Collaboration and Content Strategies Blog

Blogger: Guy Creese

Um, that was another Google oopsie on July 7. After all the brouhaha about Google Apps Standard Edition going away, it turns out it isn't. The TechCrunch article has an update stating, "A Google spokesperson says, 'In experimenting with a number of different landing page layouts, the link to Standard Edition was inadvertently dropped from one of the variations. We are in the process of restoring it and you should see it soon. We have no intention of eliminating Google Apps Standard Edition, and are sorry for the confusion.'"

So take yesterday's post and turn it upside down. The Enterprise Division continues to be a hobby at Google: it's subsidized by ad revenue rather than standing on its own two feet. Bummer. I thought Google had finally seen the way to serving enterprises. Oopsie on my part. 

Blogger: Craig Roth

Oracle's analyst summit in mid-June provided a good look at their plans for Fusion Middleware 11g and WebCenter (released July 1st for download; see summary of features here).  Now that we're out of non-disclosure mode (and into "please disclose!" mode) I'd like to share my high-level impressions.  They covered a ton of stuff, but my view is biased towards my coverage area of portals with connections to search, productivity, and collaboration. Other Burton Group analysts were also in attendance from our Identity and Privacy Strategies team and our Application Platform Strategies team (see Anne Thomas Manes' thoughts here).

First, although Oracle owns 4 portal products, all the portal-related time was spent on WebCenter. Sure, other portals were mentioned in bullets as examples of how they can plug in (or consume WebCenter's social software), but it was clear WebCenter is the leading actor here (and supporting actor in the stories of the SOA, identity, and enterprise application teams). This confirms what I (and Oracle) has been saying: that WebCenter is the primary portal and that the other 3 (Oracle Portal, WebLogic Portal, and WebCenter Interaction née Plumtree) will be supported and have their die-hard fans but will not be best for new portal projects.

It was helpful to hear Oracle frame its collaboration/portal/search/productivity/social software ambitions in relation to Microsoft SharePoint.  For all its plusses and minuses, SharePoint provides a common point of reference against which to measure.  They described how they line up with SharePoint as an alternative, can coexist with it, and where they surpass it.  This is what IBM should have done with Quickr+Connections at Lotusphere.

As with SharePoint, WebCenter provides an impressive set of functions in one box. There is often better integration between WebCenter and other Oracle assets (like their applications and development tools) than Microsoft where other groups can sometimes get away with ignoring what the SharePoint and Office group does.

There are numerous SharePoint analogies in WebCenter.  From conversations with the execs there I found that some are intentional and in other cases they say SharePoint copied them (well, copied AquaLogic User Interaction)!

• Business Dictionary as a role based catalog of information assets. Seems like SharePoint's Business Data Catalog.  This should be an interesting battle since SharePoint's BDC is clearly a version 1.0 work-in-progress and Oracle has a lot of expertise to bring here being a database company at heart.
• Federated search. 'Nuff said.
• Office integration. Clients I speak with expect Microsoft will always have the best Office integration, but there are cases where Microsoft's internal silos or some good ideas can expose openings.  Oracle showed a nice Word sidebar for document management that had people, versions, etc.
• Slide sorter. This was a neat feature that SharePoint offered, but Oracle's version seems to leapfrog it. They demoed picking all the slides for a sales deck. Oracle calls this a "folio" or compound document. Oracle acquired a neat little company called "Outside In" that has sophisticated filters for productivity files.  Blending this into Web Center can provide for some good Office integration.

Oracle did a fine job of acknowledging the need to work with SharePoint and others.  But the meat boils down to their WSRP producer running on .NET, selective metadata consumption, and Ensemble (a reverse proxy solution).  Hopefully this gets beefed up with more programmatic integration, discovery tools, and guidance so it requires less reliance on WSRP.

Of all the competitors, WebCenter is the newest architecture from the ground up.  Being the youngest has its advantages.  Since WebCenter is newly architected it feels like it more seamlessly integrates new concepts like tagging, linking, social connections, and REST services than IBM and MSFT where it's more bolted on. So they're better at utilizing these features across the suite that Microsoft and a little bit better than IBM.

