In-Depth

Postini and Google: An Intriguing Combination

The Fortunes may soon smile on the combination of Postini’s communications security and Google’s SOA.

• By Chris DeVoney
• 07/24/2007

Google’s recent announcement of its acquisition of security communication provider Postini brought a single thought to mind: Huh? More specifically, what is Google doing? Google is trying to be all that it can be, providing “it” gets delivered through a Web browser. This combination of current and future products intrigues me.

Postini, which describes itself as a communication security and compliance company, currently serves 35,000 businesses and has 11 million individual users. The company processes two billion transactions a day. If you are one of the 35,000 or 11 million, relax. The acquisition brings a stronger financial base and some potential hosting infrastructure technology to Postini. If you aren’t a customer, even Fortune 100 firms should keep this combination on the long-term radar.

On its own, Postini has a compelling product. The company was one of the first to acknowledge that three different forms of electronic communications—e-mail, instant messaging, and Web browsing—need a common solution. They recently added Really Simple Syndication (RSS) feeds to the mix. While these forms may use different ports and protocols, they all comprise electronic data moving to and from the company.

Postini offers a hosted service that kills viruses and spam and reduces the raging e-mail torrent to a dribble (to fifteen percent of the original size). For bandwidth-limited companies and remote offices, that’s significant.

The service also extends the same protection to IM, RSS, and browsing. Because even good people can be suckered into questionable operations with a single mouse click, this multiple-point protection is essential in this day of blended threats.

The service also takes into consideration Senate bill S.495, the Personal Data Privacy and Security Act of 2007 sponsored by the Vermont tag team of Patrick Leahy (D) and Bernie Saunders (I). The act seeks to consolidate several state privacy laws into one federal law and sets some higher standards, such as media notification, when more then 5,000 individuals in a state are affected by a data breach. It calls for a fine and/or up to a five-year prison term for “intentionally and willfully concealing a security breach” when that leak causes economic damage to one or more persons. The bill is expected to get a full-Senate vote in September. Companies will have to adjust their costs, and future potential residency accordingly when calculating the impact of compromises or indiscrete e-mails and IMs.

From a productivity standpoint, Postini addresses browser blocking based on URL/IP address, key words, or definable context-sensitive content filtering. Postini even allows non-forbotten parts of a Web page through while blocking the unsafe remainder.

Such context-sensitive filtering applied to e-mail, IM, and RSS can address pertinent business and regulatory compliance issues. Proprietary corporate secrets leaving the building using e-anything isn’t just the stuff of Hollywood thrillers, but such instances are fairly rare. More frequent are e-mail or IM leaks, intentional or not, of confidential information such as protected health or credit card information. Postini can block all of the above.

Filtering can also be fine-tuned to specific groups, topics, or events. For example, a financial group can make sure employees don’t send “material” information during an SEC-imposed “quiet period.”More recently, Postini added better Web-based administration tools for settings and customization, better administrative and end-user message archiving and retrieval tools, and new search/report functions to handle e-discovery as mandated the Federal Rules of Civil Procedure.

What does the Google-Postini combination bring to large companies or institutions? Google’s Gmail is popular with individuals and the SMB market. Gmail is invading corporate turf, first by people (usually surreptitiously) forwarding their work e-mail to their account.

Some corporations have sought an outsourced solution as part of their messaging workloadand bandy about a $500/e-mail box cost—which probably includes the cost of housing the server. Gmail’s private-labeled Premier Edition offering at $50/person-year, however, can handle higher-cost remote sites, divisional groups, or even an entire corporation. Some corporations have even indicated an interest to use slimmer clients and to offload up to thirty percent of their current mailboxes.

Though there are security implications to outsourced messaging, recall that ADP has built a very successful business outsourcing one of the most sensitive subjects in a company and there's been no evidence of a compromise there.

Postini’s significant security expertise will help Google Apps. I’m not totally convinced about on-demand apps yet, and when someone extols the virtue of on-demand apps, I snort. In my workplace, significant portions still depend on CAT-3 wiring and 10 megabit Ethernet.

Postini vice president Sundar Raghavan acknowledged that infrastructure updates are always slower than predicted. He also points out that when the upgrade finally occurs, the results are dramatic, such as jumping to 54 Mbps wireless or one gigabit Ethernet.

Michael Osterman of Osterman Research thinks that Google sees themselves as a mini-Microsoft with robust message apps and productivity apps. He continues, “But if you go to someone and say you want to run all your applications online and forget about Microsoft Office, it would be like going to a mainframe guy in the 1980’s and saying you have this new IBM PC and do you want to replace everything you do on the mainframe.” Point made and accepted.

Osterman also believes that if Google is serious about enterprise e-mail, we should look for another acquisition (such as Zimbra or Scalix) that adds a better AJAX front-end for corporate use.

Today, the Postini acquisition offers another option on CIOs' and CISOs' messaging menu. As to Gmail and Google Apps, put a marker for both in the outer band of your radar.