Plans to migrate LAPD to Google's cloud apps dropped
Service is incompatible with FBI's security requirements, city says
Computerworld - After more than two years of trying, the City of Los Angeles has abandoned plans to migrate its police department to Google's hosted email and office application platform saying the service cannot meet certain FBI security requirements.
As a result, close to 13,000 law-enforcement employees will remain indefinitely on the LAPD's existing Novell GroupWise applications, while other city departments will use the Google Apps for Government cloud platform.
Council members last week amended a November 2009 contract the city has with systems integrator Computer Science Corp. (CSC) under which CSC was supposed to have replaced LA's GroupWise e-mail system with Google's email and collaboration system. Under the amended contract, the LAPD will no longer move its email applications to Google.
Instead, Google will pay up to $350,000 per year for the LAPD to maintain its GroupWise licenses for the entire term of the CSC contract and any extensions beyond that. Google will also substantially reduce the amount it charges for the rest of the city's use of Google Apps. Under the amendment, CSC too will reduce its initial integration fee for the project by $250,000.
Earlier this month, LA's chief legislative analyst, Gerry Miller, and its chief administrative officer, Miguel Santana, said the contract amendment was necessary because the Google service could not be brought into compliance with the FBI's Criminal Justice Information Systems (CJIS) requirements.
"Although CSC does not have the technical ability to comply with the City's security requirements, it should be noted that the DOJ requirements are not currently compatible with cloud computing," the two wrote in a memo to council members.
The CJIS database is maintained by the FBI and is one of the world's largest repositories of criminal history records and fingerprints. The records are accessible to law enforcement officials around the country, but all entities authorized to access the database are required to comply with a strict set of security requirements pertaining to the manner in which the data is accessed, shared, transmitted, stored and destroyed. The security requirements include encryption of all data, both in transit and at rest, and FBI background checks on anyone who accesses the database. The policy applies to anyone with access to the database, including contractors.
The contract amendment proposal recommended by Miller and Santana does not make it clear how Google and CSC failed to comply with those requirements.
In the past however, city officials have not minced words in expressing their frustration over the issue. In a strongly worded notice of deficiencies to CSC last December, LA CTO Randi Levin blasted Google and CSC for repeatedly committing to deadlines for implementing the security requirements but then failing to meet them. At the time, Levin noted that the delays had forced the LAPD to move about 1,900 users who had migrated to Google's new email system back to the old GroupWise platform. The delay also caused the LAPD to postpone its planned migration of 4,000 more users to the new system last October, Levin said.
In April, the Los Angeles Times reported that the city was considering suing Google and CSC over their delay in implementing the CJIS security requirements, which both companies had agreed to implement previously.
Google maintains that the LAPD's security requirements were never part of the original contract. The company claims that the security requirements were introduced only after the migration to Google Apps was well underway at LA. According to the company, CJIS requirements are incompatible with cloud computing environments, and therefore present a unique challenge not just for Google but any cloud vendor attempting to migrate a law enforcement system to the cloud.
- Enterprises increasingly look to the private cloud
- Without the cloud, Microsoft may lose grasp on the enterprise
- How the cloud can make IT shops more innovative
- Business users bypass IT and go rogue to the cloud
- HP looks to ease enterprise IT cloud fears
- Afraid of the cloud? How to handle your fears
- 5 reasons why Google can catch Amazon in the cloud
- Public cloud market ready for 'hypergrowth' period
- Cloud security concerns are overblown, experts say
- Cloud computing 2014: Moving to a zero-trust security model
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- 5 Hybrid Cloud Starting Points Did you know that more than 50% of organizations are already using or planning a move to hybrid cloud?
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Cloud Computing White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!