Can Google be trusted?

Stefan asked the following question earlier today: “I couldn’t imagine keeping my company’s internal/confidential information on Google’s servers. What are your reasons for not caring about this?”

I do care about confidentiality of our internal information. On the other hand I don’t see a big difference between keeping the files securely on our internal servers or with a service provider. In the first case I trust our IT staff not to leave any doors open for hackers or any other intrusion and in the second case I trust Google to deliver the service as specified in the Service Level Agreement. I also read carefully the Google Apps security whitepaper.

But even if our internal systems are completely secure it doesn’t prevent information leaks. Here are some Systinet examples:

– within five years of Systinet existence we had more than six notebooks full of confidential information stolen
– most of our internal emails were exchanged at some point with partners, legal counsels and external consultants over unsecured network
– we pitched our business plan and financial information to several VCs who ended up funding competing startups
– the first Systinet CTO came from a large computer company and even bigger software company claimed that our internal emails contain important information relevant to a lawsuit between these two giants. So we ended up printing most of our internal emails and delivering them on a silver plate to our biggest competitors…

PS. Stefan’s comment is for some strange reason half blocked by Blogger/Google (see the link). Is it intentional? Can Google really be trusted?