Local Government Goes Google

Local Government
Goes Google
Brig Otis, IT Security

Office of Information Technology

Introduction
• In October 2010 Multnomah County
October, 2010,
migrated over 3,600 county employees to
Google Apps Government Edition
Edition.
• One of the first local governments
nationwide to use cloud based email and
cloud-based
calendaring services.


Introduction
• Brig Otis IT Security
Otis,
• Dan Cole, Project Manager
• St Johnson, Infrastructure Manager
Stan J h I f t t M


Agenda
• Why Google?
• Implementation Team
• Vendor Management
V d M t
• Implementation Considerations
• End Users
• Migration
• Support Plan


Why Google?
• Budget Shortfalls
• Growing Demand for IT Services
• A i E t
Aging Enterprise E il S t
i Email System


Implementation Team
• Core Team
– PM plus Subteam Leaders
• Subteams
– Technical
–CCommunications
– Security
– Training
– Contracting


Implementation Team
• End Users (county employees)
• Cloud Service Team
• S t
System Integrator
I t t

• Technical Steering Committee


Implementation Team
• Security Considerations
– Representation
– Core and Subteam communications
– System Integrator
• Responsibilities
• Product/Service Maturity
• Cryptographic controls
• Development and Support Processes
• Change Control


Vendor Management
• Contracting
– References to dynamic policies at URLs
– SLA
• DR
– Exit strategy
• Data Escrow
• Ownership
– Data Classification (yours; not theirs)
• Encryption
yp


Vendor Management
• Contracting
– Change Management
• Musical Features
– Provider Certification
• Understand the certification (the package)
• Does not certify your use of the service
– Example: Sharing of Google Objects


Vendor Management
• Advanced Planning
– Time
– Get the actual support team involved
– Project management methodology

– Unauthorized access
– Breach of confidentiality
– Laws and regulations


Implementation Considerations
• Paradigm Shift
– Control Set (technical controls)
• Built-in
• Design yourself
– Organizational Policy (administrative controls)
– Refresh organizational consciousness


• Fit With Existing Technology
– Authentication/Authorization Mechanisms
– Dual Delivery
– Internet Connectivity
– Endpoints (including Mobile Devices)
– Directory Services
• Wh t to expose / how?
What t h ?
– MCSO free/busy calendar synchronization


• Fit With Technology Roadmap
– Mobile Strategy
– Identity Management
– Other Cloud Services
– Network Convergence


• Fit With Existing Processes
– Basic Account Management
• Integration with HR/Payroll
– Work Unit Communications
– Shared Calendars
– Shared Inboxes


• Fit With Existing Processes
– Security Considerations
• Identity lifecycle issues
– accounts
– inboxes
– calendars
– other cloud-based objects and artifacts
• Data in Transit
– TLS / Encryption
• Confidentiality and Availability (user-managed content)
• Unauthorized Access due to sharing


• Fit With Culture
– What is the nature of the data?
– How information systems are used
(information handling)
– Security Policy governing use of Google Apps


End Users
• Security Responsibilities are Increased
• Awareness Training
• C
County D
t Departmental Policy
t t l P li
– Departmental Business Processes
• End User/Department Security Concerns
– Portable Media
– Operations - Patch Management
– Economies of Scale


Migration
• Phase: Pilot Program
• Early adopters running too far too fast
– Including Privileged Users (Admins)
• Representation of Security and other IT leaders in
the Pilot


Migration
• Phase: Planning/Preparation
– Communications (time to overcommunicate)
– Training (classes using the SAaS)
– Support
• Self help
Self-help
• Google Guides - Staff & Googlers
• Core Team
– Load Testing


Migration
• Phase: Planning/Preparation
– Awareness Training
– Consistent Organizational Message
– Accurate Responses
– Accidental Deletion of Data
– Old thinking; new Process Issues
g;
– How much Analysis is Enough?
– Dialog with Other Departments ( )
g p (fit)


Migration
• Phase: Dress Rehearsal
• Phase: Big Move
–S
Security Considerations
it C id ti
• Unplanned ISP outage
• Out of band communications
• Phase: Decommission


Support Plan
• Service Administration
– All or Nothing
– Google Apps Marketplace - abstract the
admin layer
– Who to Trust?
• Trust But Verify model
– Does not impede work
– Provides an audit trail
– In active state, it monitors for privileged rights use
– User Inboxes (Postini)


Support Plan
• Service Administration
• Privileged Access
– Confidentiality
– Availability of Systems
• Email archives available to admins?
– Unauthorized (unintended) access
• Transparency
– Admin Activity
– User Activity


Support Plan
• Account Administration
– Integration with Directory Services
• GAL
• Accounts
• Groups
p
– License Limitations
– User Terminations (end-of-life)
(end of life)
• Transference of Google Artifacts


Support Plan
• Account Administration
• Accidental deletion of data
• Account sharing
• Transparency
p y


Support Plan
• Customization and Automation
– Have programming support available
• Technical Control Set
• APIs
– Your organization is unique
• No cloud service is a universal answer
– You will customize
– Your organization will change


Questions


Local Government Goes Google

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Local Government Goes Google

Ähnlich wie Local Government Goes Google (20)

Mehr von InnoTech

Mehr von InnoTech (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Local Government Goes Google