Google Apps: Are privacy and security concerns being misplaced by the media?
Since mid-July there have been several stories surrounding the city of Los Angeles and its potential move to Google Apps. Some say this proposed move is a bad idea, citing security and privacy concerns. However, some of the reasoning for the fear over L.A.’s move to Google seems to hinge on moot points, especially when Twitter is listed as the main security example.
On Tuesday, the Los Angeles City Council will host a special meeting, during which it will discuss a proposal to move the city’s e-mail and office applications from Novell and Microsoft Office over to Google Apps. Novell has offered a discount of 10 percent if L.A. renews its existing contract for e-mail services.
If all goes according to plan, 30,000 City of Los Angeles employees will move to Google Apps, but, if the Los Angeles Police Department (LAPD) opts out of the deal, that number will shrink to around 17,000. However, to Google, this is still a multi-million dollar deal.
The city's move to Google is expected to cost $7.25 million USD and come with a three-year contract and two single-year renewal options, according to a report from an Office of the City administrative officer.
The total five-year cost is expected to be around $8.31 million USD. The move would show a “hard dollar” budget saving of $6.25 million USD over the five years, the report said. The move would also up six city IT employees who would otherwise focus solely on e-mail.
An interesting aside from the report is that moving to Google, which would end relations with Microsoft on some level, could be paid for in part by a 2006 class action anti-trust settlement the city entered into with the American software titan. The legal settlement is worth some $1.5 million USD, which amounts to the bulk of the first year of operating and implementation costs for the move. The report said it will cost $1.9 million USD the first year, with a six-month implementation plan.
The report also mentioned that because city employees and administrators consider Microsoft Office more robust, and the features offered are heavily relied upon, up to 20 percent of City employees might continue using Office. So, while they would have the document features of Apps available, not everyone might use them. However, an 80 percent reduction in licensing fees is still a saving.
When news of the potential move to Google got out, Google said it was excited that Los Angeles was joining other cities like Washington, D.C. and Seattle, both of which are using Google Apps.
Washington, D.C. is the first major city to adopt the $50 USD per-user yearly SaaS service from Google. Seattle uses Message Security for e-mail, which comes courtesy of Postini.
"Hosted software is designed to be extremely reliable, safe, and secure,” a Google spokesperson said in an e-mail at the time.
Not everyone agrees, however. Based on the collection of letters, many people, experts and citizens alike, are skeptical -- at best -- about the proposed move.
The World Privacy Forum (WPF) sent a letter on July 16, expressing “concerns and questions” about the possible shift to cloud-based computing offered by Google. The WPF is “neither for nor against” cloud-based operations, its main concerns are with the “privacy and implications of cloud computing,” the letter said.
“Our concern is that the transfer of so many City records to a cloud computing provider may threaten the privacy rights of City residents, undermine the security of other sensitive information, violate both state and federal laws, and potentially damage vital City legal and other interests,” read the conclusion of the WPF’s letter.
Beth Givens, Director for the Privacy Rights Clearinghouse, wrote to the members of the L.A. City Council on July 20 and asked, “if enough is yet known about the privacy, security, and confidentiality of personal information in a cloud environment?”
The letter included two concepts Givens proposed when analyzing the proposal. One is stewardship regarding “...the responsibility of the City to ensure that personal information it collects, holds, analyzes, merges with other information, and disseminates is fully protected from illegitimate access and uses.”
The other concept recommended is, “...that the City consider a rigorous privacy and security impact assessment about the cloud computing proposal. This process would include a thorough risk analysis.”
One citizen, Joyce Dillard, asked: “You have got to be kidding. In the second largest city in the country, you choose to go with Google???”
Dillard said the City should be responsible and keep its own records and have proper back-up systems. “Maybe one day, the City may operate as a unit instead of fractionalized departments with the leadership expecting the Citizen to suffer the consequences of increased fees and taxes due to the tomfoolery of the politicians,” she advised.
John M. Simpson of Consumer Watchdog expressed his concern with the move to Google by pointing to recent security news related to Google Apps. On July 21, he wrote: “Only last week we learned that confidential corporate documents from the Internet company Twitter were accessed by someone hacking into Google’s servers.”
“Before jumping into the Google deal, [the] City Council needs to insist on appropriate guarantees -- for instance substantial financial penalties in the event of any security breach. Instead of committing the City’s entire 30,000 users to Google immediately, there should be a trial and thorough assessment in only one or two departments. Rushing headlong onto Google’s cloud will only ensure stormy weather in Los Angeles,” Simpson said.
Paul M. Weber of the L.A. Police Protective League, said: “The League is very concerned about records being housed on computer networks outside of the city. Our concerns are well-founded and understandable, given that government and corporate computer network breaches have become more prevalent over the past several years. Just recently, Twitter acknowledged that hackers were able to access confidential information stored with Google.”
According to related reports by the Associated Press (AP), Weber added that: “Any time you go to a Web-based system, that puts you just a little further out than you were before. Drug cartels would pay any sum of money to be aware of our progress on investigations.”
City Councilman Tony Cardenas is quoted by the AP as commenting that the committee has a “laundry list of questions that need to be answered” during Tuesday’s meeting.
