OK I am  recharged and back from a great vacation, but the cloud did not shut down while I was away (I guess that is a good thing). There was a bit of controversy last week over the fact that the much ballyhooed Google-CSC project to move the City of LA to the cloud was delayed. The delay could cost Google and their partner CSC significant dollars due to promised deadlines being missed.  No one likes to miss deadlines, but I think reading between the lines the screaming headlines of “security issues force delays” are not necessarily true either.

Reading some of the these headlines you would think there were bonafide security issues that forced this project to run aground.  However, like much of the hype around cloud security, on closer observation, it may not have been true security issues which caused this delay.

According to what I have read there were several reasons why this project missed its deadline:

1. Some delivery issues around Google email which is part of the Google Apps deliverable in the project. Meaning that the mail was not evidently being delivered in a timely matter. Not a security issue at all.

2. Technical issues some created by the City of LA, others by Google and CSC.

3. Background checks on all Google employees who could have access to sensitive data. While this is certainly a security issue, it is not just a cloud issue, but instead SOP for any type of deployment of sensitive data storage.

4. New issues around data encryption and segregation that were raised after the initial requirements were set. Again reading between the lines, it would appear that that California Dept of Justice and the LA Police department came in after the fact and decided that they wanted to see more information on how the data stored in the cloud is encrypted and segregated.   This type of after scoping feature creep has derailed many a project before this, cloud or no cloud.

It is also important to remember that by the city of LA’s own admission, Google has delivered on everything they had promised to on time. This is what one article said, “The source added that so far Google has delivered the features and functions promised and has fulfilled the security requirements outlined at the project’s inception.”

So before we see the everyone run out and start using the Google/City of LA case as an example of the the cloud not being secure or a reason not to move to the cloud, take a good hard look at the facts.  It may be just a case of putting the cloud security bogeyman back in the box.

Enhanced by Zemanta

Previous post:

Next post: