Security and Risk

The Latest

22 October 2021: Google introduced the Work Safer program at the Google Cloud Next ’21 event. The new program includes the Google Workspace suite of products, and adds several third party cyber security services for endpoint security and access to legacy solutions. In addition, Google unveiled upgraded devices, including new Chromebooks from HP.   

A new in-house Google Cyber security Action Team was also introduced in the event. The group will take the lead in developing cyber security and digital products by leveraging the capabilities of the Work Safer program and developing training and policy materials..

Interestingly, Google is offering a whopping 50% discount for the term of the initial contact for all products (its own and third parties) within the Work Safer program.

Why it’s Important

The aim of the Work Safer program is to reinvigorate interest in the Google Workspace ecosystem.  

Microsoft continues to have a near monopoly on the office productivity space, and is using that position to drive organisations towards its Azure Cloud ecosystem and its security ecosystem. Microsoft’s strength is its breadth of services, support for legacy solutions and resistance to change by both desktop teams and office staff.  Creating sufficient impetus for change to a light-touch, collaborative environment of the magnitude Google proposes is hard.

Google Workspaces has a far smaller attack vector compared to Microsoft. Its architecture has been firmly rooted in zero trust since its inception - from the devices all the way to the apps, storage and access controls. However, organisations that have not yet gone down the Google path retain a significant array of existing network investments, legacy solutions, mixed access controls and identity management, devices and so on. To meet these clients' needs, Google has partnered with CrowdStrike and Palo Alto Networks to come up with endpoint protection and threat detection solutions. The partnerships should not be viewed as “Google is backfilling weaknesses in its ecosystem” (which is something we expect to hear from Google’s competitors soon. Instead, these partnerships should be viewed as Google recognising its ecosystem will need to sit alongside ecosystems based on architectures that were conceived several decades ago and retain complexities that need to be addressed.

With more businesses shifting to a remote or hybrid work setup, the risks of ransomware attacks through phishing campaigns, malware infections and data leaks pose a threat to these companies’ data security practices. As such, Google easily benefits from its product’s value proposition already being consumed.   

Therefore, it would appear that Google’s messaging is on point. 

However, from roundtable discussions with digital workspace teams held this month, IBRS has confirmed that Australian organisations’ ICT groups and senior executives continue to resist a major step-change in the office productivity and device space. Rather, most organisations continue to look for ways to extract more value from their existing Microsoft contracts, increasingly looking to expand their investments into Microsoft’s E5 security offerings.  

In short, Google’s challenge is not convincing organisations they have a better, leaner security model. It is not even being less costly than Microsoft.  

It is literally resistance to change.

Who’s impacted

  • CIO
  • Development team leads
  • Business analysts

What’s Next?

Even if an organisation is unlikely to switch to Google Workspace, it is beneficial to review Google’s architecture and which aspects can be applied to the existing architecture.

Organisations should also consider running Google Workspaces experiments with groups of remote / hybrid workers that have less connection with legacy solutions.

Related IBRS Advisory

  1. Deciding between Google G Suite and Microsoft Office 365
  2. Considering Chromebooks Part 1: Show me the money!
  3. Chrome OS: Follow the money