“While legitimate concerns have been raised by LAPD and the City Attorney's Office because of the nature of their work, we must find a solution that meets everyone's needs. We can't say we are a first-class city and keep the same antiquated communication systems,” Cardenas said in a statement to the AP.
Matt Glotzbach, director of product management for Google's enterprise group, is quoted as saying that there is “a lot of misinformation out there and our competitors who did not get selected may have had a part in spreading this misinformation.”
There is no proof that one of the 15 vendors who submitted bids to the City of Los Angeles is behind any sort of public attack, however some press reports mention the risk to the LAPD if it was to merge its databases with Google’s SaaS offering.
The likely option is that the LAPD will maintain its most sensitive information where it currently resides, on Microsoft Access databases. Right now the LAPD uses 1,200 Access databases, and since Google offers no direct migration for Access, it will likely keep that information in place.
Moreover, it is interesting that Twitter is being tossed around as the reason to worry over the City's move to Google Apps. Considering that the Twitter documents hosted on Google’s SaaS platform were compromised as the result of weak passwords and some guessing on the part of Hacker Croll -- who was behind the attack -- what does this say about the IT policy in place on the City’s network?
Are authorities so worried about weak password management they would throw out $6.25 million USD in savings? The six IT people who will be freed up could focus on security and policy enforcement if needed.
It isn’t like Google Apps is without security of its own. As mentioned on The Tech Herald before, Google Apps customers have support for SAML Single Sign On. This allows two-factor authentication, including certificates, smartcards, one-time only generators, and other token devices as well as biometrics. Yet, if they are to do any good, the City of Los Angeles needs to take advantage of them.
Combine the SAML features with strong passwords and proper auditing, and Apps will be just as secure as any other SaaS offering on the market. Proper passwords will also mitigate the recently discussed advisory from ISecAuditors, where they explain that it is possible to circumvent the security measures used by Google that prevent an attacker from using automated password cracking attempts. Still, no SaaS offering provides foolproof security -- there will always be some risk in placing data online.
In the final draft of the SaaS contract, there are four provisions dealing with information security. Section one stands out by detailing that the contractor, Computer Sciences Corp. (CSC), which will implement Google Apps, “...shall be responsible for establishing and maintaining an information security program that is designed to: (i) ensure the security and confidentiality of the Protected Data; (ii) protect against any anticipated threats or hazards to the security or integrity of the Protected Data; (iii) protect against unauthorized access to or use of the Protected Data; (iv) ensure the proper disposal of Protected Data...”
In addition, the City of Los Angeles will have the right of audit, before and at random during the term of the contract. Moreover, CSC will need to perform annual audits, as pointed out in the SaaS contract, where it states that: “No more than annually, [CSC], at its own expense, shall conduct a SAS-70 or equivalent audit of Google’s information security program and provide such audit findings to [The City of Los Angeles] upon formal written request.”
The City of Los Angeles has security measures written into the contract proposal; it knows what it's getting into for the most part, but the pundits and even some of the council members are looking at the wrong side of the coin.
This deal isn’t so much about privacy and security as it is saving the city money, while also taking advantage of technology. The security concerns will need to be addressed by CSC as well as L.A.’s ITA (Information Technology Agency), both with policy enforcement and making sure that the available security offerings from Google Apps are utilized.
The talking points that cloud-based offerings risk privacy and security, or that Google is insecure because of issues related to Twitter, are backwards and misleading. You can risk network security and privacy by designing a network with poor policy implementations, and lax security efforts, all without ever using a single SaaS vendor.
Again, the Twitter issue was related to several factors, and Twitter confirmed that Google Apps was not at fault. In both cases of Hacker Croll attacking Twitter, password management was to blame. Google Apps was involved, but only because that was the platform where the stolen data was hosted.
How is cracking a password on Google Apps any different than cracking a password on Yahoo’s e-mail service to read someone’s mail, a la Sarah Palin?
“Drug cartels would pay any sum of money to be aware of our progress on investigations,” commented Paul M. Weber in relation to this type of problem.
If the cartels were to kidnap, blackmail, or simply force someone to hand over access, then Google couldn’t stop this, no matter how much it would like to claim that it could. The same attack would work on L.A.’s existing network operations using Novell and Microsoft Access, so why the spin?
Google, aside from making a few comments, has remained silent on the issue, letting its service speak for itself. While the media is using this deal as another example to worry over cloud computing and SaaS solutions, the real logistics are missing from those stories -- namely that California is having serious budget issues.
If L.A. can save a few million dollars, as long as it's aware of the security requirements, why shouldn’t the city switch to Google? While it has gone unmentioned during the press coverage of the proposed move to Google Apps, three universities, Pepperdine, LMU, and USC, have each recently moved to Apps. Cost was a factor in those moves as well.
Let the City of Los Angeles pick whatever option is best for its future; after all, that is what the City Council is supposed to do. But stop with the spin and unrelated fear based on Google Apps and other SaaS services, it does no one any good.
[This editorial is the opinion of Steve Ragan and not necessarily those of the staff on The Tech Herald or the Monsters and Critics (M&C) network. Comments can be left below or sent to [email protected]]
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.