Microsoft Exec: Google's Problems in L.A. Wouldn't Have Happened to Us

Part 1 of our two-part Q&A with Microsoft's Tom Rizzo. He talks about the cloud, Office 365's recent compliance coup, and why Google Apps wouldn't be missed if Google were to shutter it.

  • Read Part 2 of this interview here.

Microsoft received a shot across the competitive bow in the cloud computing market when Google won a government deal in Los Angeles -- a deal that Microsoft also competed directly for. Since then, Google has run into some high-profile roadblocks with the L.A. deal.

In a wide-ranging interview this month that we're running here as a Q&A, Tom Rizzo, Microsoft's senior director for online services, talked about that deal, along with a number of competitive issues surrounding Office 365.

RCP: Gartner recently endorsed Google Apps for Business as enterprise ready. Has that upped the competitive stakes, as far as you're concerned?

Rizzo: You know, the interesting thing about that Gartner report, I believe one of the 10 references listed was the city of L.A., and the LAPD has pulled out of deploying Google Apps. So I'd read through that list with a fine-toothed comb, as far as the references [are concerned]. We haven't seen it as an uptick -- we fundamentally disagree that Google is actually ready for enterprise, as you can see by folks like the city of L.A. Google loves to announce customers, but announcing and deploying are two very different things, as you saw in the city of L.A. We have not seen them making a dent in the enterprise. In fact, I'd say we're stealing more customers in SMB then they're winning in the enterprise against us. We're seeing a mass migration of folks off of Google onto the Microsoft Office 365 cloud.

Google Apps is like a footnote in Google's revenue. Like Tom Austin from Gartner predicts it at 0.5 percent of Google's revenue -- $150 million out of a multibillion-dollar company. When they talk about it, which they never do, [Google Founder and CEO] Larry Page never says, "My top five priorities, one of them is Google Apps." Google Apps is sort of the red-headed stepson of Google. I think they could kill it tomorrow and they wouldn't miss it. No one would shed a tear. It's just not a focused area for them in terms of their 97 percent of their revenue that comes from advertising.

Google Apps could be on the chopping block, who knows? It's not a huge revenue generator. Five years in market, they only have 40 million users. In one year of selling SharePoint 2010, we have 61 million licenses sold. We have eclipsed them with just one year of SharePoint. We're feeling very bullish on our competitive stance and feature set and functionality and customer base and partner ecosystem.

Frankly, one of the biggest assets we have in competing with Google is our partner ecosystem. We have 42,000 Advisor Partners for Office 365, we have close to 30 syndication partners, we have ISVs building on top of Office 365 now, building new sets of applications, we have migration partners to help people get off of IBM Lotus Notes and Google [and] move over to Office 365. We have this vast army going with us, charging at the cloud. Google can muster up 3,000 resellers, [but] we've got 42,000 Advisor Partners behind us. So we're feeling very good about our competitiveness in the space and a lot of that has to do with our channel, frankly.

With regard to the L.A. situation, it appears there was more concern about having data on the cloud, rather than anything unique to Google. In other words, if you guys had won the deal, the same thing may have happened because they want to keep their mail on premise. Do you see this as a setback [for cloud deployments]?

Let me correct that. The same thing probably wouldn't have happened to us because we have Exchange on premises, as well. So, if the city of L.A. wanted to put part of the city up in the cloud, and part of the city on prem, we wouldn't care, because we're not like Google with an IT ultimatum, where all we have is a hammer as Google, and everything is a nail, and that nail is the cloud and the browser. With us, we don't care. Put half your users in the cloud, half on prem, we don't care -- we'll connect them together. You can have a great hybrid solution between those environments. I would say that is a major differentiator for us in that we have on-premises software and cloud software that works together seamlessly.

"Google Apps is sort of the red-headed stepson of Google. I think they could kill it tomorrow and they wouldn't miss it. No one would shed a tear."

Tom Rizzo, Microsoft Senior Director for Online Services

The company just announced improved data protection and security thresholds for those concerned about compliance. What precisely has changed?

We're big believers in a comprehensive approach to security, privacy and compliance. Customers trust us with their data, their users and their business effectively. And so we are taking a leadership position in the industry by being the first and only major cloud provider to provide a number of compliance standards.

One is ISO 27001, which is an independently verified and audited security audit of our datacenters, our policies and procedures around security. A customer at any point can request our audit from us and we'll provide it to them under NDA [nondisclosure agreement] so they can see how we did on the audit. It is a rigorous security audit process by a third party. So customers can feel good that we're meeting a third party standard when it comes to security and privacy.

The second one is for customers who do business in the EU. The EU has something called the "EU Model Clauses." Think of this as the security and privacy standards for the European Union. The 27 member states of the EU got together and created this blanket sort of Model Clauses that you have to comply with. We want to step beyond being compliant with that. One of the things we realized is we don't want customers to have to go to each of the member states -- like, let's say they go to Italy or Germany or France or the U.K. or the Netherlands, or whatever -- because all of those countries are usually coming up with their own standards as well. We went as Microsoft to the member states and looked at the regulations they're coming up with and we came up with something called the "comprehensive data protection agreement," as well, so that our customers can feel comfortable they can meet the regulations of the member states of the EU. And so any customer -- small, medium and large -- can go to Office 365 and sign both the EU Model Clauses and data protection agreement with Microsoft. It's a legally binding contract between us and the customer that has penalties if we don't meet the security and privacy requirements that we set out to meet for that customer. We are the only ones that provide that.

