According to an LA Times article, city official couldn’t see any way for security and cloud computing to live in harmony:
Google’s system “does not have the technical ability to comply with the city’s security requirements” and that those requirements are “not currently compatible with cloud computing,” the story quotes LA officials.
That had to hurt, especially when Google cites an LA official on its Google Docs for Government web page, and LA has repeatedly been the poster child for Google in terms of the huge cost savings Google Docs and GMail brings to the cash-strapped city — but when it comes to the higher security requirements of the police, it’s apparently not quite enough.
The question becomes if the city’s security requirements are that stringent, is any system really secure enough? As we’ve seen in the last year hacker groups like LulzSec and Anonymous have shown how easy it is to get into law enforcement computer systems.
LulzSec attacked the CIA computers in the middle of June and one week later went after the UK’s Serious Organized Crime Agency. Would these sites have passed the City of Los Angeles guidelines? I would like to think so (although I can’t say for sure), but one thing I can say is that being behind a firewall didn’t seem to help these agencies.
I can understand why LA might want to tread carefully here and make certain that the version of GMail they are getting is secure and passes any guidelines set by the federal government. FierceGovernmentIT reported last year that the General Services Administration adopted GMail at great cost savings to the tax payers, but that the US Army chose to use a cloud email solution developed by the Defense Information Systems Agency. Obviously the two agencies serve very different purposes and had different requirements.
It may be that the general city government goes with the Google solutions and the police decide like the army to find a separate, more secure solution (at least one that seems more secure), but I think officials need to be realistic in terms of what’s possible regarding security at this juncture.
Perhaps no systems exists that will ever be secure enough, and LA officials have to balance budget considerations with security requirements — no easy task, I’m sure.
For now, it leaves Google, and cloud vendors in general, left to once again answer the cloud security question and nobody, least of all Google, can be happy about that outcome.