Yesterday I blogged about my concerns with a free Google Apps extension that required the very scary googleapis.com/auth/drive permission. When you give a Google Apps extension this permission, it can read, write, or delete any documents you have access to in Google Drive.
I inquired why the extension needed so much authorization, and the developer replied quickly. He agreed! The permission was only required for a specific feature that didn’t seem super important for the free version. So he removed the feature and permission requirement. In less than 24 hours!
Three take-aways for me:
Use your brain when giving an app or website permission to access your information in the cloud. Why do they need the authorization they are requesting? This is particularly true when using Facebook or Google+ to login to other sites.
Push back, you never know when you’ll find somebody reasonable on the other end. Or maybe you will learn more about why the authorization is necessary.
Definitely try ProjectSheet Planning from forScale and support reasonable developers who understand cloud security concerns.
Now I’m happy and can white list the extension for my company to use.
I’m a big advocate of cloud data security. Cloud service providers are, in general, better at security than their customers. So your data is safer in the cloud than it is on your local machine or network.
However, it doesn’t feel that way, does it? Yesterday a colleague showed me a cool plug-in for Google Sheets that creates simple GANTT charts using spreadsheet data. When I installed the plug-in, it prompted me for the permissions it needed to function. Take a look at the list on the right (click to enlarge).
Know who you are on Google
View your email address
View and manage spreadsheets that this application has been installed in.
View and manage the files in your Google Drive
View and manage data associated with the application
Allow this application to run when you are not present
Connect to an external service
Numbers 1 to 3 are not a big deal to me. I’m happy to have this plug-in work on the files where I use it. Number 4 is scary: this plug-in can look at ALL my google drive files. Number 6 and 7 make it even scarier: this thing can run whenever it wants and connect to an external service.
This plug-in appears fine today. But tomorrow, an evil developer could change their software without telling anyone. The software could start to scan any of my Google Drive documents and send that data to an external service.
I’m going to do more research on these permissions and see if my concerns are real or just cloud paranoia. Stay tuned.
My filter for startup ideas typically revolves around the Pragmatic Marketing dogma. There are 3 critical hurdles a new idea needs to clear.
The problem I’m going to solve is pervasive in an industry. Lots of people have the problem and can quickly realize it as a problem if approached with my solution.
The problem is urgent. Solving it provides immediate benefit. Waiting to solve it is a real threat to the customer’s business.
The customer is willing to pay. This is where my buddy and I fell down last time. We created a great productivity tool and everyone agreed on the benefits, but it had a “should be a free app” feel.
ContactBlast missed on #2: solving the problem of contracting efficiency wasn’t urgent. The benefit would be realized over the long term, but that meant a longer sales cycles and greater commitment from customers.
Using the Pragmatic filters can sound discouraging for entrepreneurs, but I find it the opposite. The filters keep me refining my ideas until they meet all 3 conditions, and that can save a huge amount of time, money and energy.
I’ve been working with Salesforce.com since 2005 and I’ve made a few eyebrow raising comparisons over the years…
Salesforce is like Microsoft Access on the web. It lets IT Admins create applications that scale.
Salesforce is the least powerful, most expensive on-demand platform in the world.
Here is the crazy part. I meant it all as a compliment! Salesforce figured out early on that regular business people, not software engineers, are the ones who know their business best. Giving non-developers the ability to customize or even create applications is worth a lot to a profitable company. Hence Salesforce costs more in every dimension (per user, per GB, etc.) than other platforms.
Wait, not every dimension. I’m betting that total cost of ownership (TCO) is lower on most Salesforce.com apps. If you’ve got a problem that fits the Salesforce UI paradigm, then it definitely saves money over Amazon or Google App Engine.
The most recent example is Salesforce rolling out Lightning (Aura framework) capabilities with a super secure container configuration called LockerService. This is great news because it prevents less skilled developers from accidentally creating security holes.
So when comparing TCO for on-demand platforms, make sure you are taking into account security, implementation, and support costs. You’ll be surprised how cost effective Access for the Web can be.