Long-time readers probably know intimately about my favoritism of Google Apps for Business over Microsoft Office 365, or similar MS Exchange services. Most of you will probably roll your eyes in a “not this subject again” manner. The truth is though, I don’t really dislike Microsoft. In fact, a large portion of my business runs on Microsoft products. If Microsoft had Office 365 when Google introduced Apps, I probably would have selected Microsoft. As it was, Google was the only (and best) game in town. When Google introduced and released Android, which is quintessentially tied to Google, imagine my joy. However, Google Apps might not be the solution for your law practice.
Recently, a reader sent me an email that expressed frustration with the Android platform and its ability to sync with Microsoft Exchange. Although the message is rather long, I think the email contains some important questions and concerns, so I’m reproducing the message in a semi-edited form for discussion:
So I have a question. Can you get Android to work well with MS Exchange? Or, do you get the same level of data security if you move your data onto an Android-based or Android-compatible system? If so, what’s that system’s server and software?
Here’s the situation. I’m a solo practitioner . . . and new to Android – recently had a chance to try out an Android based tablet by Lenovo. First I thought, “wow, cool new toy.” But then …
Then I was flabbergasted to learn that I wasn’t getting my contacts. Or most of my calendar! The Android system’s integration with MS Exchange was minimal. Google dislikes Microsoft, I know. But, really, they can’t communicate AT ALL? I’m stunned.
See, I have ALL my data on an Exchange server. This is my primary email, calendar, contacts, and task management software, and it ties in with an add-on called Credenza for all of my billing and other practice management. I run the Exchange server at a minimal cost through [a big website hosting company with Danica Patrick as a spokesperson]. It’s a great deal, really. I am not likely to want to abandon that service any time soon. But it isn’t very tablet-friendly, certainly not budget-tablet-friendly.
I had assumed that an Android device, being all phone-oriented and internet-oriented, would somehow work with [the industry standard]. Heck, my ancient Nokia 2G cellular phone gets all my contacts and calendar items correctly. I figured that when I used the Exchange-oriented email app on the Android device and accessed the proper server, the device would naturally begin to receive my Exchange-based personal information management items. But no. Much less. It only gathered in-box emails, some default-folder emails, and calendar items that had only one user, me; though not any appointments which involved collaboration or multiple user accounts. Android’s supposed Exchange utterly ignores user-created non-default folders (so, if I create an email folder and name it for a client, the Android won’t find it, and won’t find the emails in it).
And it does not even have a button for syncing contacts. It’s like they gave. Ever since Google decided to abandon MS Exchange for its Gmail and [Google Apps] systems, the sync options in an Android resident email app simply leave out the contacts for all MS Exchange connectivity. To reconnect, Google implies heavily that they want me to migrate my info over to [Google Apps]. I’d love to have access to my over 2,000 contacts, but those contacts come complete with Social Security Numbers, scans of criminal records and background checks, history of DUI arrests, notes on family relationships like whether or not granny is going to cut little Richie out of her will, all on my Exchange server. All encrypted. All encrypted at data-storage point A (the cloud server) by [the big website hosting company with Danica Patrick as a spokesperson]; and at data-storage point B (my devices) by me; and in between (by SSI encryption, etc.).
Google’s level of encryption? None. Or, more accurately: “Well, there’s a password you have to enter.” Uh … I’m not giving Google that kind of free reign with my client’s privacy. Not only would that be stupid and irrational, it would also probably break [my state's] ethical duties of confidentiality, and most other States’. Furthermore, Google announces blithely that they will comply with any subpoena for private information immediately, before informing the information’s owner about the subpoena. And even before letting the owner verify the validity of the subpoena! Hence, no opportunity to file a motion to quash that subpoena before the motion would already be moot. Amazingly, this idiotic policy has not yet cost Google ultra gazillions of dollars.
So, forgive me if I’m skeptical. This absolutely sounds like there is no way for me to use Google, therefore no way to use an Android.
How do (former) MS Exchange users get around this debacle? I kinda liked the Android operating system interface (though I’m willing to guess that most tablets are equivalently user-friendly), and some day I’m going to have to get something that fits in a blazer pocket but also is larger and more browser friendly than a peenie-weenie little cell phone.
See what I mean by great question? I’m sure others have the same anxiety, that’s why I wanted to reprint the message. Now, I’d like to tackle portions individually.
First, let me clarify some common confusions, then I’ll tackle the issue of linking MS Exchange with Android.
