Why not all cloud computing services are created equal
Not all cloud computing providers are created equal. The Los Angeles Police Department (LAPD) recently halted plans to migrate to Google’s Cloud Apps for Government, which includes Gmail messaging. The City of LA says Google’s service is incompatible with the FBI’s security requirements.
Google claims that the “requirements present a unique challenge not just for Google but any cloud vendor attempting to migrate a law enforcement system to the cloud.” The City of LA explains that the FBI maintains one of the world’s largest databases of criminal records and fingerprints. While law enforcement agencies from around the country have access to these records, users who access the database are required to comply with strict security requirements including accessing, sharing, transmitting, storing, and destroying data. All data must be encrypted both in transit and while stored. Furthermore, all employees and contractors accessing the data must pass an FBI security background check and consent to fingerprinting.
As a result of the contract debacle, Google and the City of LA entered into an amended agreement. Google will pay Computer Science Corp. (CSC) $350,000 per year to maintain the LAPD’s GroupWise email licenses. Under the new contract, the LAPD will no longer move to Google Apps for collaboration; however, 17,000 other city employees will migrate to Google Apps. No additional information has been disclosed about why the original contract negotiations failed.
Cloud computing security standards
So, is Google’s defense likely to uphold in the dispute? Likely not, because some cloud computing providers are able to comply with the strict security requirements set forth by the FBI. For example, data stored in the IsUtility cloud computing service is encrypted in transit and while it’s stored. Email is hosted on Exchange Servers not accessible by the public, therefore making it easier to maintain strict security and compliance standards.
Distinguishing Google’s Cloud Platform from Other Providers
Some industry experts such as Jeff Gould, CEO of IT consulting firm Peerstone Research, speculate that the problems may have resulted with an FBI requirement that all IT contractors pass a criminal background check and sign a document known as the FBI Security Addendum. Not all Google employees would be able to comply with these measures since some of Google’s support staff for Google Apps are based in Europe. While the FBI does not mandate all support personnel be based in the U.S., having employees around the world would make it more difficult for Google to comply with the FBI screening and fingerprinting standards.
So was it Google Apps functionality that failed the test? Or was it employee compliance that didn’t make it? While we may not ever know the answer to this question, it is incumbent upon companies who are considering migrating to a cloud service to vet these issues before signing a contract.
Need help getting started with your cloud computing implementation plan? Register for a complimentary educational webinar "5 Steps to Understanding & Implementing Cloud Computing"
