Trouble Brewing in the Cloud
You’ve probably read how administrators who work for the city of Los Angeles have recently decided to use Google e-mail services as well as Google information management services to use and store a variety of information, including city policy documents and police department information. These administrators anticipate considerable cost savings by using these Google services. Cheap is better in these hard times, but is cheap justified when information stored on computing systems is completely outside an organization’s control?
To deny that Google is extremely innovative would be totally specious. Google has in many ways defined technology during the first decade of 2000. At the same time, however, being an innovative information technology entity is by no means any kind of “end all.” We have by now seen too many companies and organizations that have arisen apparently out of nowhere, only to find out that security in their products and services were severely deficient. Microsoft, now Google’s arch enemy, is one of the very best examples. For years Microsoft released products that were severely deficient from an information security point of view. This company orchestrated attacks against individuals who pointed out vulnerabilities in its products instead of making desperately needed changes in its software development process. Microsoft eventually made many of these changes, and now Microsoft product users enjoy a much higher level of at least out-of-the-box security in the products that they use then ever before.
So what about the issue of information stored in the so-called Google cloud? As with everything in information security, the answer depends on many factors, of which cost versus benefits is normally the major one. Cash is a precious commodity in today’s hard times. Using Google’s so-called “cloud services for information management would on the surface thus seem extremely attractive. At the same time, however, the city of Los Angeles has by all indications not offered nor entered into any kind of service level agreement (SLA) with Google. As such, the city of Los Angeles is completely at Google’s mercy concerning the protection of its information. Such things should not be.
In many ways, Google is where Microsoft was in the mid-1990s. Google gives lip service to information security, but in reality it offers vulnerability-ridden products and services. Google should not by any stretch of the imagination be considered a leader in information security. Please count on collecting from me a free pastry from Starbucks (note: this is a joke based on the latest of Internet hoaxes) long before Google wins any kind of information security awards. Until Google achieves a better reputation in information security, users of Google’s so-called (and completely inappropriately named) cloud services should not trust Google’s email and information management services.
Will the city of Los Angeles should heed these words of caution? I would not count on it, but stay tuned…