Slashdot Mirror

← Back to Stories (view on slashdot.org)

LA's Move To Google Apps Slows As "Apps For Gov't." Announced

Posted by kdawson on from the cloud-of-pain dept.

Several readers noted Google's announcement yesterday of Google Apps for Government: "The new version is a variant of Google Apps Premier edition, and includes the same core apps: Gmail, Calendar, Docs, Sites, Groups, Video, and Postini. Pricing is the same as for Google Apps Premier: $50 per user per year. The certification says that Google Apps qualifies for is called a FISMA-Moderate rating, which means that it's authorized for use with data that's sensitive but unclassified. In addition, Google says that it's storing government Gmail and Google Calendar on servers that are isolated from those used for non-government customers, and which are located in the continental US." This service might be just what the city of Los Angeles needs (though the price may not be right). LA started migrating months ago to Google Apps, and the process is experiencing some delays, as pointed out by reader theodp. "In December, Google tooted its own horn as it celebrated edging out rival Microsoft to win a high-profile, ironically Microsoft-funded contract to supply email and collaboration software to the City of Los Angeles. Now comes word that the search giant has missed a June deadline for full implementation due to lingering security concerns. Google downplayed reports of the delay, saying it was 'very pleased with the progress to date' which has allowed 10,000+ of the City's 34,000 employees to use Google Apps."

9 of 98 comments (clear)

  1. Meh... more cloud stuff by mlts · · Score: 4, Insightful

    Maybe it is because I'm an old hand (and I'm speaking for myself here), but there is something about having physical control of data in house, in a data center. This way, unless there is a network intrusion, one knows where critical information resides.

    With a cloud provider, all I have is a promise of security.

    This isn't to say that Google isn't secure, but I personally trust good locks on the doors and all people who have access to the data having signed contracts more than just a piece of paper with a promise that things are secure.

    1. Re:Meh... more cloud stuff by PopeRatzo · · Score: 2, Insightful

      Jack, who has some basic Linux skills wants to make some money on the side in his job in a data center. He copies some credit card numbers from his work and sells them

      So Jack also has some encryption-breaking skills?

      However, there is no certain audit trail or chain of custody present like there is by keeping data in-house.

      Does having data stored off-site necessarily mean there is no "audit trail or chain of custody"?

      I think you attribute a level of care and protection to in-house data centers that has not shown itself to be the case in real life.

      --
      You are welcome on my lawn.
  2. Seems odd by MBGMorden · · Score: 3, Insightful

    I work in a relatively small government organization - about 1200 people, only about 350 of which are office workers - and I can't imagine us even remotely considering this. Anything that involves storing ANY of our data on a server that doesn't reside in one of our 3 data centers is automatically nixed by IT. Heck, if you've got a decent IT staff, setting up basic stuff like webmail and the like isn't even that difficult or expensive. Apache, Horde, Postfix, and Dovecot will get you mostly there for nothing more than the cost of a decent server ($2k tops) and the time of a staff member to set it up (and that time, for full-time employees, is typically already paid for, so you might as well use it).

    --
    "People who think they know everything are very annoying to those of us who do."-Mark Twain
    1. Re:Seems odd by squiggleslash · · Score: 4, Insightful

      And a small, highly competent IT department will tailor its systems precisely for business needs, saving money and time over the one-size-fits-all Google approach.

      Codswallop.

      A small, highly competent, IT department will make the best use of the resources available. The fact it's small means it's not going to have time to "tailor its systems" for anything. So it's safe to say it'll do the same thing every business's IT department does: it'll buy a one-size-fits-all solution from Microsoft, IBM, or it'll spend some time learning how to put together the same capabilities from open source components such as Dovecot, Evolution or Thunderbird, and the various other free components that do roughly the same thing.

      Sooner or later, you find things that every business needs. They need an email system, a system of published calendars, and some central document repository. What do they need out of the email system? Pretty much everything that Exchange, Notes, Evolution/IMAP, and Google Apps/GMail does. What do they need out of the system of shared public calendars? Pretty much everything that Exchange, Notes, Evolution/IMAP, and Google Apps/GMail does. What do they need out of a central document repository? Pretty much everything that Sharepoint, Notes, a combination of MediaWiki+Apache+NFS shares, and Google Apps/Documents does.

      These are "one size fits all" products for a reason, their one size fits all. Every business needs them just as every business needs one-size-fits-all personal computers, and every business needs one-size-fits-all phone systems, and every business needs one-size-fits-all lights. Insofar as there are differences between the different needs of, say, a contractor and a giant megacorp, that's where licensing and additional services come in.

      Hard to see what a "highly competent" IT department would do differently. Design an entirely new email system that's unlike all the others? Great if they have time, I challenge you to find a small IT department capable of doing any such thing, and I challenge you to find one that would design anything that's neither worse than what everyone else does for the intended users, nor itself a one-size-fits-all system that would work for everyone.

      --
      You are not alone. This is not normal. None of this is normal.
  3. ugh by FuckingNickName · · Score: 1, Insightful

    At least I can avoid Google as a private citizen when I find its privacy practices abhorrent.

    I feel sorry for the family I have in LA who won't have a choice but to have some of their government-handled private data on Google's servers.

    1. Re:ugh by Anonymous Coward · · Score: 1, Insightful

      I hate to break it to you but whatever jurisdiction you live in, private contractors are balls-deep in the every day management of your gov't data.

      everyday data center operations - possibly outsourced
      help desk support - possibly outsourced
      application development/maintenance - possibly outsourced
      overall IT architecture - possibly outsourced

  4. That's where the money is... by tcopeland · · Score: 2, Insightful

    ...and Google knows it. The government is flourishing, huzzah!

    --
    The Army reading list
  5. Thumbs up for Fisma-Apps by Sub+Zero+992 · · Score: 4, Insightful

    This is what you get, and what - currently - only very few federal agencies can afford:

    An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

    The independent third party auditor verified that Google Apps has the following controls and protocols in place:

    • Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
    • Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
    • Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
    • Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
    • Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
    • Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps

    http://www.google.com/apps/intl/en/government/trust.html

    Sure, it comes with a risk (do you have multiple redundant and trunked high speed internet connections?) but also with enorous freeing of public funds.

    In my view, a win.

    --
    They who would give up an essential liberty for temporary security, deserve neither liberty or security - Ben Franklin
  6. Re:Seems like a parallel effort though by RMH101 · · Score: 2, Insightful

    ...and get those people to agree to a police background check. Imagine if you were an offshore developer in another country, and your line manager casually dropped into a conversation that the LAPD want to audit you. Now scale that up to the presumably hundreds/thousands of google personnel who potentially have access to that data.