Local Government Goes Google

Local Government Goes Google Brig Otis, IT Security Office of Information Technology

Introduction• In October 2010 Multnomah County October, 2010, migrated over 3,600 county employees to Google Apps Government Edition Edition.• One of the first local governments nationwide to use cloud based email and cloud-based calendaring services.Office of Information Technology

Introduction• Brig Otis IT Security Otis,• Dan Cole, Project Manager• St Johnson, Infrastructure Manager Stan J h I f t t MOffice of Information Technology

Agenda• Why Google?• Implementation Team• Vendor Management V d M t• Implementation Considerations• End Users• Migration• Support PlanOffice of Information Technology

Why Google?• Budget Shortfalls• Growing Demand for IT Services• A i E t Aging Enterprise E il S t i Email SystemOffice of Information Technology

Implementation Team• Core Team – PM plus Subteam Leaders• Subteams – Technical –CCommunications – Security – Training – ContractingOffice of Information Technology

Implementation Team• End Users (county employees)• Cloud Service Team• S t System Integrator I t t• Technical Steering CommitteeOffice of Information Technology

Implementation Team• Security Considerations – Representation – Core and Subteam communications – System Integrator • Responsibilities • Product/Service Maturity • Cryptographic controls • Development and Support Processes • Change ControlOffice of Information Technology

Vendor Management• Contracting – References to dynamic policies at URLs – SLA • DR – Exit strategy • Data Escrow • Ownership – Data Classification (yours; not theirs) • Encryption ypOffice of Information Technology

Vendor Management• Contracting – Change Management • Musical Features – Provider Certification • Understand the certification (the package) • Does not certify your use of the service – Example: Sharing of Google ObjectsOffice of Information Technology

Vendor Management• Advanced Planning – Time – Get the actual support team involved – Project management methodology• Security Considerations – Unauthorized access – Breach of confidentiality – Laws and regulationsOffice of Information Technology

Implementation Considerations• Paradigm Shift – Control Set (technical controls) • Built-in • Design yourself – Organizational Policy (administrative controls) – Refresh organizational consciousnessOffice of Information Technology

Implementation Considerations• Fit With Existing Technology – Authentication/Authorization Mechanisms – Dual Delivery – Internet Connectivity – Endpoints (including Mobile Devices) – Directory Services • Wh t to expose / how? What t h ? – MCSO free/busy calendar synchronizationOffice of Information Technology

Implementation Considerations• Fit With Technology Roadmap – Mobile Strategy – Identity Management – Other Cloud Services – Network ConvergenceOffice of Information Technology

Implementation Considerations• Fit With Existing Processes – Basic Account Management • Integration with HR/Payroll – Work Unit Communications – Shared Calendars – Shared InboxesOffice of Information Technology

Implementation Considerations• Fit With Existing Processes – Security Considerations • Identity lifecycle issues – accounts – inboxes – calendars – other cloud-based objects and artifacts • Data in Transit – TLS / Encryption • Confidentiality and Availability (user-managed content) • Unauthorized Access due to sharingOffice of Information Technology

Implementation Considerations• Fit With Culture – What is the nature of the data? – How information systems are used (information handling) – Security Policy governing use of Google AppsOffice of Information Technology

End Users• Security Responsibilities are Increased• Awareness Training• C County D t Departmental Policy t t l P li – Departmental Business Processes• End User/Department Security Concerns – Portable Media – Operations - Patch Management – Economies of ScaleOffice of Information Technology

Migration• Phase: Pilot Program – Security Considerations • Early adopters running too far too fast – Including Privileged Users (Admins) • Representation of Security and other IT leaders in the PilotOffice of Information Technology

Migration• Phase: Planning/Preparation – Communications (time to overcommunicate) – Training (classes using the SAaS) – Support • Self help Self-help • Google Guides - Staff & Googlers • Core Team – Load TestingOffice of Information Technology

Migration• Phase: Planning/Preparation• Security Considerations – Awareness Training – Consistent Organizational Message – Accurate Responses – Accidental Deletion of Data – Old thinking; new Process Issues g; – How much Analysis is Enough? – Dialog with Other Departments ( ) g p (fit)Office of Information Technology

Migration• Phase: Dress Rehearsal• Phase: Big Move –S Security Considerations it C id ti • Unplanned ISP outage • Out of band communications• Phase: DecommissionOffice of Information Technology

Support Plan• Service Administration – All or Nothing – Google Apps Marketplace - abstract the admin layer – Who to Trust? • Trust But Verify model – Does not impede work – Provides an audit trail – In active state, it monitors for privileged rights use – User Inboxes (Postini)Office of Information Technology

Support Plan• Service Administration – Security Considerations • Privileged Access – Confidentiality – Availability of Systems • Email archives available to admins? – Unauthorized (unintended) access • Transparency – Admin Activity – User ActivityOffice of Information Technology

Support Plan• Account Administration – Integration with Directory Services • GAL • Accounts • Groups p – License Limitations – User Terminations (end-of-life) (end of life) • Transference of Google ArtifactsOffice of Information Technology

Support Plan• Account Administration – Security Considerations • Accidental deletion of data • Account sharing • Transparency p yOffice of Information Technology

Support Plan• Customization and Automation – Have programming support available • Technical Control Set • APIs – Your organization is unique • No cloud service is a universal answer – You will customize – Your organization will changeOffice of Information Technology

QuestionsOffice of Information Technology

Local Government Goes Google

by InnoTech on Apr 26, 2011

Accessibility

Categories

Upload Details

Usage Rights

Statistics

Local Government Goes Google Presentation Transcript