I've been surprised to see such unanimously negative comments on a recent MSNBC article regarding the potential use of Google Apps by LA county California. I wouldn't be at all surprised to learn of Microsoft employing large scale commenting operations to push negative PR on the net.
This pretty much summarizes the sentiment:
"A decision to place confidential data into the hands of Google instead of simply upgrading the City's own IT infrastructure and retaining behind-the-firewall control of its data and digital resources would be one of the worst decisions it could ever make," said one poster.
There are some very disastrous misunderstandings about the decision being referenced here. Let's start with email. Do you think that the city of LA has a secure email system? Email definitely travels outside the office, where you can't control communication. People check their city email all the time from home or while on the road. I will wager any amount that the email component of Google Apps is much more secure than what they are currently using. Here's why:
1. Everything is 100% encrypted. At this point, there is no way the city of LA is emailing conversations to employees through an encrypted connection all of the time. That means they are at risk of being snooped on at any point along the chain, from their local ISP to the big communication providers.
2. The architecture at Google is far stronger and more reliable. I feel it would be wrong to assume that whatever method they are currently using to store backups of email and maintain uptime for email service is superior to Google. If you think that Microsoft Exchange, and lots of hard drives is your idea of security, then ok, move along. It simply costs taxpayers money if email is not working, and Google Apps email works. If anyone wants to argue against that point, show some evidence of comparative down times.
3. The filtering is superior. Google Apps email will prevent inefficiencies and, more importantly, viruses from spreading. If you think the city of LA has some kind of standardized, broad virus/spam filter that works better than Google currently, then, well, just move along. If you think they can implement a standardized broad system (like corporate Symantec) that will be less expensive and work just as well at filtering, then you are mistaken.
Now, that's just email. There is no argument here. Google can provide a more reliable, safer, and most of all more cost effective solution and taxpayers need to realize that. Google Docs is another issue altogether. The main question is, how is the city of LA currently sharing documents? There is a misconception that whatever they are doing now is secure because there is not currently some kind of scandal or break-in. I will again bet any amount of money they are:
a) Attaching sensitive documents to emails and sending them around, unencrypted, to co-workers.
b) Using some kind of VPN / web-based solution to log in to their office data through some kind of remote access setup.
Both a) and b) are huge security risks. People need to access some documents remotely. They are most likely doing it with Microsoft products currently, attaching documents to Outlook email and sending them along, unencrypted, and they are also using 3rd party software and Microsoft tools to get access to "behind-the-firewall" content. Does anyone have any clue about the history of the security of Microsoft products? It's terrible, sorry.
Finally, this really has nothing at all to do with anything about Google. The platform is entirely irrelevant, really. What matters is their internal security policies, period. If they are not equipped with a method to prevent "social hacking" for example, criminals are going to get access to "behind-the-firewall" content no matter what platform they use. If people choose stupid passwords or if IT administrators place terminals with access to sensitive documents where a criminal can physically get to them, then no amount of amazing "upgrading" you do will matter.
Fundamentally, the city of LA needs to decide what information can be accessed remotely. A smart security policy would be that, no, you can't get access to important data unless you gain access to a building with armed guards, an ID check and 3 methods of authentication on system that is physically disconnected from the internet. You don't use Google for that, sorry folks, that's something else entirely. The Google Apps product is just not the total solution, and it is a mistake to assume that stuff like "FBI investigations" are somehow magically accessible by they Chinese if they can just guess someone's password. If that's the case when they are using Google Apps, it was the case BEFORE they were using Google Apps.
IT decisions, especially in cases of large scale, are not based on all-one solutions and policy is more important than platform.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment