers and potential customers) a sense of fellowship with your company. It also offers the added advantage being on the "cutting edge" of what's going on with your business. It can ultimately be a very important news feed.
The best way to keep a person's attention is to stay in their line of sight. With Twitter, you essentially are tapping into a free means of contacting your customers FOR FREE all the time.
Let's say there is a corner gas station that has someone tech savvy enough to tweet about his day while at work. Said employee may actually have a fun story line going on his daily tweets about funny little things that go on when people win 1 dollar on their 15th $1 lotto ticket, etc.
This employee has no new material for his lunch break tweet so he decides tweet, "Free hot dog with a tank of case during lunch hours". Technically our employee isn't lying. Sure you can get a free hot dog during lunch hours if you fill up with gas. But the deal isn't new. They always offer that special. However, he is putting it in front of people again. He is stepping into people's line of sight. That day, sales are very likely to increase on gas during lunch hour. When people come in to get their free tube steak they are probably going to grab a ice cold diet coke to wash it down, maybe even a pack of gum to ward off the onion breath.
Not only that, but Twitter users like to share information with friends, often through "retweeting," i.e. republishing another user's post in order to share the information with others. Not only will the gas station gain business from their Twitter followers, they're also likely to be visited by the friends of their followers as well.
Although the delivery mechanism is new, the basic concept is Marketing 101: Stay in front of the customer. Even if you aren't directly promoting a sale or other incentive, just tweeting about your day-to-day business keeps you in your customers' minds. When they need what you have to offer, it's more likely that your company will be the first that springs to mind.
Twitter it. Stay in front of the customer, stay informed, and do it with Google.
06 March, 2009
All About Google - March 2009 Update
Google's been up to quite a bit in the first quarter of 2009 and here's your rundown of some of the best updates:
Google Sync for Mobile — for a while now, it's been easy to synchronize Google Apps with your Blackberry. Now, there is a new (beta) feature to sync up with the iPhone and Windows Mobile devices! Click Here.
Goolge Calendar Offline — One of the most common questions about Google Apps is "Can I access it if I am offline?" With Google Gears, you have been able to access mail. Google continues to move forward with the plan to make everything available offline with Google Calendar offline. Get Gears to use this service.
Google Health update — you can now share your profile with trusted friends, family, healthcare provider by entering their email address. Click Here
@Google Talks — listen to many different types of people give seminars and talks at Google. Fascinating stuff! Click Here.
Google Power Meter — Energy efficiency is cost savings. Studies show that understanding energy usage is one of the most effective ways to improve energy efficiency. As technology improves to monitor this, Google is working to make that information easy to access and understand. Click Here.
Google Sync for Mobile — for a while now, it's been easy to synchronize Google Apps with your Blackberry. Now, there is a new (beta) feature to sync up with the iPhone and Windows Mobile devices! Click Here.
Goolge Calendar Offline — One of the most common questions about Google Apps is "Can I access it if I am offline?" With Google Gears, you have been able to access mail. Google continues to move forward with the plan to make everything available offline with Google Calendar offline. Get Gears to use this service.
Google Health update — you can now share your profile with trusted friends, family, healthcare provider by entering their email address. Click Here
@Google Talks — listen to many different types of people give seminars and talks at Google. Fascinating stuff! Click Here.
Google Power Meter — Energy efficiency is cost savings. Studies show that understanding energy usage is one of the most effective ways to improve energy efficiency. As technology improves to monitor this, Google is working to make that information easy to access and understand. Click Here.
16 January, 2009
EasyCGI mail problems and more. Moving domains, changing DNS, and email to Google
We recently encountered a new client who is hosted by EasyCGI. Their email was completely down (again) and there was no specific time frame when it would be back up again. So, they asked us to help. That's when the trouble began... The control panel interface to their domain did not provide access to CNAME records, did not show any way to remove existing MX records, and worst of all, they were even unable to modify the nameservers of their domain so they could leave completely.
Finally we got through another tech support representative who informed us of an alternative method to access their domain, where we were able to unlock it. Although we could proceed with changing the nameservers (which usually means a significant 1-2 day delay), the new rep did find a method to add CNAME records so we could at least implement the Google Apps account.
If you are experiencing problems with EasyCGI, then we suggest considering moving your mail services to Google Apps!
Finally we got through another tech support representative who informed us of an alternative method to access their domain, where we were able to unlock it. Although we could proceed with changing the nameservers (which usually means a significant 1-2 day delay), the new rep did find a method to add CNAME records so we could at least implement the Google Apps account.
If you are experiencing problems with EasyCGI, then we suggest considering moving your mail services to Google Apps!
Subscribe to:
Posts (Atom)
Posts
