LAPD retreats from the cloud
Security measures inadequate for police email and documents
A little over a year ago, we reported the bold decision of the City of Los Angeles to move much of its internal communications and records structure to “the cloud,” namely, Google Apps. This decision portended what many viewed as a trend away from software and data residing on a local computer or server and toward storing this information on a distant, though accessible, server. That trend may still be valid, but not in Los Angeles. Well, now LAPD is going back to its old Novell email network.
Novell has been around a long time, predating widespread use of the Internet to the era where email systems were internal to the organization that owned them. You could send email to your coworker, but not your buddy from high school (unless he happened to be your coworker, of course). Novell systems are now rare because they are viewed by many as arcane. You can be expert in the mechanics of a typical corporate computer network, and be baffled by the mysteries of Novell. There is also some acclimation required for users switching to or from a Novell network, but most LAPD users have been on Novell for years and it’s familiar to them.
The primary reason LAPD cited for the move back to Novell was that the security structure of Google Apps didn’t meet the federally-mandated requirements LAPD is bound by. It’s not clear exactly where LAPD felt Google was short, but it’s interesting to note that a competing cloud-based service, Microsoft’s Office 365, lost customers in the European Union (EU) because of requirements in the PATRIOT Act. The PATRIOT Act mandates that the U.S. government have access to information stored on U.S.-based cloud servers. This didn’t sit well with some European governments and corporations who don’t believe the U.S. government has any business looking at their data. Microsoft has countered the PATRIOT Act problem with the Office 365 Trust Center, which presumably moves EU data to servers not located in the United States.
Moving your organization’s email and stored documents to a cloud server can save a lot of money. Companies offering cloud storage and applications maintain huge multiple server farms, usually dispersed widely to avoid a single point of failure in the event a disaster knocks one offline. Company A’s data might normally live on a Google server outside of The Dalles (Ore.), which is conveniently located adjacent to a hydroelectric dam (as these places have massive power requirements), and be backed up on another farm in Reston (Va.). If Godzilla steps on the facility in Oregon, operations automatically switch to Virginia. Users might not even notice.
Expensive as they are to build and run, it’s still cheaper to rent space on a server farm than it is to maintain your own, especially if the mission requires redundancy in the form of a duplicate data center to back up the first one.
The stories of data security breaches that seem to come up weekly might lead one to believe that security in the cloud is severely lacking. On the whole, this isn’t true. Banks and other financial services companies conduct most of their business electronically, and encourage their customers to do likewise, charging fees to visit a teller window or use paper checks instead of electronic payments. The problem, simply stated, is that any security system that an authorized person can access can be penetrated by an unauthorized person with the right information and enough time. Large organizations like Google can hire the top security people in the field and have them constantly inspecting and improving their security measures; the typical customer makes this a collateral duty of their IT guy.
Moving data and applications to the cloud can save money on hardware, too. The conventional personal computer has to have storage in the form of a hard drive or solid-state drive to hold program code and data. When the organization needs to update software, it usually requires a tech to personally visit each machine or connect to it remotely to install the new programs.
If you have five computers, that’s an afternoon. If you have 500, that’s February and March. Computers that have no local storage and rely on a server for both programs and data are sometimes called “thin clients.” They don’t need hard drives, and since the software resides in one place, an upgrade is very fast. Thin clients were the Next Big Thing about ten years ago, but didn’t catch on. Now that network capacity and throughput has grown dramatically, the thin client’s day may come again.