The last one is, we are now HIPAA [Health Insurance Portability and Accountability Act] -compliant across Office 365 with our business associate agreement. So folks that work with the health care vertical -- hospitals, doctors, dentists, lawyers, billing providers, all those sorts of folks -- they can now feel confident using Office 365 and being HIPAA-compliant as part of their usage of Office 365.

What makes it HIPAA-compliant?

Part of the agreement you sign with us, we have the language of what's called the "business associate agreement," which is part of HIPAA, which is an agreement between us and you saying we meet the business associate agreement as part of the HIPAA regulations in the way that we handle your heath care data.

Next Page: Office 365 and the Patriot Act >>

It was reported that BAE Systems just cancelled plans to migrate to Office 365 because Microsoft could not guarantee data wouldn't leave Europe and because of Patriot Act concerns. Do you see that changing?

They're going with on-premises Microsoft technology. That's the beauty of our model. If you don't like what we offer in the cloud, we always have the on-premises software.

We get a lot of questions on the Patriot Act in general. The Patriot Act is not a cloud issue -- it's an issue for any business, whether you're running on premises or online. Any business that does any business in the United States can be subject to the Patriot Act. From a Microsoft standpoint, regardless of whether it's the Patriot Act or some sort of legal action against a company where they're trying to do discovery on the customer's e-mail, and that sort of stuff, as long as we legally can, we will try to connect the customer with whatever entity is requesting the data. We don't want to be the middle person in part of that. We want to say, "Law firm, you're requesting this e-mail data from us, go talk to the customer first before we provide it to you."

Now, legally binding, if we have to provide that data, we will follow the law. We're not going to break the law. Whether you're running us or IBM or Oracle or Google, or whoever, the Patriot Act has implications across the entire industry, and we're trying to be thoughtful in the way we approach this regardless of whether it's the Patriot Act or something else.

Do you see the concerns that BAE had having an impact on cloud adoption in general?

I don't. Besides the compliance stuff we talked about, we launched the Trust Center, We're big believers in transparency, so a lot of things that [were said about] BAE, the Trust Center addresses a lot of those, probably at a level that BAE would be pretty happy with. So we provide complete transparency -- where our datacenters are located, the geographic boundaries of your data, what data goes where and how it flows. We publish all these things to our Trust Center, in addition to what personnel have access to your data, why they have access, when they have access and how they get access.

We audit all of that. You can request those audit logs. We will even give you compliance updates, so if we're going to move data from the U.S. to Europe, you can sign up and say, "Notify me of any compliance updates," and we'll notify you if those compliance events actually happen.

No other vendor provides that level of transparency. It's a little bit like, as a customer, you're sitting in our datacenter working with us, through our policies and procedures. That's why we did the Trust Center. We could have kept all that information behind the iron curtain, but we said, "We have nothing to hide here, we're not selling you advertising -- you're paying us to run the service in a trustworthy way and we want to make sure you feel good that we are running it in a secure, compliant and private way." And that's why we did the Trust Center. Maybe BAE didn't have a chance to look at the Trust Center, maybe we didn't do a good job at explaining the level of transparency that we provide, but we definitely provide a ton of information on the Trust Center across the board.

There were a few well-known outages since the launch of Office 365, though they seem to have tapered off for now. Can we expect to see any meltdowns looking forward?

We take every outage seriously. We strive to meet customers' high expectations of us. We have a financially backed SLA [service-level agreement], so if at any time we don't meet the high expectations that customers have, we give you money back as part of our financially backed SLA. We are doing everything we can to make sure that we provide you the highest level we can. We would prefer to give you uptime than the financially backed SLA. So we're working our hardest to make sure that that uptime is great for our customers.

The thing is, you can never say "never" on those things. Lightning strikes, earthquakes happen and all those sorts of things. We're making sure we have the best procedures, policies and hardening of our systems of anyone in the industry, so if they do happen, we will try and minimize them as much as we can, and if we can't we'll pay you back the dollars for the impact that we've made upon you as a customer.

Microsoft is known for leveraging integrations to boost sales of two products at once. But there seem to be a few strategies emerging on the Windows Phone front. In some cases, such as the new Lync app, Microsoft submitted versions to the Apple iTunes and Android marketplaces at the same time as the Windows Phone version became available. In others, like with Xbox Live, the Windows Phone version is about a generation ahead of the version for iPhone.

How would you characterize the Office 365 team's approach to Windows Phone and the other smartphone platforms so far, and what can we expect moving forward?

We are part of the productivity division, so we want to work where people work, whether that's on the PC, the Mac, the browser, the phone, online, offline. No matter where you are, we want to make sure our technology can reach you. That's first and foremost. You see the thought leadership in the investments we're making around the mobile device support.

Now, we believe in Windows Phone, first and best if we can, but we will support other devices, as you saw with Lync around Android, Nokia, iPhone, iPad, all that good stuff. We will continue to invest in non-Windows devices based on customer feedback. I think we can see the OneNote and the Lync announcements as the first step in a multiyear, multistep process that we're going through in building for other devices beyond the Windows Phone device.

It doesn't mean we don't love Windows Phone. We love Windows Phone -- it's a great phone, it's a great platform, Office runs great on it, Lync runs great on it, all of our technologies run great on it. We will continue to invest very aggressively there, but we will also invest in other platforms as well.

See Also: