In October 2010, Multnomah County migrated over 3,600 employees to Google Apps Government Edition, making it one of the first local governments to use cloud-based email and calendaring services. The implementation team was led by a project manager and included subteams for technical issues, communications, security, training, and contracting. Migration occurred in phases including a pilot program, planning, dress rehearsal, and going live. Ongoing support involves account administration integrated with directory services, customization, and consideration of security issues around privileged access, transparency, and accidental data deletion.
Driving Behavioral Change for Information Management through Data-Driven Gree...
Local Government Goes Google
1. Local Government
Goes Google
Brig Otis, IT Security
Office of Information Technology
2. Introduction
• In October 2010 Multnomah County
October, 2010,
migrated over 3,600 county employees to
Google Apps Government Edition
Edition.
• One of the first local governments
nationwide to use cloud based email and
cloud-based
calendaring services.
Office of Information Technology
3. Introduction
• Brig Otis IT Security
Otis,
• Dan Cole, Project Manager
• St Johnson, Infrastructure Manager
Stan J h I f t t M
Office of Information Technology
4. Agenda
• Why Google?
• Implementation Team
• Vendor Management
V d M t
• Implementation Considerations
• End Users
• Migration
• Support Plan
Office of Information Technology
5. Why Google?
• Budget Shortfalls
• Growing Demand for IT Services
• A i E t
Aging Enterprise E il S t
i Email System
Office of Information Technology
6. Implementation Team
• Core Team
– PM plus Subteam Leaders
• Subteams
– Technical
–CCommunications
– Security
– Training
– Contracting
Office of Information Technology
7. Implementation Team
• End Users (county employees)
• Cloud Service Team
• S t
System Integrator
I t t
• Technical Steering Committee
Office of Information Technology
8. Implementation Team
• Security Considerations
– Representation
– Core and Subteam communications
– System Integrator
• Responsibilities
• Product/Service Maturity
• Cryptographic controls
• Development and Support Processes
• Change Control
Office of Information Technology
9. Vendor Management
• Contracting
– References to dynamic policies at URLs
– SLA
• DR
– Exit strategy
• Data Escrow
• Ownership
– Data Classification (yours; not theirs)
• Encryption
yp
Office of Information Technology
10. Vendor Management
• Contracting
– Change Management
• Musical Features
– Provider Certification
• Understand the certification (the package)
• Does not certify your use of the service
– Example: Sharing of Google Objects
Office of Information Technology
11. Vendor Management
• Advanced Planning
– Time
– Get the actual support team involved
– Project management methodology
• Security Considerations
– Unauthorized access
– Breach of confidentiality
– Laws and regulations
Office of Information Technology
12. Implementation Considerations
• Paradigm Shift
– Control Set (technical controls)
• Built-in
• Design yourself
– Organizational Policy (administrative controls)
– Refresh organizational consciousness
Office of Information Technology
13. Implementation Considerations
• Fit With Existing Technology
– Authentication/Authorization Mechanisms
– Dual Delivery
– Internet Connectivity
– Endpoints (including Mobile Devices)
– Directory Services
• Wh t to expose / how?
What t h ?
– MCSO free/busy calendar synchronization
Office of Information Technology
14. Implementation Considerations
• Fit With Technology Roadmap
– Mobile Strategy
– Identity Management
– Other Cloud Services
– Network Convergence
Office of Information Technology
15. Implementation Considerations
• Fit With Existing Processes
– Basic Account Management
• Integration with HR/Payroll
– Work Unit Communications
– Shared Calendars
– Shared Inboxes
Office of Information Technology
16. Implementation Considerations
• Fit With Existing Processes
– Security Considerations
• Identity lifecycle issues
– accounts
– inboxes
– calendars
– other cloud-based objects and artifacts
• Data in Transit
– TLS / Encryption
• Confidentiality and Availability (user-managed content)
• Unauthorized Access due to sharing
Office of Information Technology
17. Implementation Considerations
• Fit With Culture
– What is the nature of the data?
– How information systems are used
(information handling)
– Security Policy governing use of Google Apps
Office of Information Technology
18. End Users
• Security Responsibilities are Increased
• Awareness Training
• C
County D
t Departmental Policy
t t l P li
– Departmental Business Processes
• End User/Department Security Concerns
– Portable Media
– Operations - Patch Management
– Economies of Scale
Office of Information Technology
19. Migration
• Phase: Pilot Program
– Security Considerations
• Early adopters running too far too fast
– Including Privileged Users (Admins)
• Representation of Security and other IT leaders in
the Pilot
Office of Information Technology
20. Migration
• Phase: Planning/Preparation
– Communications (time to overcommunicate)
– Training (classes using the SAaS)
– Support
• Self help
Self-help
• Google Guides - Staff & Googlers
• Core Team
– Load Testing
Office of Information Technology
21. Migration
• Phase: Planning/Preparation
• Security Considerations
– Awareness Training
– Consistent Organizational Message
– Accurate Responses
– Accidental Deletion of Data
– Old thinking; new Process Issues
g;
– How much Analysis is Enough?
– Dialog with Other Departments ( )
g p (fit)
Office of Information Technology
22. Migration
• Phase: Dress Rehearsal
• Phase: Big Move
–S
Security Considerations
it C id ti
• Unplanned ISP outage
• Out of band communications
• Phase: Decommission
Office of Information Technology
23. Support Plan
• Service Administration
– All or Nothing
– Google Apps Marketplace - abstract the
admin layer
– Who to Trust?
• Trust But Verify model
– Does not impede work
– Provides an audit trail
– In active state, it monitors for privileged rights use
– User Inboxes (Postini)
Office of Information Technology
24. Support Plan
• Service Administration
– Security Considerations
• Privileged Access
– Confidentiality
– Availability of Systems
• Email archives available to admins?
– Unauthorized (unintended) access
• Transparency
– Admin Activity
– User Activity
Office of Information Technology
25. Support Plan
• Account Administration
– Integration with Directory Services
• GAL
• Accounts
• Groups
p
– License Limitations
– User Terminations (end-of-life)
(end of life)
• Transference of Google Artifacts
Office of Information Technology
26. Support Plan
• Account Administration
– Security Considerations
• Accidental deletion of data
• Account sharing
• Transparency
p y
Office of Information Technology
27. Support Plan
• Customization and Automation
– Have programming support available
• Technical Control Set
• APIs
– Your organization is unique
• No cloud service is a universal answer
– You will customize
– Your organization will change
Office of Information Technology