Google Apps for Business, which is Google’s MS Exchange-like service, is separate from Android. Android is a mobile operating system for tablets and phones. Google Apps for Business, just like a dedicated or hosted Microsoft Exchange server is an independent service/system operating as a means to organize and disseminate email messages, contact information, and keep calendaring, among other uses.
Android conveniently, because of its close affiliation with Google, syncs well with Google accounts – which are the physical incarnations of the Google Apps for Business service. Android will also sync with other accounts, such as Facebook, Twitter, and Hotmail. Quickly entering user account information allows the Android operating system to sync to the Google account servers and transfer information.
Similarly, entering one’s MS Exchange user information allows the Android operating system to tap the MS Exchange server and download the requested data. Admittedly, the native Android “email” client works poorly, but I’m actually kind of surprised with the reader’s problems. I’ve set up several Android/Exchange accounts and haven’t had a problem. Certainly, these may not be as seemingly complex as the reader’s needs, but nonetheless, the sync worked fine. I suspect the reader checked out this site from the hosting company, which outlines the Exchange/Android connection procedures. I would also check out this site. Remember too, you can adjust the settings for what information gets synced.
The trial version (30 days use) of the app is free, but a fully unlocked version will set you back $19.99. Yes, that sucks. Remember though, this is Google, not Microsoft, and they want you using Google products. Still, I haven’t seen any complaints from Exchange users on TouchDown, and its ability to sync information.
Now, let’s tackle the issue of Google Apps for Business and security. A big challenge for the reader, and others, is the seemingly non-existent security on Android devices and in Google Apps for Business.
I’m assuming the reader means the actual cloud server and not the Android device when stating, “Google’s level of encryption? None. Or, more accurately: ‘Well, there’s a password you have to enter.’” All the same, let me dispel any device security concerns quickly.
First, any attorney using an Android device must ensure there is some sort of lock screen security in place. Android offers a number of ways to lock your screen, arranged from least security to greatest security.
I prefer to use a password or pattern (for convenience). To set up lock screen security, go to Settings > Security > Screen lock, and select the appropriate setting. I use NFC Secure to lock my device, and aside from constantly having to locate an NFC unlock tab, I’m satisfied with the security in place. Incidentaly, if you’re going to set a password, make sure it’s a passphrase, which is easy to remember but significantly more difficult to guess.
Now, we can address the security risks of using Google Apps.
First, while password protection is one method of security information on Google’s servers, the Google Apps system also offers two-step authentication. If you’re not familiar with two-step authentication, you should be.
Quite simply, two-step authentication requires you to enter a password to access your system (i.e. Gmail, Google Calendar, Contacts), and also to enter a specific code, sent to a predetermined device, such as a cell phone. Therefore, unless you have both, you cannot access the system.
Case in point: I had a hearing at the courthouse and my client did not appear. I went to call my client and realized I left my cell phone (with my client’s information) in the car. “No problem,” I thought, “I’ll use a computer in the county law library to access my Google Contacts.” As I entered my password into the Google Apps system, a “please enter the code” message promptly granted me the realization I was in big trouble. No access. I couldn’t enter the code sent to my phone without leaving the courthouse, walking to my car, and retrieving my device.
Similarly, anyone wanting to access and use the information would have a difficult time without the two combined.
Google Apps for Business also has an Android app, Google Apps Device Policy (free), which will enforce your Google Apps security measures on your Android phone or tablet. The app also offers the ability to wipe a device’s data, locate a missing device, or send an alert signal, through the My Devices page.
Google Apps for Business also features the highest security standards by way of encryption.
For legal reasons
We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
— meet any applicable law, regulation, legal process or enforceable governmental request.
— enforce applicable Terms of Service, including investigation of potential violations.
— detect, prevent, or otherwise address fraud, security or technical issues.
— protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.
Don’t think for a moment that the big website hosting company with Danica Patrick as a spokesperson would react any differently. Also, don’t forget about the Electronic Communications Privacy Act (and here), which restricts transmission of certain data and information.
If you still have doubts about the feasibility of Google Apps for Business, check out this law firm’s point of view. Incidentally, you might check out this article by Carole Levitt and Mark Rosch, on the Google-Powered Law Office. For your information (perhaps this is a spoiler too), Mark is working on a book about Google Apps, which will have some of my comments. I’m very excited.
Of course, if you want to easily integrate between Android and your contacts/email/calendar, you’ll want to switch to Google Apps for Business.