LA's Move To Google Apps Slows As "Apps For Gov't." Announced

Several readers noted Google's announcement yesterday of Google Apps for Government: "The new version is a variant of Google Apps Premier edition, and includes the same core apps: Gmail, Calendar, Docs, Sites, Groups, Video, and Postini. Pricing is the same as for Google Apps Premier: $50 per user per year. The certification says that Google Apps qualifies for is called a FISMA-Moderate rating, which means that it's authorized for use with data that's sensitive but unclassified. In addition, Google says that it's storing government Gmail and Google Calendar on servers that are isolated from those used for non-government customers, and which are located in the continental US." This service might be just what the city of Los Angeles needs (though the price may not be right). LA started migrating months ago to Google Apps, and the process is experiencing some delays, as pointed out by reader theodp. "In December, Google tooted its own horn as it celebrated edging out rival Microsoft to win a high-profile, ironically Microsoft-funded contract to supply email and collaboration software to the City of Los Angeles. Now comes word that the search giant has missed a June deadline for full implementation due to lingering security concerns. Google downplayed reports of the delay, saying it was 'very pleased with the progress to date' which has allowed 10,000+ of the City's 34,000 employees to use Google Apps."

Meh... more cloud stuff

[mlts]

Maybe it is because I'm an old hand (and I'm speaking for myself here), but there is something about having physical control of data in house, in a data center. This way, unless there is a network intrusion, one knows where critical information resides.

With a cloud provider, all I have is a promise of security.

This isn't to say that Google isn't secure, but I personally trust good locks on the doors and all people who have access to the data having signed contracts more than just a piece of paper with a promise that things are secure.

Thumbs up for Fisma-Apps

[Sub+Zero+992]

This is what you get, and what - currently - only very few federal agencies can afford:

An independent third party auditor issued Google Apps an unqualified SAS70 Type II certification. Google is proud to provide Google Apps administrators the peace of mind knowing that their data is secure under the SAS70 auditing industry standard.

The independent third party auditor verified that Google Apps has the following controls and protocols in place:

• Logical security: Controls provide reasonable assurance that logical access to Google Apps production systems and data is restricted to authorized individuals
• Privacy: Controls provide reasonable assurance that Google has implemented policies and procedures addressing the privacy of customer data related to Google Apps
• Data center physical security: Controls provide reasonable assurance that data centers that house Google Apps data and corporate offices are protected
• Incident management and availability: Controls provide reasonable assurance that Google Apps systems are redundant and incidents are properly reported, responded to, and recorded
• Change management: Controls provide reasonable assurance that development of and changes to Google Apps undergo testing and independent code review prior to release into production
• Organization and administration: Controls provide reasonable assurance that management provides the infrastructure and mechanisms to track and communicate initiatives within the company that impact Google Apps

http://www.google.com/apps/intl/en/government/trust.html

Sure, it comes with a risk (do you have multiple redundant and trunked high speed internet connections?) but also with enorous freeing of public funds.

In my view, a win.

Re:Seems odd

[squiggleslash]

And a small, highly competent IT department will tailor its systems precisely for business needs, saving money and time over the one-size-fits-all Google approach.

Codswallop.

A small, highly competent, IT department will make the best use of the resources available. The fact it's small means it's not going to have time to "tailor its systems" for anything. So it's safe to say it'll do the same thing every business's IT department does: it'll buy a one-size-fits-all solution from Microsoft, IBM, or it'll spend some time learning how to put together the same capabilities from open source components such as Dovecot, Evolution or Thunderbird, and the various other free components that do roughly the same thing.

Sooner or later, you find things that every business needs. They need an email system, a system of published calendars, and some central document repository. What do they need out of the email system? Pretty much everything that Exchange, Notes, Evolution/IMAP, and Google Apps/GMail does. What do they need out of the system of shared public calendars? Pretty much everything that Exchange, Notes, Evolution/IMAP, and Google Apps/GMail does. What do they need out of a central document repository? Pretty much everything that Sharepoint, Notes, a combination of MediaWiki+Apache+NFS shares, and Google Apps/Documents does.

These are "one size fits all" products for a reason, their one size fits all. Every business needs them just as every business needs one-size-fits-all personal computers, and every business needs one-size-fits-all phone systems, and every business needs one-size-fits-all lights. Insofar as there are differences between the different needs of, say, a contractor and a giant megacorp, that's where licensing and additional services come in.

Hard to see what a "highly competent" IT department would do differently. Design an entirely new email system that's unlike all the others? Great if they have time, I challenge you to find a small IT department capable of doing any such thing, and I challenge you to find one that would design anything that's neither worse than what everyone else does for the intended users, nor itself a one-size-fits-all system that would work for everyone.