By Rick Gordon
Since the July 24th entry, Cloud Concerns Over Los Angeles, I have continued to monitor closely LA City’s decision to migrate to a cloud computing environment. As myriad organizations (e.g., Cloud Security Alliance, NIST, etc.) race to understand cloud computing risks, I continue to be baffled by LA City’s “Damn the torpedoes!” approach.
Throughout LA’s decision making process, various stakeholders have raised concerns about cloud security and privacy risks. As the City Council sought to address these concerns, I had hoped to see LA transparently address how its cloud service providers would secure LA citizens’ sensitive information.
So far, it’s been a major disappointment.
To its credit, the City held an August 11th hearing to answer a number of pressing security questions. In this regard, the City’s Information Technology Agency (ITA) General Manager, Randi Levin, thankfully offered “to clear up a few misconceptions.” Unfortunately, Ms. Levin’s bumper-stickeresque testimony did little more than assert without any evidence that:
1) Google’s security is better than LA’s; and
2) Cloud computing is safe.
Unbelievably, Ms. Levin failed to disclose to the City Council any of the proven security vulnerabilities associated with cloud-based architectures (https://www.isecpartners.com/files/Cloud.BlackHat2009-iSEC.pdf).
On October 7th, the City’s Administrative Officer, Miguel Santana, released a final memo (http://clkrep.lacity.org/onlinedocs/2009/09-1714_rpt_cao_10-7-09.pdf) to highlight the changes that had occurred since the August 11th hearing. Mr. Santana offered, “Google has announced a new proposal for protecting sensitive government data that is consistent with the approach preferred by the Police Department …” The announcement that Santana is referring to is Google’s “Gov Cloud.”
To be clear, “Gov Cloud” represents an untested service that Google hopes will satisfy the immediate compliance needs of Federal government customers (the security controls remain unspecified). Most importantly, it is not even scheduled to be operational until sometime next year.
At an October 19th hearing, Dave Girouard, President of Google Enterprise, further elaborated that Google intends for all government employees across the United States to “run inside what has been referred to as the government cloud”. Unfortunately, Google’s vision only exacerbates current concerns that LA would not be able to effectively protect its citizens’ information from disclosure to other U.S. jurisdictions.
Of course, I realize that Ms. Levin, et. al., are still “selling” to the LA City Council. But, at some point during this process at least one of them should have been able to offer a modicum of security insight to enable the City Council to make a fully-educated decision.
The fact is that the cloud is fraught with a number of uncertainties distinct to cloud architectures. These uncertainties are different than with traditional computing models – scale, homogeneity, and opacity introduce new risks that information technologists are just now sorting out.
So, it’s not surprising that LA City stakeholders don’t fully understand these risks. However, with so many unanswered questions, one has to ask – why on earth is LA still moving forward?