But will Oracle - the whole company - give WebCenter the resources it needs to win the marketplace(not just the resources required to be a good and useful product)?  In the Q&A session, Oracle President Charles Phillips said there are "No plans to have middleware broken out in reporting. We have lots of product lines, we're getting more with Sun... " This hits at the perennial knock on Oracle's efforts around knowledge infrastructure - lack of push and commitment.  Oracle did talk about how much revenue Fusion pulled in, the growth rate, penetration, etc.  That would indicate the company would have to care.  But still, Microsoft manages to report on four breakouts (Client, Server and Tools, Online Services Business, Microsoft Business Division, Entertainment and Devices Division).  Oracle sticks to two (Applications, Database and Middleware).  Sun will add at least one more (servers and hardware).  If Oracle is dedicated to the enormous space between enterprise apps and the database, breaking out middleware from the database would be a great way to track and prove this commitment.

Blogger: Craig Roth

A bunch of quick news hits from Google:

Google's CEO Eric Schmidt was interviewed on NPR yesterday where he was asked about privacy.

Mr. Schmidt said:

our company makes a commitment to people to respect people's privacy and their personal information because it's central to the trust that we have with end users ... I don't think anyone wants everything revealed. That's why we have doors and shades and so forth.

But Google didn't seem to care too much about privacy last year when it latched onto a common legal chiche to claim full license (just to promote its services) to anything people submit or even display on Google's sites. Or when it added an "incognito mode" to Chrome to protect your privacy, but also added a unique id buried in each browser as described in Google's privacy notice for Chrome.

And Google's belief in security-through-obscurity hampers its principled standpoint on privacy.  When people granted access to a shared doc in Google Apps can find older versions of the doc's attachments just by knowing the URL, that's not protecting privacy. Presciently, a commenter on the TechCrunch blog said “Doesn’t beta imply 'This thing is buggy. Use it at your own risk?"  That leads to the next bit of news ...

Google finally took the "beta" tag off some of their most popular webware, such as Gmail, according to the Google OS blog.

As the commenter I mention above demonstrates, many (most?) people assume beta = buggy.  Or, from the vendor's point of view, the right to dismiss bugs by saying "well, it's beta!"  As a former commercial software developer, I can attest that my publisher considered beta to be more about the number of bugs in the system, not features.  The GA version of software was about the same as the beta, but it reliably worked. 

In the Gmail blog, Keith Coleman, Gmail's Product Director, performs the artful dodge.  He asks the correct question "why Google keeps its products in beta for so long".  He then evades answering it with a bunch of "some say", "some people thought", "others said that" statements, then jumps to "The end result (many visible and invisible changes later) is that today, beta is a thing of the past. Not just for Gmail, but for all of Google Apps — Gmail, Calendar, Docs, and Talk."  Thanks, Keith, for telling me how people not in charge of Gmail would answer the question, but "some say" your answer is the one we're looking for. 

Mr. Coleman points to a set of great features they've added, as if to say "we must have awfully high standards if all these features are needed to get past beta".  But a product generally comes out of beta when it has the basic administrative features needed to make it usable and a high level of reliability. 

I think Mr. Coleman's real answer that others said for him is that "over the last five years, a beta culture has grown around web apps, such that the very meaning of 'beta' is debatable."  If the term beta is now useless, that seems to be an argument not to use it rather than to throw it on everything for years.  Just standing behind your product is better than trying to redefine a term to make it meaningless.

Free version of Google Apps gets buried, then emerges

The Google OS blog jokes (?) that "the free edition, ... is still available, despite Google's efforts to make it more difficult to find".  After TechCrunch reported on Google Apps Standard Edition (GASE) being buried, it partially resurfaced.  There's now a link to GASE, but without the key word "free" or a comparison of features.  So it's there, but a bit obscured. This fuels speculation that there's a split inside Google regarding whether the free version of Google Apps should be pushed, hidden, or hobbled.  I suspect wiser minds will prevail and the free version will emerge into the full daylight again. 

Google launches an operating system

I'm saving the best for last here.  This is the most interesting of the recent spurt of news hits from Google.  As many suspected (and Google openly acknowledged) when the Chrome browser was released, their intent was to create a platform for web applications to run on more than a place to browse web pages. 

Now Google has announced the Google Chrome Operating System, targeted at lightweight devices like netbooks.  Indeed, targeting heftier PCs would ruin the point of the venture, which is to say you don't need local storage and processing when the cloud is there to serve you. 

