Google CIO Ben Fried on How Google Works
It was the former Google employee’s first day out in the real world. He removed the enterprise security settings from his iPhone, and installed the apps he wasn’t allowed to use at the mothership: Dropbox for storage, Fantastical for his mobile calendar. Back at Google, he had tried using both, and had his account authorization wiped remotely, with an accompanying nastygram from company security operations in his inbox.
Then again, Google had paid his phone bill — that was nice. He looked forward to getting to work on his next project, using the new version control and customer feedback tools that other developers had told him about but he’d been forbidden from using in favor of internal equivalents.
The former employee attested, half joking, that one of the reasons Google had finally launched its own version of Dropbox, a.k.a. Google Drive, was because the company’s workforce had grown so large (Google now has 45,000 employees) that a document storage tool had become a necessity for getting work done internally. If Google was going to ban Dropbox and other outside products, it needed to provide its own alternative.
Sure, this particular guy might be a geeky early adopter type, but there’s an interesting interplay between the technology that Google makes to run its own business and sells to run other people’s businesses and help them be productive in their own lives.
Interviews with the company’s chief information officer, and with current and former employees, helped shed some light on the way Google works, the rules it sets, and the cool tools it has developed but never released out of the ‘Plex.
Google CIO Ben Fried, who sets policies for internal technology usage at the company, said he is driven by the potential of consumer technologies and collaboration to transform the enterprise. But he can’t just let employees mess around with consumer-grade technology.
Google wants customers to entrust their internal communication and collaboration to the cloud — the Google Cloud. The Google-endorsed way of the future is: Enabling employees to bring their own devices to work, encouraging collaboration through sharing, connecting meeting participants across distances via videoconferencing, experimenting with new tools, and trusting consumer technologies in the enterprise.
But, at the same time, Google employees themselves live in a bit of a cocoon of Google products, using mostly Android phones and tablets, with near-perfect Wi-Fi and cellular service, and with limited flexibility to try other companies’ productivity applications. It’s a privileged existence, and perhaps one that gives them less of an ability to relate to their customers and be exposed to new and exciting things.
There are very good reasons for the cocoon: Google is a huge company, with a ton of highly sensitive and confidential information about its own strategy and operations, and that of its five-million-plus Google Apps enterprise productivity suite customers. Google can’t be cavalier about security, and it can’t let its employees take too many risks. It takes time and effort to make nifty new apps appropriate for the enterprise, and someone has to oversee that.
Still, Google is living in the future, sort of. It has the single longest-running (and one of the largest) deployments of Google Apps. It talks the talk and walks the walk of bringing consumer-grade tools to the enterprise. Google is not just being nice; it believes that empowering people makes them more productive.
So, how much does Google, as an enterprise, really trust the cloud?
“The overwhelming philosophy of my organization is to empower Googlers with world-leading technology,” said Fried in a recent interview. Based in New York, Fried took the CIO role at Google five years ago, after 13 years at Morgan Stanley.
“But the important part,” Fried said, “is that we view our role as empowerment, and not standard-setting or constraining or dictating or something like that. We define our role as an IT department in helping people get their work done better than they could without us. Empowerment means allowing people to develop the ways in which they can work best.”
Where that gets interesting is in the specific examples of what Fried and his team do and don’t allow Google employees to do.
For instance: About that Dropbox ban that bothered the former employee? That’s serious.
“The important thing to understand about Dropbox,” Fried said, “is that when your users use it in a corporate context, your corporate data is being held in someone else’s data center.”
Update: Fried clarified this comment to say that Google’s concerns about apps like Dropbox are more about security than storage.
Google also restricts the machines it lets employees use. For example: Windows computers.
Dating back to early 2010, when Google disclosed that its corporate infrastructure had been subject to attacks originating in China, the company began cracking down on use of Windows machines.
That’s not to say PCs are banned — Fried said that Google employees today use “many thousands of Windows laptops and desktops.” But now, Googlers must apply to a manager to get permission to use Windows, and explain why it is important and necessary for their job. “There’s somewhat a difference between using it because it’s the only thing you know, and using it because it’s the best tool for your job,” Fried said.
The point, Fried said, was to get a better balance of types of computers used within Google, because heterogeneity would make the company less susceptible to attacks. Then, it was a mix of Windows, Mac and Linux; today, Chromebooks have been added to the mix.
“I don’t view what we did as really any different from the kinds of things that one has to do as an organization to move away from older and outdated versions of operating systems from time to time,” said Fried.
Fried said Googlers also have to ask for management permission to get licenses for Microsoft Office and iWork.
Most Google employees are offered corporate computers and corporate mobile phones, and sometimes corporate tablets. “We make the barriers pretty low,” Fried said. If they don’t want a phone from the company catalog — which contains primarily Android phones as well as a couple of feature phones — they can bring their own. “Several thousand” Google employees opt to use other devices, like iPhones. They can also ask for special permission to get a desk phone, Fried said.
