Here is perhaps a better link: http://www.google.com/enterprise/apps/business/pricing.html

In general Google Apps is a great product for small-medium sized businesses. As is Office 365.

Google is horrible for a company's IT security team though. Very difficult to lock things down from a firewall level when Google won't tell you the IP addresses individual apps run on (say if I want to allow Google Hangouts but not Chrome Remote Desktop), and some of their apps won't work properly through a proxy or VPN. There's enough cases where Google has been unable/unwilling to help configure that someone could easily begin to question their value.

Google seemingly doesn't want you to allow access to one thing but not another; it's an all or nothing proposition. Their heavy use of load-balancing exacerbates this issue.

"You are doing it wrong".

You do not lock the apps by IP, because they run on many different machines in different data centers. What is running on specific machine is dynamic, based on momentary requirements.

If you do not want to allow Google Hangouts, use your administrator console.

It's not quite that simple due to the VPN and proxy configurations we have. Google Hangouts just will not work over a VPN unless it's allowed directly through the firewall, which requires a firewall rule. Typically firewall rules are based on IP addresses and ports. Allowed Google Hangouts (which we want) also has the side effect of allowing Chrome Remote Desktop (which we don't want) directly through the firewall.

"You are doing it wrong" is not an acceptable answer in an enterprise environment unless the vendor is willing to work with their customers to make sure it's possible to actually do it right. But that would mean the vendor would need real customer service...