The OS won't be ready until 2010 (does that mean beta in 2010, which means GA in 2017?).  I'm interested to see it.  The lesson Microsoft has learned about operating systems on small devices is that you can't start with a full-scale OS and start trimming - you have to start fresh and build the OS for light weight from the ground up.  There's a lot of room for improvement in lightweight OS and Google is in a good position to rethink the problem with web apps in mind.  But please - don't make it advertising funded!  Sidebars and popups with ads on some web sites I can live with, but not on my desktop.  And the issues behind the news items above - beta (buggy) software, privacy, pricing model consistency - become even more important with an operating system.  Google will have to form a companywide consensus to these 3 issues before plowing into the OS biz.

Blogger: Guy Creese

Google made a splash yesterday by burying the sign-up hyperlink to Google Apps Standard Edition (free) and pointing people instead to the $50/user/year version: Google Apps Premier Edition. The title of TechCrunch's article about the move ("What The Hell Happened to the Free Version of Google Apps?") hints at the general reaction. Several commenters said they felt that Google was violating its "Don't be evil" mantra with this move.

At a superficial level, this is about Google's plowing ahead with a different pricing strategy, leaving some miffed users and prospects in its wake. However, at a deeper level, this announcement signals a major organizational change at Google.

Think about it. Google has been following this dual pricing strategy for 2.5 years--it could have easily kept on a steady course. Why did it change? My guess is that upper management told the Enterprise Division that it would have to start paying its own way--it could no longer live off of ad subsidies.

In other words, this is Google saying, "Let's figure out if we have a viable business here: let's stop treating Google Apps like a lark and get serious." (A hint of the "get serious" attitude is that yesterday Google also removed the beta status from Google Apps.) If the supposition that the Enterprise Division is being told it has to stand on its own two feet is correct, that implies something else: that the Enterprise Division will be able to call its own shots. With its own money coming in, it will be able to develop the apps it needs, rather than making do with hand-me-downs (such as Google Apps) from the consumer side of the house.

In my view, the Enterprise Division has been sort of hamstrung by being a hobby at Google. (Not completely hamstrung--the Google Search Appliance, derived from Google's web search expertise, has been a big hit and a money-maker. However, Google Apps hasn't taken off with enterprises because Google hasn't made the necessary feature changes that enterprises need.) Living or dying based on paying customers will concentrate the mind of the Enterprise Division wonderfully, and that will be good for enterprises. 

Blogger: Larry Cannell

A few months ago I asked readers of this blog: “Is Enterprise Search Ripe for Open Source Disruption?” This marked the start of my interest in the intersection of these two intriguing topics: open source and search.

Since then Burton Group published a report I authored entitled “Open Source Search: Bringing Enterprise Search Out into the Open.” Here is an excerpt from the opening paragraphs:

‘It has been over ten years since “open source” was first used to describe what was previously called “free software.” Early detractors of open source software pointed to potential risks and claimed only commercial vendors could produce high quality software. However, leading open source development communities quietly moved forward with a sometimes slow, but disciplined, progression of releases to the point at which the quality and robustness of these offerings is no longer easily questioned or challenged.

‘While popular open source projects like the Linux operating system, the Apache Web Server, and the MySQL database were capturing headlines, open source projects that tackle the problem of searching large quantities of content (e.g., Apache Lucene, which provides a high-quality Java search library) have become the basis for search capabilities provided by thousands of Internet sites and many software products. Like popular open source products that have come before, open source search is finding its way into enterprise computing environments by first earning its stripes through successful implementations on the Internet—an ultra-competitive environment where a search-based user experience can be the difference between success and failure.’

I also had the pleasure of moderating a lively panel discussion (that was also titled “Is Enterprise Search Ripe for Open Source Disruption?”) at the Enterprise 2.0 Conference two weeks ago. Participating on the panel were:

• Jerome Pesenti, Chief Scientist and Co-Founder, Vivisimo
• Marc Krellenstein, Chief Technology Officer, Lucid Imagination
• Sid Probstein, Chief Technology Officer, Attivio
• Stephen “The Search Guy” Green, Senior Staff Engineer, Sun Microsystems Laboratories

Jerome Pesenti put up a good fight and provided the strongest opposition to the idea that open source was ready for enterprise use. Marc Krellenstein, as expected, was the most vocal proponent for open source. In addition, Sid Probstein and Stephen Green contributed their unique perspectives. Sid’s company, Attivio, uses Lucene in their product. Stephen Green is the author of an open source search engine called Minion. Although, somewhat contentious (and loud) at times, the conversation highlighted many of the opportunities and concerns with using open source for enterprise search.

