Stop acting like a startup, Google

The company lacks the discipline and forethought to control its own strength, and its mistakes have far-reaching consequences

If Google were a literary character, it would be Lenny from John Steinbeck's "Of Mice and Men." Lenny is a mountain of a man and a tireless, impressive worker with a heart of gold. He's always intent on doing the right thing (that is, "doing no evil"). Unfortunately, he lacks discipline and forethought. Unable to control his own strength, he leaves a wake of destruction in his path -- scaring women, hurting men, killing small animals, and ultimately (spoiler alert!) murdering a young woman. As a result, he and his companion are frequently on the lam and losing jobs. Ultimately, his inability to control his own strength leads to his own undoing.

Similarly, Google is a technological powerhouse, capable of going toe to toe with some of most prominent tech companies on the planet. Much of its success can be attributed to the company's startup-like culture, in which employees are empowered and urged to try new things, seemingly less fettered by red tape than you might find at companies like Oracle or IBM.

The trade-off, though, appears to be insufficient internal checks and balances to prevent the powerhouse that is Google from inadvertently doing damage to its customers, its partners, and itself as it wields its might.

The latest example of Google's accidentally causing some damage -- this time, directly to itself -- is the company wrongly asserting in various forums, including court filings, that its Google Apps for Government suite is FISMA certified. Google will tell you that from a technical standpoint, Google Apps for Government indeed meets FISMA certification in that it's built on Google Apps, which is FISMA certified. Google has also said it has taken steps to make the government-tailored suite even more secure and government-friendly.

The problem is that Google Apps for Document is not officially FISMA certified, arguably a bureaucratic fine point that could be rectified once the paperwork goes through the proper channels. Unfortunately, Google seemingly lacked the patience or the discipline to hold off making its claim. Some sort of internal check-and-balance procedure -- say, an internal requirement to see proof of certification before it can be touted on the Google website, in a Google blog, in Google marketing materials, or in any other format -- might have kept Google from facing this little PR nightmare.

Worse yet, if this sort of mistake can slip through the cracks, can a potential Google client feel fully confident that the company's other claims are accurate? This mishap, innocent and accidental as it may have been, saps Google's credibility.

This isn't the first instance of Google making a mistake that might have been caught by a more disciplined company that better grasped the ramifications of its actions. For example, remember the uproar Google caused after it collected chunks of user Wi-Fi data around the world as it gathered images for Google Maps? The company claimed ignorance and mortification and apologized profusely for the oversight, but critics would still like to know how the company could have allowed for that to happen in the first place. Some kind of check and balance -- periodic analysis of what's sitting in its vast stores of data, perhaps -- might have prevented the various investigations and lawsuits, not to mention and the drop in faith in Google.

Then there was the whole Buzz debacle: Google introduced a social blogging network and offered Gmail users the option of joining or just going to their email instead upon login. Those that choose to go to their email, thinking it meant they were opting out of Buzz, were still added to the network, resulting in some of their personal info falling into the hands of undesirable recipients, such as exes, employers, and the like. Google recently settled with the FTC to prevent this sort of incident from happening again, agreeing to adopt a comprehensive privacy program. A more disciplined company would arguably already have had a comprehensive privacy program in place that would have prevented the Buzz mess in the first place.

The bottom line here is that Google is no longer a startup company whose mistakes have no significant ramifications. Rather, it's a major player in the world of IT. Business and consumers worldwide rely on its services and products as they go about their daily lives, entrusting the company to protect their data. But Google is demonstrating over and over that perhaps it lacks the discipline to be a trusted business partner. If the company is accidentally grabbing Wi-Fi data as it collects images, what else is it accidentally collecting? If the company is accidentally forcing users into joining a new service, where else is it exposing user data? If the company is incorrectly making claims about the certifications of its software, what else is it overlooking as it tells customers about the security of its products?

This story, "Stop acting like a startup, Google," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.

Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform