August 15, 2011 By Brian Heaton
If the thought of losing control over valuable documents has you feeling sick with worry about moving to the cloud, Panama City, Fla., has the cure to set your mind at ease.
The city deployed a third-party software add-on for Google Apps for Government that allows IT administrators to see exactly what users are sharing in the cloud and more importantly, who they were sharing it with, so Panama City’s security and sharing rules could be enforced.
Richard Ferrick, network administrator with Panama City, said that when the city transitioned to using Google Docs last year, he was limited in what he could see users doing in the cloud, including the permissions they were assigned to documents. The only way he could see if the documents were stored securely was to log on as a user and go into the person’s Google Docs account.
After scanning what was available in the Google Marketplace to improve control over items in the cloud, Ferrick came across CloudLock, a third-party software add-on for Google Apps for Government that runs an inventory on all the documents stored by users in the cloud, allowing IT personnel to keep track of key documents and beef up security on who is accessing them.
The city began using the add-on in December 2010 and as of Jan. 1 of this year, used Google Docs as its primary online archive system for documents.
Ferrick stressed that it was the IT security peace of mind that won him over when using CloudLock. He said security permissions of documents that existed from former employees could be altered and easily delegated to another worker, just by using the software’s control panel to transfer ownership from one person to another.
“Not knowing what was out there was really scary for us,” Ferrick said. “That uncertainty about not having control over documents in your network was a bad thing. I have audits that run nightly and tell me any changes that have been made across the domain [with] number counts of documents that have been shared with the public.”
The program allows administrators to schedule scans, see what’s changed, what’s exposed to the public and take ownership of each document. CloudLock uses the same pricing model as Google Apps, with a recurring annual cost that’s based on the number of users.
While there are a variety of similar document management solutions available now, Ferrick said that when he was looking last year, the choices were minimal.
Given the obvious need for document management, one might assume such a capability would already be inherent in Google Apps for Government. But Google Apps focuses more on the end-user, allowing independent software developers to use the Google Apps application programming interfaces (API) to construct add-ons.
Municipalities or organizations using Google Apps can either use the APIs themselves or find a product that matches their needs regarding the cloud.
Document Security Vital
Gil Zimmermann, founder and CEO of CloudLock, said that while people typically send e-mails and forget about them, documents that have been shared in the cloud between an organization and various vendors have serious security concerns.
“Privileges are very easily granted, but they are rarely revoked,” Zimmermann said. “The chances of an end-user going back and saying, ‘Are we still working with that partner, do we need to go back and shut down all those files we shared with them?’ are pretty much zero. What we enable customers to do is put that on autopilot.”
The goal, Zimmermann said, is to allow IT administrators to give end-users the tools they need to operate more securely in the cloud. For those cities and state government agencies looking at Microsoft for their cloud computing needs, Zimmermann revealed that a Microsoft Office 365 version of CloudLock is in the works for release late this year or early in 2012.
“We don’t want to turn IT into the babysitters,” Zimmermann said. “We want to enable them to embolden the data owners to be more secure because they are the decision-makers.”
You may use or reference this story with attribution and a link to