When employees bring their own cellphones, Google will generally pay for cellular service. As a rule, it requires device-management software for anything that accesses Google corporate accounts.
What you’re not allowed to do is bring your own laptop.
“We still want to buy you a corporate laptop, get the benefits of our corporate discounts, and so on. But even more importantly: Control,” Fried said. “We make sure we know how secure that machine is that we know and control, when it was patched, who else is using that computer, things like that that’s really important to us. I don’t believe in BYOD when it comes to the laptop yet.”
There is one exception — Googlers can bring their own Chromebooks (not that it would be hard to find a free one on campus). That’s because they are simpler devices, and store so little information about users, Fried said.
Except for teams that explicitly test phones and mobile software, it’s rare to find Googlers who use a diversity of devices. About 50 percent of Android users aren’t on the latest version; it would be hard to imagine that many of those laggards work at Google.
Company dicta are only part of it; Googlers also love to use their fancy new phones, Gmail for both work and personal email, and Google Drive. Another former Google employee who worked on one of the company’s mobile teams until quite recently said that he personally “rebelled” by bringing in all sorts of old phones to do his job.
“It was a given that everybody would use Nexus phones because they were free to Googlers — so why would you use anything else?” he said.
For good measure, he added, “I like to say, Googlers don’t drink their own Kool-Aid; they swim in it. They dive into it and do backflips.”
This former employee said his complaints extended into software, where Google often prefers to use its own tools instead of outside equivalents. For instance, instead of using Constant Contact for sending bulk emails, or Salesforce for tracking sales relationships, Google tends to build its own alternative.
That said, Google as a company does use many outside tools. Examples include Salesforce for some tasks, the online product-management tool Smartsheet and IT-service-management software provider ServiceNow, according to a spokesperson.
“We buy a lot, we build a lot,” Fried said.
Current and former Google employees also told me that some of the best parts of Google were the tools it has built but not commercialized. For instance, Google’s Moma is an internal directory with up-to-date information on every employee’s projects. Googlers also love a travel tool called Trips that gives employees credits for buying tickets that cost less than the average flight, and they’re happy with the company’s internal problem-ticketing system.
Another example that many current and former Googlers (even the whiners) raved about was the company’s videoconferencing system.
Fried said that at the time he joined Google in 2008, the company had several thousand commercial videoconferencing units.
The next year, company leadership decided to cut itself off from these premade systems, and built its own. Called GVC, or Google Video Conferencing, it consists of a bunch of off-the-shelf parts — a touchscreen tablet that displays an integrated company calendar, one or two screens, microphones, speakers, a camera and a remote control in every conference room at the company, at its hundreds of offices.
Each system runs Chrome OS, supports Google Apps, and can host 30 different people on a call. There are more than 7,000 GVC systems in use, said Fried.
“And the thing is, when you have this capability, you really, really use it,” Fried said. So much so that Googlers wanted everyone else to be able to use it, too. So the company translated the infrastructure into the consumer product Google Hangouts when it launched Google+, in one of the most recent examples of internal technology making it into an outside product.
Fried said that on an average heavy day, like Sept. 3, the first day after Labor Day weekend, Google had 25,000 discreet videoconference meetings, with 80,000 endpoints. That’s almost double the number of people that Google employs, so it means a lot of total meetings (Googlers average three per day, Fried said). Plus, it’s counting the number of GVC systems and laptops that were used, not the number of people who were in those rooms, which was certainly higher.
Google’s most recent big internal technology operations project is something it calls Beyond Corp. It’s a way to make the company more secure by treating internal networks as if they were just as risky as the big, bad Internet. Analysts have previously labeled this technique a “zero trust network,” where all traffic is scrutinized.
Fried described Beyond Corp as an alternative to the way many large companies give their employees digital tokens and use encryption to allow them to securely tunnel into “virtual private networks.” ”It’s what comes after VPN,” he said.
“The fallacy is believing that you should actually trust any network,” Fried explained. “This idea that one network is more secure than the other was completely false, because most of the computers that were on this network were actually connecting to the Internet at some other point in the day.”
In a way, Beyond Corp is a perfect example of the CIO’s paradox of balancing control and empowerment, the old approach and the new. Fried thinks the best way to give Google employees freedom, and to allow them to work from wherever they want using whatever devices they want, is actually to ratchet down network access.
When that’s done well, it’s invisible to employees — they just log on to Beyond Corp by signing into their corporate accounts from wherever they are.
And, besides, it’s unlikely that Googlers will rally in the courtyard to “give us our Dropbox.” The question is, how, as a company, Google’s chosen set of tools affect the customers of Google products that were created in that safe, Kool-Aid-drenched cocoon.