Arbitrage

I walked out of the Google Apps Marketplace launch last night in Mountain View convinced of a couple of things. One, Google consistently gives out cool schwag, caters well, and runs some of the best lit PR events in the tech space. Perhaps as important, with the new Marketplace, Google has extended the same degree of hospitality on the Apps front and in doing so, they have established a new standard for how business users should expect to use applications. The Google Apps Marketplace is a retail storefront and a set of APIs that enables a bundling of tightly integrated SaaS applications. The apps demoed last night represented a range of business processes from Intuit's payroll to Atlassian's product management to a force.com CRM app from Appirio - all showed seamless integration with Google Apps such as GMail, Calendar, Chat and all kept the user completely in the browser for all tasks.

From an Identity standpoint, Google has positioned Single Sign On as a default integration point. 

The Apps Marketplace model lets users move into and out of all manner of secured business applications without logging in over and over. Removing logins from the flow is a huge step forward in usability. By putting SSO front and center, Google has established seamless SSO integration across multiple apps as an expected part of the user experience - other competing Cloud platforms will likely follow suit. More tightly integrated apps and less logins is all good news for end users.

On a personal note, it's great to see the vision for seamless access to Cloud applications that we have been working on at Ping Identity get mainstreamed by Google. We've collaborated closely with the team at Google to develop secure solutions that make it simple for SaaS vendors to plug into the Google Apps Marketplace. Look us up if you'd like more detail on how it all works.

The anatomy of the Twitter breach as detailed in TechCrunch speaks clearly to the lengths that a determined attacker will go to gain access to proprietary information. The specifics of the attack are complex and involve a number of ingenious inter-related actions on the part of the attacker who did ultimately gain access to a single user credential at Twitter. Although the methods used are complex and much of the post game discussion has focused on high level security risks associated with Google Apps, the fundamental architectural characteristic that makes this type of attack possible at all is the publicly available web form for collecting user names and passwords.

The attacker was able to manipulate all of the publicly available functionality that is set up to support web form authentication and gain access to sensitive information as a result. Exposing password resets, question based authentication, email notification – (i.e. all of the machinery required to support the public web form) to anyone with a browser is an invitation to serious mischief.

The Twitter breach is a teachable moment for companies adopting cloud applications. In simple terms – since the fundamental risk is having web authentication forms on the public Internet, it follows that the best place for authentication of enterprise users to occur is behind the firewall. Technology designed to make it simple for companies to leverage an existing secure authentication (that happens on a secure network ) to provide access to cloud based applications is the most secure, least intrusive, and most cost effective way of addressing security risks like the ones that were exposed at Twitter.

In my five years and counting at Ping Identity we’ve built from zero to a customer roster of over 370 companies around the world, including 42 of the fortune 100. To a large extent, the credit for Ping’s growth goes to the simple premise that there is inevitable trend that continues to move credential collection to the most secure location available. The recent news about Twitter and their struggle with authentication to Google Apps fits this pattern perfectly.

The implications of this trend for emerging cloud based Identity Provider solutions are an interesting related topic. Ultimately, credential collection can be done securely on the public Internet - but it requires well thought out layering of single sign on, monitoring, and strong forms of authentication. More on the best practices developing around Cloud based Identity Providers in a future post...

I attended the Google Enterprise CIO Summit at the Google offices in Cambridge yesterday. Dave Girouard, Rajen Sheth and Alex Diacre presented. Couple of interesting takeaways/quotes:

• Google is the worlds 4th largest manufacturer of servers – behind Dell, HP, IBM. They build them to run in their own data centers. It’s the kind of overlooked data point that helps people understand the vast resources Google can/will put behind their Enterprise IT business.

• Google Enterprise is currently profitable as a standalone business.

• Dave Girouard did an excellent job of explaining why continuous innovation is the key to Google’s future in the Enterprise. Right now they are innovating to make email and calendar migrations meet Enterprise requirements – but in the near near future they will be delivering differentiated apps and features and platform capabilities that will drive adoption of Google as a core Enterprise vendor. Today they differentiate primarily on ROI  – and they have a strong story there – but in the not too distant future Google will differentiate on feature/functionality (think of the role Wave can potentially play in changing enterprise communications). This should scare Microsoft.

• The customer stories and case studies show that Google Enterprise is still in an early adopter phase. Lots of patterns and best practices are yet to be sorted out.

• Money quote from a large customer that recently migrated from exchange to Gmail – “dumping Exchange/Outlook was a big step towards getting everything into the browser”.  “Everything into the browser” is a good way of thinking about where cloud computing is taking Enterprise IT and if Enterprise IT is moving to an “everything into the browser” world – that’s a world where Google is, without doubt, one of the winners.

The momentum around the migration of enterprise IT architecture to On Demand models is undeniable...and likely to accelerate in the forecasted IT spending climate.We started planting mustard seeds in the SaaS community two years ago - it is nice to look at a snapshot now and see what we've accomplished - 130 SaaS/BPO vendors adopting Ping for internet SSO. 

My cousin the bond trader emailed today after the bailout bill failed and said the only trade left was to HOARD.

The situation is truly confounding. In principal, I'm against the federal government taking crap assets off the financial services companies (and paying a premium to do it). I am also leery of Republican scare tactics and the way they use doomsday scenarios to push legislation. I am also confident that if there was a reasonable solution to the crisis - it would not be sourced out of the W administration. Add it all up and it leaves me in the same camp with the ... House Republicans - WTF?!?.How did I end up there?

Net/net: Hoarding may not be such a bad call.

I think the underlying dynamic that is coming to bear is the steady increase in income inequality in the US - which has been a persistent trend over the last 30-40 years. Check the Gini Index 1913-2004



People in society at large can sense the inequality gap and so broad political support for a bill like the banking bailout is non-existent.

Another interesting historical  chart to look at is Total Debt to GDP ratio 1920 to Present:

So you can see that as inequality rises - so does total debt i.e. I want to live like Paris Hilton but I don't have the cash so I'll borrow to pay for my day spa/SUV/vacation in Vegas/McMansion etc. etc.. This debtor consumerist posture coincides with low interest rates, pick your payment loans, NINJA loans - the predatory lending all feeds on the rise in inequality and voila massive financial crisis.

If you look at those two charts and extrapolate forward- based on the fact that the former highs in both charts occurred at the start of the Great Depression - you can see hoarding is not a bad call.

Or maybe personally bailing out and moving the family to New Zealand - but then they have big earthquakes there...