For those of you attending the Burton Group Catalyst Conference later this month, be sure to sit in on the session “Open Source Search: Good Stuff Cheap (With a Few Caveats)” where I will be providing an overview of the topic and discussing the open source products Lucene, Solr, Nutch, Xapian, Flax, OpenPipeline, and SMILA.

There's still time to register for our telebriefing tomorrow with replay and live Q&A on Wednesday.  Anyone facing budget concerns or trying to avoid them in the future with regard to communication, collaboration, and content technology will find this telebriefing valuable.

Here's the details:

7/7/2009 at 2:00 PM EDT / 11:00 AM PDT / 18:00 UTC/GMT / 20:00 CEST

OR

7/8/2009 at 9:00 AM EDT / 6:00 AM PDT / 13:00 UTC/GMT / 15:00 CEST

The Burton Group Guide to Saving Money On Communication, Collaboration, and Content Technology

07 Jul 2009 2:00 PM ET -- With the economy in recession, enterprise IT departments face pressure to trim their budgets and abandon some of what they wanted to accomplish. Cost cutting has a particularly hard impact on teams that are maintaining or seeking additional investments in communication, collaboration, and content management (3C) technology, given that their contributions to the bottom line are often indirect while their costs are easily quantifiable. This TeleBriefing with analysts Larry Cannell, Guy Creese, Bill Pray, and Craig Roth will describe where cost savings can be found with existing 3C infrastructure as well as how to meet new 3C needs with tighter budgets.

Clients can register for the telebriefing here.

Blogger: Bill Pray

Scott Adams, the creator of Dilbert, blogged about his interesting view on calendars as a filter:

“Moreover, I think the family calendar is the organizing principle into which all external information should flow. I want the kids' school schedules for sports and plays and even lunch choices to automatically flow into the home calendar. And when I want to decide what to do on the weekend, I want to click on the date for next Saturday and have all the relevant choices of plays, movies, and events pop up.

Everything you do has a time dimension. If you are looking for a new home, the open houses are on certain dates, and certain houses that fit your needs are open at certain times. If you are shopping for some particular good, you often need to know the store hours. Your calendar needs to know your shopping list and preferences so it can suggest good times to do certain things.

Time is closely related to distance. On a typical night, for a typical family, there is much driving to and fro to deliver people and goods to where they need to be. Sometimes it is more complicated than a Fedex route. It would be nice if the family calendar helped us plan the shortest routes to accomplish all goals. The calendar just needs to know what I need and when, then plan which family member with a car is nearest.”

While his view is focused on consumer market needs, his idea has some real promise for the enterprise. As I blogged about a few weeks ago, time is money for enterprises. The core idea involves changing from treating calendar and scheduling as data created and stored (the wall calendar turned electronic), to data that is relational and utilized in workflows. For example, think about how project management in an enterprise could be taken to the next level using Scott’s ideas of taking the calendar information and using it as a filter to pull internal and external resources into projects at needed points along the timeline. Marketing event planners could maximize their efforts in a similar manner.

Scott’s assertion is:

“I think the biggest software revolution of the future is that the calendar will be the organizing filter for most of the information flowing into your life. You think you are bombarded with too much information every day, but in reality it is just the timing of the information that is wrong. Once the calendar becomes the organizing paradigm and filter, it won't seem as if there is so much.”

While I am not sure that it will be the biggest software revolution, I concur that there is a significant opportunity for innovation for collaboration software vendors and service providers.

Blogger: Mike Gotta

Bill Ives (Portals and KM) provided a write-up of the workshop delivered in Boston last week. I've read his blog for some time as well and it was nice to meet Bill and many others in the E2.0 social circle at the conference. I'll get around to some thoughts on E2.0 event itself soon but wanted to share Bill's summary and remind folks that it's still not too late to sign-up for Burton Group's Catalyst conference in San Diego July 27-31. If you heard good things about the social networking workshop (described below), I will be repeating the session on Tuesday morning, July 28th (so why not register and attend?). If you heard less-than-good things about the workshop, then let me know so I can make corrections! Feedback is appreciated either way...

