April 30, 2010 By Matt Williams
They want to do something other than what they're doing now, but they're not quite sure how to do it. My counsel to them is look at the numbers, and if the numbers say it makes sense and your security concerns are such that you can put it into the cloud, then do it.
A lot of governments express concern about security in the cloud. And Los Angeles CIO Randi Levin took some heat after the city picked Google. You met with her recently. What did you talk about?
I think she had a lot of people beating up on her about security. My analogy to her was, "Look, what I do is I support government, and I don't advocate in my role when I say I need to give security to somebody else -- but a company like Google should provide way better security than my two security staffers could."
It's like a robber going into a bank with a sack over his back and he's going to bust into the vault and he sees gold coins, gold bars and all these different currencies and valuables -- and then there's the city of Orlando's information (which I equate to coins), and he robs the bank and takes the coins and decides to leave all those big valuable items.
That's a simplification of the analogy, but in the scheme of things we're in the sunshine, so you can get our information if you wanted by coming and asking us for it in most cases. Granted, there are things that are time-stamped and shouldn't be let out prematurely. But when we have Google that does this for a living, and the company has a team with a lot more expertise than what we have, then I have no reservations about going to them and saying, "OK, you manage or secure my stuff." So security was one of those things that I think Randi and I touched on a little bit.
So within the context of Google Apps, how do you handle sensitive data?
To the extent that [city employees] send information, it should be ultra-secure. What we've said to them in the past, even before we went this route with Google -- when we were with Lotus Notes -- was that if it's something ultra-confidential and doesn't need to be sent by the medium that we send it, then you find some other way of doing it. In other words, don't send it by e-mail, even in encryption, if this is something that could go another way.
In some cases, initially it may need to be paper-based or it may be something that you put in an envelope, stamp and put a seal on it and say, "Let's send it through the traditional mail." We had those discussions with the police department.
You may use or reference this story with attribution and a link to