Google. believes that its consumer-grade Web applications represent the future of enterprise IT. But while Google is quick to trumpet its products' innovative features, the search giant hasn't said much about their security. Until recently, that is.

On Monday, Google announced it would spend $625 million to buy messaging security vendorPostini, a move that will give it access to 35,000 business customers, and provide it with the first security products for its Google Apps portfolio.

The Postini acquisition represents the most significant investment into security technology yet made by Google. In recent months, Google has started its own security blog along with acquiring another security-related start up, Green Border Technologies. Boost for Apps

Google Apps customers will be able to use Postini services for tasks like scanning and encrypting e-mail, and archiving messages for compliance and legal purposes, said Dave Girouard, vice president and general manager for Google's enterprise business, during a Monday conference call.

Around 1,000 small businesses are signing up for Google Apps each day, according to Google. But the company admitted that big businesses have been reluctant to use hosted services because of concerns about security and corporate compliance issues. It hopes that buying Postini will help relieve those concerns.

But now that Google has finally decided to become a security vendor, how far will it go? Rival Microsoft has started buying security companies itself, and recently introduced its own line of antivirus software. And Google's recent Green Border purchase has caused some to speculate that the search giant may soon offer a secure Web browser, locked down with Green Border's safe browsing technology.
Coy About Plans

Google has so far refused to say what it plans to do with Green Border's products, but observers see other opportunities ahead. For example, the company could mine its vast database of Web sites to compete with Web filtering companies like Websense or AE6 Technologies

"There's a lot of money to be made by establishing a blacklist of Web sites," said Forrester ResearchPrincipal Analyst Chenxi Wang. "I would not be surprised if once they used their massive crawling infrastructure to turn that into a proprietary list and sell that with their enterprise product line."

Google recently gave Web developers a way to access this data for free, but the company could build paid services for enterprise users on top of the free product, much in the same way it has developed Google Apps, observers said.

"If they add real-time intelligence and put that in an enterprise product, they can definitely make money," Wang said.

Wang predicted that Google may also look to acquire information leak prevention companies such as Vontu Inc. or Vericept Corp.
Heating Up Security

One of Google's harshest critics on the security front said that things might become even more interesting should Google decide to expand its foothold on the desktop. "If they want to build their own operating system and they want to basically start making Firefox the [default] browser...they're going to need to start bumping up the controls and security and the devices to protect that environment," said Robert Hansen, CEO of Web security consultancy SecTheory LLC.

How much the Postini and Green Border acquisitions will go to secure existing Google products is unclear. Google said Monday that it will enhance Gmail with Postini's technology, but Hansen thinks that it will take time before Google builds security into its products from the ground up.

In the company's rush to deliver cool and compelling features to its users has come at the expense of security, he believes. And until there is some sort of widespread security problem-- such as the worm and virus outbreaks that shut down Windows users five years ago-- Google has little incentive to make security a priority within its existing products.

"It comes down to the business case," Hansen said. "If I want to fix Blogspot I have to convince some product manager somewhere that it's worth doing the investment... and in the end users are going to hate it."