Social networking promises to address an array challenges and opportunities within the enterprise such as bridging generational shifts in the workforce, facilitating collaboration and community building, and supporting strategic talent initiatives. Despite these potential benefits, a number of organizations moving forward with enterprise social networking projects experience a noticeable level of uncertainty. The road to success is complex. Project teams need to overcome the perception that social tools and applications are not a critical investment. Common issues proponents of social networking face include: establishing the business case, acquiring funding, determining metrics, developing governance policies, and addressing security concerns. In addition, strategists need to anticipate how best to handle cultural issues and adoption barriers that will emerge over the course of social networking projects.

In the fall of 2008, Burton Group conducted a series of in-depth interviews with 65 business and IT personnel representing 21 organizations to gain greater insight on enterprise social networking. These unguided discussions captured a variety of real-life stories, emerging best practices and common barriers confronting social networking project teams. Indeed, analysis of the study data reveals a repeating pattern of 15 critical issues organizations will likely encounter as the move forward with their internal social networking initiatives. This workshop provides an interactive forum for people to learn more about what other organizations are doing - their challenges - their successes - as well as their pain-points. Q&A time will be set aside after each module. The workshop will end with a general summation, updates on market trends, and address any remaining audience concerns.

Who Should Attend

• Business and IT staff whose job responsibility involves the following: innovation, talent management, collaboration, knowledge management, or community-building
• Corporate communications and HR staff involved in employee engagement strategies, learning, and strategic talent initiatives
• Social networking project teams who wish to learn more about business and cultural barriers, employee profiles, expertise location, community seeding tactics, and adoption strategies
• Business or IT executives and managers with responsibility for creating, sponsoring, or implementing social networking initiatives
• Strategists who would like to expand their knowledge of social networking trends

You Will Learn

• What are the critical issues confronting social networking project teams, and how organizations are responding to those challenges and opportunities
• How project teams are dealing with the business case for enterprise social networking, including concerns over ROI and metrics
• What cultural issues do social networking projects tend to surface, and how did organizations in the study address legal, HR, compliance and security considerations
• What difficulties project teams will likely encounter as they try to convince employees to adopt social networking platforms (e.g., profiles), and what adoption tactics were used to jumpstart participation (e.g., expertise location, communities)
• How interviewees felt their IT organizations were handling the topic of social networking, along with high-level impressions from participants regarding their experiences with different tools (e.g., IBM Lotus Connections, Jive Software, and Microsoft Office SharePoint Server)

Blogger: Mike Gotta

Another option for those wishing to leverage attendance at Catalyst (on top of all the great Burton Group workshops, sessions, guest speakers, etc). Alice Wang and I will be exploring the intersection between identity and social networking during the workshop below:

Use Cases Driving Identity in Enterprise 2.0: The Consumerization of IT

We will hold a pre-conference workshop at the Burton Catalyst North America 2009 conference on Monday, 27 July 2009, from 10am to 5pm, in San Diego, California. Participate in this working session as end users, deployers and technology providers discuss identity-based use cases reflecting the intersection of traditional enterprise with Web 2.0 and SaaS, models with consumer underpinnings that are turning traditional IT approaches inside-out. The group will problem-solve together to discover and define:

• Different styles of provisioning/federating identities
• Privacy concerns around unmanaged employee usage of outside tools
• Security and policy approaches to address virtualization and the cloud
• Authorization models that combine flexible access to resources with appropriate administrative controls

In Concordia workshops, real-world use cases rule: we work together to understand trends and requirements, and then facilitate effective results in future technology development and harmonization. We have gathered use case presentation and discussion proposals, detailed below, in order to form the workshop agenda.

Registering to attend

It is free to attend this Concordia workshop; you just have to let us know you're coming. You can do this by adding your name to the list below or by sending mail to Britta Glade (britta at projectliberty.org).

If you are also planning to attend the Burton Catalyst conference taking place during the rest of the week, you can get a fantastic Catalyst discount for attending this workshop! Use the code concordia when registering on the [Catalyst site to get a full-conference price of $1,295 (this is an almost 50% discount for non-Burton Group clients who would normally pay $2,495 to attend).

Catalyst pre-conference workshop agenda - Project Concordia

Blogger: Mike Gotta

I'd like to add some additional context to a recent post by Eric Malwald in our SRMS group. Eric brings up a very good point - that organizations cannot assume that adoption of a hybrid model that splits e-Mail services across a hosted and on-premises topology makes an organization safer when it comes to protecting sensitive information. With relative ease, people can expand the group of message recipients to people whose inbox resides on the hosted system (on purpose, inadvertently, or as part of a "back channel" conversation with a co-worker). That action defeats the intent of keeping sensitive information "on premises". 

