LA's Move To Google Apps Slows As "Apps For Gov't." Announced

Several readers noted Google's announcement yesterday of Google Apps for Government: "The new version is a variant of Google Apps Premier edition, and includes the same core apps: Gmail, Calendar, Docs, Sites, Groups, Video, and Postini. Pricing is the same as for Google Apps Premier: $50 per user per year. The certification says that Google Apps qualifies for is called a FISMA-Moderate rating, which means that it's authorized for use with data that's sensitive but unclassified. In addition, Google says that it's storing government Gmail and Google Calendar on servers that are isolated from those used for non-government customers, and which are located in the continental US." This service might be just what the city of Los Angeles needs (though the price may not be right). LA started migrating months ago to Google Apps, and the process is experiencing some delays, as pointed out by reader theodp. "In December, Google tooted its own horn as it celebrated edging out rival Microsoft to win a high-profile, ironically Microsoft-funded contract to supply email and collaboration software to the City of Los Angeles. Now comes word that the search giant has missed a June deadline for full implementation due to lingering security concerns. Google downplayed reports of the delay, saying it was 'very pleased with the progress to date' which has allowed 10,000+ of the City's 34,000 employees to use Google Apps."

Re:Meh... more cloud stuff

[mlts]

Yes, data is sent over, but the DB processing and storage should be in house. Another reason to keep data in house:

Jack, who has some basic Linux skills wants to make some money on the side in his job in a data center. He copies some credit card numbers from his work and sells them. His company takes the heat, does an audit of who had last access to that tablespace that wasn't normal, and finds that Jack was doing a SELECT on it. Jack almost definitely will end up facing civil/criminal repercussions for the action.

Joe who is working in a cloud provider does a strings on a .vmdk file, gets a similar list. He has no loyalty to the cloud provider's client... that's just some company or organization storing files at his workplace. So, he doesn't feel any reason why not. He sells the list, the cloud provider's client gets the heat for the compromise, and maybe the cloud company may be found responsible for the leak. However, there is no certain audit trail or chain of custody present like there is by keeping data in-house. Maybe sometime in the future some file audit or accounting daemon might show the read or some shell log show the strings command, but it may never happen.

Again, with data in-house, there is an access log record, a video log from the cameras, a log from the ACE servers of access, the audit logs from Active Directory, the logs from the routers. All of this ensures accountability for everyone involved. Outsourcing to a cloud provider? Got none of that. There is no solid chain of custody.