Google defends Google Apps security

Critics cite security concerns in calling for Los Angeles to reconsider Google Apps plan

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications.

In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy.

"From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors.

Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

The controversy centers on a plan by the City of Los Angeles to replace its Novell GroupWise e-mail and Microsoft Office applications with Google Apps. Under the $7.25 million plan, the city will transition about 30,000 users to Google's e-mail and office productivity products by the end of December 2009.

City officials have said that they expect the move will save Los Angeles more than $13 million in software licensing and manpower costs over the next five years. The plan is expected to be approved by city council members as early as next week, and the implementation process is scheduled to begin soon thereafter. If approved, Los Angeles will become the second major city after Washington, D.C., to migrate its applications to Google's cloud infrastructure.

The migration would make Google, which hosts the servers running the applications, responsible for retaining and protecting sensitive health care and litigation data along with criminal and drug investigation records. Since the plan was proposed, critics from various organizations, including the Los Angeles Police Department, the city attorney's office and public interest groups have raised questions about the privacy and security implications of storing sensitive data in the cloud for access via the public Internet. The concerns received a fresh airing following the recent Twitter Inc. security breach caused by an attacker gaining access to a worker's e-mail on the Gmail system hosted by Google.

Glotzbach yesterday contended that the concerns have been raised as part of an effort by some rivals and others to spread fear, uncertainty and doubt about the company's cloud computing service.

"There seems to be this sentiment that this was some secret, backroom kind of process," Glotzbach said. Instead, Google won the contract over 15 rival bidders largely because of the security and privacy controls in Google Apps, he added. In fact, as city officials reviewed the contract over the past eight months, Google engineers have worked with the city's technology team and police department representatives to understand and address security and privacy concerns, he said.

Glotzbach claimed that Google Apps will offer better data protection than is currently available for the city's applications for a number of reasons. For instance, having Google host and manage the applications means that the city won't have to worry about installing new security patches -- and that it won't have to expend the resources needed to implement them. Similarly, it's typically harder for hackers to launch attacks on hosted software because they don't know which server or data center is hosting the data, he said.

In addition, he said that all sensitive data will be encrypted while in transit and storage, and that the only way users will be able access Google Apps applications is by first authenticating themselves to the city's primary authentication server.

Glotzbach rejected suggestions that the hosted Gmail e-mail application would weaken current security protections. For example, he said that current transmission rules, such a the police department's edict that prevents certain information from being included in e-mail messages, will not change.

Randi Levin, the city's chief technology officer and general manager of the ITA, said that the project has received tentative approval from the California State Department of Justice after a review of city's plans for addressing security and privacy concerns. In addition, the ITA has met with the police department, the city attorney's and Google to discuss enhanced encryption methods that will be used to protect highly sensitive data, she said.

During the planning phase of the project, the ITA must demonstrate that its plan for security controls will work as promised, said Kevin Crawford, assistant general manager of the ITA. "To say or infer that we have not worked with the [California Department of Justice] ... is not correct. We have worked extensively with the DOJ, and they have approved the plan and now need to see it functioning as described in an operational manner to provide final approval," he said.

The final decision by the Justice Department will likely be a crucial factor in determining whether the police department agrees to use Google Apps.

Juan Bustamante, a spokesman for Mayor Villaraigosa's office, said the contract right now is in the hands of the city's technology council. After review by the council it will be put up for approval by the city council. At that point, the project will move ahead as planned, he said.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies