Tech is a savage business – everyone has murderous intent. Right now, everyone has their sights fixed on email. Slack, Basecamp and a host of collaboration apps are all determined to put email servers in landfill, alongside fax machines and CRT monitors. But not Huddle, the cloud collaboration software that serves 80% of UK government departments, the US government and a host of other large enterprises.
“Our goal is to be where the work is, and the reality is that email isn’t going to go away soon,” said Stuart Cochran, Huddle’s CTO, explaining why Huddle integrates with software such as Outlook instead of trying to bury it. “Email has some of the lowest friction for the user. If you know someone’s email address… it’s very easy to send somebody a message. When we’re designing Huddle, we often say to ourselves ‘we have to make this as easy to use as email, but ten times more valuable in terms of the problems it’s solving’.”
In fact, it’s Huddle’s willingness to work with whatever its customers have – be that government departments still wedded to Windows XP, commercial teams using Salesforce, or executives working on their iPhones – that is one of the reasons for its success. Yet, balancing that desire for wide interoperability and email-like ease of use with the strict security demanded by government departments is no cakewalk.
Inertia isn’t the only reason you’ll find government departments still clinging to Windows XP – it takes a long time to build up trust in the public sector. Which makes it all the more remarkable that Huddle, a company that was formed only a decade ago, now claims to be the only SaaS company that’s formally accredited to work with both the UK and US governments.
The firm was founded in London by Alastair Mitchell and Andy McLoughlin, and was largely born out of frustration. As Mitchell’s online bio explains, he was exasperated by “existing enterprise technology’s inability to help people work together. Spending millions of dollars on a SharePoint implementation, only to watch it fail dismally, was the final straw.”
The pair identified two major weaknesses with SharePoint and the like, according to Cochran. First, it was very difficult to work with external colleagues: customers, suppliers, partners. And even for employees within the business, the software was just too prickly. “The users, whether they were inside the company or outside, just weren’t getting the ease of use they were expecting,” Cochran said.
“Spending millions of dollars on a SharePoint implementation, only to watch it fail dismally, was the final straw.”
With the shift to cloud computing beginning, Huddle’s founders decided to do something different: build an enterprise collaboration service that could be accessed whether inside or outside of the company’s firewall, and from practically any device. The product has been continuously upgraded and revised, now including project management and optional accounting facilities, as well as a host of integrations with other enterprise software, including Office, Salesforce and even SharePoint itself.
However, customers such as the Cabinet Office, US federal agencies, British Gas and Panasonic aren’t easily bowled over by an ever-expanding feature list – sometimes it’s quite the opposite, as we’ll explore later. Data security tops the priority list for those large enterprises, whether public or private.
Huddle has two major hubs, one hosted in the UK and another in the US for federal government customers, allowing those public sector customers to keep their data within their own jurisdiction. It also spends a considerable amount of effort acquiring certification and accreditation with various bodies to enable it to work with these public institutions, including G-Cloud in the UK and FedRAMP in the US. “It’s an ongoing activity, it isn’t something you do only once,” said Cochran. “In order to prove that you meet all those requirements, you have to subject yourself to ongoing monitoring and penetration testing audits. It’s a really big investment from Huddle.”
Huddle’s clients aren’t only targets for your common or garden data thieves. When you’re talking about government data, threats are potentially state-sponsored, meaning Huddle has to take extraordinary security precautions to earn the trust of its customers. Earning the necessary ISO/IEC 27001:2013 certification means that six different background checks are applied before, during and after staff are recruited; the physical security of the company’s buildings are subject to 15 different controls. That’s in addition to the hundreds of requirements covering the way the data is stored and protected on the company’s server infrastructure, which is part private, part infrastructure-as-a-service (IaaS).
Yet, all of this security box-ticking can be undone by the simplest of mistakes. “If you leave a mobile device on a train or in a bar, that’s as much of a potential risk as an attack from another state or malicious party, so there’s a whole spectrum of things we have to do.”
Securing old software
A civil servant leaving his iPhone on the 7:37 to Clapham Junction isn’t the only security risk posed by Huddle’s clients. Many government departments still rely on outdated operating systems and web browsers, which are vulnerable to security threats that should have been eliminated in 2016, in the same way children don’t catch polio anymore.
“There are some pockets of organisations where they’re using older technology and it’s a big challenge for us,” admitted Cochran. We have to architect and design our solution so that it may work best with the latest technology, the latest browsers, but we have to design it in such a way that it will fall back to different ways of working in older browsers.”
“A lot of organisations recognise they need to move forward and take advantage of more modern operating systems”
However, Cochran says he’s detected a change in attitude among the public sector clients. “A lot of those organisations recognise they need to move forward and take advantage of more modern versions of operating systems and browsers, because they get the latest patches,” he said. “There’s a big push to enable them to do that.”
Cochran says his design team is constantly serving two different masters: the end user, who wants all the flashy features they see in consumer apps; and the more conservative IT manager-type, who wants to exert control over the software and data in their organisation. “The way we respond to that natural tension between the two needs of security and ease of use is to consciously design for both,” he said.
“When we think of a feature we’re developing, these days we’ll almost always make sure that the administrator… has a control where they can enable or disable it. Some of those features will be enabled by default, some of the features will be disabled by default. We actually say to our customers: ‘we’ve got a fantastic feature, we think it’s really great, but you have to choose if you want to use it’. Giving the administrator that level of control is really important.”
Keeping customers abreast of major changes to the software – there were more than 200 revisions made to Huddle last year alone – is also key. “We have to make sure the rollout of those features is well communicated,” said Cochran. “The last thing somebody in IT security or risk or compliance wants is a surprise. They’ll have their own process in terms of how they assess risk, how they evaluate technologies and solutions, so we work really hard to make sure we’re informing customers of what’s coming, sharing our roadmap… and that really pays back.”
Cochran doesn’t only have to ensure he’s keeping customers abreast of Huddle’s new features, he needs to keep on top of what clients are using in their businesses, too. Even a few years ago, most enterprises would be running not a great deal more than a stack of Microsoft software: Exchange, Office, SharePoint. Now, the range of tools being used within enterprises is far greater, rapidly increasing the number of applications with which clients want Huddle to integrate.
“Integration in itself is not a challenge – we’re actually very open, we publish our API and make it available to third parties, and do integrations ourselves,” said Cochran. “But, of course, it’s more things to test and more things we have to work on.”
Perhaps Huddle should attempt to kill off more of those rival software packages after all.