You catch 'em, we kill 'em

Penny wise, Pound Foolish - The Google Trap.

, posted: 27-May-2015 15:58

I've been thinking - which is never a safe thing to do if you are me, about the saying, "Penny wise - pound foolish." and it's applicability to business. I've mostly been thinking about this in relation to software and cloud services.

Over the last few years the growing awareness of Open Source Software by the general populous and the impact of free services from the Internet has changed peoples' expectations of pricing for services. For example when trying to talk to clients about online backups the most common response is "Dropbox is free and holds all the data I need. Why would I pay for online backups?". Other common responses include, "Google mail is free", "My ISP provides email for free" and my favourite - "Oh I will just use AVG free."

Short term I have to agree - why would you pay for something that you can get for free - but long term the costs of free software are much much higher. Here is an example that immediately springs to mind.

A client of mine, lets call them Bob The Builder, was using Google apps for their email. Their email accounts looked good - - with no trace of that @gmail non professional look some businesses adopt, the calenders synched - most of the time - and all was going well. Well all was going well until it wasn't.

A sub contractor, who also used gmail, sent through a Drop box link to a file. Usual process, nothing suspicious except the email was from a virused PC (can anyone spell AVG?). The link lead to a "drop box download link" and my client put in their drop box authentication details. Unfortunately it didn't work but "Drop box" is now kindly allowing people to sign in using their Google accounts - which would make it easier in the future,  so do you want to use those credentials to log in. Yes please - sign here - and off you go.

As you have guessed, the link was a phishing attack and my clients admin person had now provided access to their Drop box credentials and one of their Google hosted email accounts. The cracker went to town.

To cut a long story short Google closed down their accounts and referred all the accounts for to talk to their Google apps admin person to get re-logged in. That would have all been fine and dandy had Google not also cut off access to their admin accounts.

So why did this cost them a lot of money? Why didn't they just contact Google and get logged back in? I'll answer that in two parts.

1 - You cant contact Google support if you cant log into your admin accounts - end of story. Google has no help process in place to contact you proactively or to let you contact them. Email, online chat, phone numbers and web forms are all non-available until you can log into Google. Why? Because Google doesn't want to triage millions of calls a day otherwise their free / very cheap / amazingly in-expensive offerings would have to take a price hike. Cheap price - very cheap service.

2 - The true cost of free / cheap services cannot be measured solely by the price you pay over the counter to access these services. The true cost needs to be weighed up as part of risk analysis, including:
  • Downtime - What will it cost me if the service dies
  • Robustness - Is it fit for purpose - can I handle downtime, slowness, failures and outages?
  • Data Safety - Is my data safe from loss. Who sees it? Who can access it? Who owns it? How is it used? Can I delete it permanently.
  • Accountability - Support - Who can I talk to if it goes wrong and how much will that cost?
  • Impact - What exactly is my exposure if this software or service fails. how long / how much will it take to recover.
  • Trust - Who is on the other side of the service or software? Do I trust them and more importantly am I prepared to have them inside my firewall and with access to my stuff?
  • Motive - Why is this free? Something is rarely for nothing. What does the other side get out of this?
  • Longevity - Free or cheap is not a good business model - how will my supplier survive and what happens if they don't.

For this has been an expensive few days. They still have no access to their lost emails. Email was coming in and not giving an undeliverable error message so clients thought it was all steam ahead. Deliveries are not being made, Scoop and the gang are being paid for standing around with their metaphorical hands in their pockets and huge amounts of energy are being expended to get information to and from clients / suppliers / workers and subbies.

In total this means workers were getting paid to do less, contracts were sliding and new work / opportunities were being missed. That's thousands of dollars of loss.

Direct costs have got higher as well. The email is now transferred to a new server (NZ based with someone you can visit their site and yell at them if needs be). Their IT people have added to the bill sorting out the mess, hours have been paid for trying to get through to Google, there is new hosting, new DNS, new mail system set up, recovery of missing emails, tracking of missed opportunity and reshuffling of google docs, google mail, calendars and other services to do. That's hours and hours = dollars.

Hopefully the direct costs are money well spent but the time wasted on wading through the damage is gone forever. Without some creative IT ingenuity, a couple of DNS hacks and a can do local team, the ripple of damage would still be widening. It's not - Bob was lucky, he had invested in some excellent IT people. They cost a bit (not too much but more than Google) but I cant help thinking that maybe they are actually cheaper in the long run.

In summary:

Businesses are risk adverse - and risk is measured in dollars. If businesses were truly wise, they would do more than look at the 'penny wise' investment, but consider their true exposure and not be 'pound foolish'. 

Three old fashioned pieces of advice to finish with

  • Most short cuts aren't
  • If something is too good to be true, it probably isn't
  • Free very rarely is.

Next time - Don't sell your clients short - never sell on a price proposition.

Other related posts:
Cloud services = bad for business
Modern Web Trends = Bad business

nunz's profile

Shane Hollis
New Zealand

Shane started Virusbusters twelve years ago to provide fixed price IT support for home users.

Daily battles through the world of viruses, spammers and other malware has left an indelible impression on him so he decided to try to give back some of the help he has received over time.

Hopefully crazy ideas, virus removal tips and other help can be found in this new blog. who knows, it might even be worth reading one day.