Thursday, April 10, 2008

Re: pros/cons of Gmail/GoogleApps solution (UNCLASSIFIED)

Classification: UNCLASSIFIED=20
Caveats: NONE

Any hosted solution, and Google's in particular(as opposed to a
dedicated hosting of an Exchange box), presents a number of risks. I
myself, have warned of some of those risks as they relate to enforcing
data retention policies, interaction with law enforcement, etc.

But just because something has risk does not mean that the benefits do
not outweigh the risks. Often legal, regulatory, and privacy issues are
a source of big FUD (Fear Uncertainty and Doubt) in school IT because
there is often a hazy understanding of the risks and consequences.

The school I work with now does not have a strong IT infrastructure.
They are at far greater risk of physical loss (due to equipment failure
and poor backups), compromised network security (from within and
without), and they cannot afford to purchase the functionality that
Google Apps will provide (e.g. web based calendars that can be internal
or external). I believe that Google's mitigation of these risks and
other benefits far exceed any potential liability and to some degree
(i.e. if there is a large data breach based on hacking to Google) Google
provides a shield. Circumstances could easily change (e.g. they hire a
full-time IT person) and my opinion would follow.

In terms of risk based on privacy and Google's scanning you can trust
that the legal, regulatory, and contractual protections are sufficient,
or they are not. In my opinion those privacy risks are largely based on
unknowns and that makes them more FUD than risks I can calculate against
and present to a board as part of a cost-benefit analysis. Go too far
down that road and it becomes pretty dystopian, pretty fast:
http://www.radaronline.com/from-the-magazine/2007/09/google_fiction_evil
_dangerous_surveillance_control_1.php =20

If you are already experiencing problems that are large enough to drive
users to non-school account for school vendors, I believe you are
already at far greater risk than you would be with Google apps. But
again, the details of each situation make all the difference.

_J
___________________________________

Jason Johnson - Program Director
Web Services Branch - Walter Reed Army Medical Center Ingenium (ISO
9001:2000 certified)
Office: 202-782-1047
Cell: 202-262-0516
jason.johnson@ingenium.net
jason.p.johnson2@us.army.mil=20

Classification: UNCLASSIFIED=20
Caveats: NONE

[ For info on ISED-L see http://www.gds.org/ISED-L ]
Submissions to ISED-L are released under a creative commons, attribution, non-commercial, share-alike license.
RSS Feed, http://listserv.syr.edu/scripts/wa.exe?RSS&L=3DISED-L