Then again - it all depends.

First, e-Mail systems include more types of data than just e-Mail messages. There are calendar entries, task entries, and contact information for example. You might even add unified messaging to the mix as well. Second, while it is true that e-Mail "is information on the move", it is also very true that e-Mail systems are a core piece of an organization's information management duties once it rests in an inbox. e-Mail is also often classified as a type of business document. Not only due to the issue of attachments, but people compose "documents" in e-Mail that make it a critical business artifact. Calendar entries may also have attachments, contain sensitive information regarding appointments and attendees. Workflow information and contact information also make e-Mail systems critical information systems beyond its messaging roots. As e-Mail products have improved over time, many modern topologies are more centralized than years earlier. Increased use of e-Mail and reliance on more centralized e-Mail "farms" has made information and storage management (as it relates to e-Mail systems) a top priority for many organizations. The reason I point this out is that we need to expand Eric's point beyond the flow of messaging. When e-Mail is not on the move - it is at rest. In fact, most e-Mail "rests" more than it "moves" I imagine.

So are we more or less safe with the idea of a split configuration? I think the answer remains "it depends". 

What would Xobni say? That might sound like an odd comment at first but let me explain. Given my research in social networking, I have been examining Xobni (and similar tools) for some time. When this topic came up internally, I looked at my Xobni statistics and discovered that my top e-Mail "partners" where my own team members. I'm pretty sure that held true for me when I worked at Meta Group. I think it might hold true for a lot of people.

So back to the topic - it would make sense to identify and understand e-Mail usage patterns (including calendar, tasks, contacts) before making the decision on a hybrid approach. Eric brings up a good point - you cannot assume that you are better off. Then again, you might be - especially if those groups that would be part of the on-premises e-Mail topology are inwardly focused to a large extent when it comes to their usage patterns re: e-Mail, calendars, tasks, contacts, etc. This still does not eliminate the question Eric brings up - but it may be a minority concern in some instances. You may find that there is a significant amount of email messaging within teams and groups of various kinds that is more informal and reflects “flow of thought” than the type of messaging that is more formal and sent out in broadcast form or otherwise (directed messages) to other teams.

The key point: Perform the email messaging analytics to determine sender-receiver patterns and the type of messaging content being shared. To Eric's point – don’t assume that you cannot shift that group to a cloud and don’t assume that you are safe because email does move around and is stored in a variety of inboxes – but also recognize that intra-group messaging can be more dominant and contain information the team never shares outside their own group.

Security and Risk Management Strategies Blog: Risks Around Hosted Email

Email is information on the move! It is different than information at rest.

In talking to analysts in Burton Group’s Collaboration Strategies Service about one of their talks at Catalyst, I heard a very disturbing idea. We were discussing hosted email and one of the analysts, Bill Pray, mentioned that enterprises that were moving toward using hosted email (email in the cloud) were keeping “sensitive” departments (HR, finance, etc.) on internal email systems. The reasoning was that these departments dealt with sensitive information and therefore should not be included on a hosted system.

But wait! This assumption may sound right on the face of it but it does not hold on further analysis. Back in (ancient) history, information was stored in filing cabinets. Cabinets in HR and finance were locked to prevent unauthorized people from seeing the information. As we moved to a more computerized environment, sensitive departments were given their own file servers so all of the sensitive information was stored together and the number of people authorized to access the files was limited. This worked as the information was at rest.

Email is information on the move and violates this base assumption. You can segregate the email from HR, Legal, Finance, and other sensitive departments to protect it, but as soon as someone sends email out of the protected environment, all bets are off! Most email is likely to be between team members but not all. Just think about HR. Employees may send sensitive emails to HR people and vice versa. The sensitive information exists in the email system – not just within the HR email system. The same is true for any of the other departments as well.

Don’t just assume that the paradigm used for information at rest works for information in motion. You have to treat them differently!

Of course, the bottom line for very sensitive information is: Do not send it over email in the first place. If you absolutely, positively, have to send very sensitive information over email, use some type of encryption mechanism along with a strong authentication mechanism to protect it.

Security and Risk Management Strategies Blog: Risks Around Hosted Email