Welcome!

Government Cloud Authors: Elizabeth White, Liz McMillan, Pat Romanski, Dana Gardner, Gopala Krishna Behara

Related Topics: Agile Computing, @CloudExpo, Government Cloud

Agile Computing: Blog Post

LA City Cloud Computing Update

The L.A. Cloud Debate

Since the July 24th entry, Cloud Concerns Over Los Angeles, I have continued to monitor closely LA City’s decision to migrate to a cloud computing environment.  As myriad organizations (e.g., Cloud Security Alliance, NIST, etc.) race to understand cloud computing risks, I continue to be baffled by LA City’s “Damn the torpedoes!” approach.

Throughout LA’s decision making process, various stakeholders have raised concerns about cloud security and privacy risks.  As the City Council sought to address these concerns, I had hoped to see LA transparently address how its cloud service providers would secure LA citizens’ sensitive information.

So far, it’s been a major disappointment.

To its credit, the City held an August 11th hearing to answer a number of pressing security questions.  In this regard, the City’s Information Technology Agency (ITA) General Manager, Randi Levin, thankfully offered “to clear up a few misconceptions.”  Unfortunately, Ms. Levin’s bumper-stickeresque testimony did little more than assert without any evidence that:

1)      Google’s security is better than LA’s; and

2)      Cloud computing is safe.

Unbelievably, Ms. Levin failed to disclose to the City Council any of the proven security vulnerabilities associated with cloud-based architectures (https://www.isecpartners.com/files/Cloud.BlackHat2009-iSEC.pdf).

On October 7th, the City’s Administrative Officer, Miguel Santana, released a final memo (http://clkrep.lacity.org/onlinedocs/2009/09-1714_rpt_cao_10-7-09.pdf) to highlight the changes that had occurred since the August 11th hearing.  Mr. Santana offered, “Google has announced a new proposal for protecting sensitive government data that is consistent with the approach preferred by the Police Department …”   The announcement that Santana is referring to is Google’s “Gov Cloud.”

To be clear, “Gov Cloud” represents an untested service that Google hopes will satisfy the immediate compliance needs of Federal government customers (the security controls remain unspecified).  Most importantly, it is not even scheduled to be operational until sometime next year.

At an October 19th hearing, Dave Girouard, President of Google Enterprise, further elaborated that Google intends for all government employees across the United States to “run inside what has been referred to as the government cloud”.  Unfortunately, Google’s vision only exacerbates current concerns that LA would not be able to effectively protect its citizens’ information from disclosure to other U.S. jurisdictions.

Of course, I realize that Ms. Levin, et. al., are still “selling” to the LA City Council.  But, at some point during this process at least one of them should have been able to offer a modicum of security insight to enable the City Council to make a fully-educated decision.

The fact is that the cloud is fraught with a number of uncertainties distinct to cloud architectures.  These uncertainties are different than with traditional computing models – scale, homogeneity, and opacity introduce new risks that information technologists are just now sorting out.

So, it’s not surprising that LA City stakeholders don’t fully understand these risks.  However, with so many unanswered questions, one has to ask – why on earth is LA still moving forward?

Read the original blog entry...

More Stories By Richard Gordon

Rick Gordon is an expert on security technology, business strategy and early-stage finance. Prior to joining the firm, Mr. Gordon was a senior consultant with The O'Gara Company, a strategic consulting firm that advised large systems integrators and emerging technology companies on the homeland security market. In this role, he managed several large company accounts and developed a comprehensive investment strategy for the homeland security market. Previously, he served as CEO of Tovaris, a specialized encryption software development company, where he was responsible for raising the company's initial investment capital and developing critical relationships with key strategic partners in the information security industry. Mr. Gordon was also a technology investment banker at Bear, Stearns & Co., serving many emerging technology companies and participating in several technology initial public offerings.

Mr. Gordon has also served as a submarine officer in the U.S. Navy. He received his MBA from The Darden School at the University of Virginia and his BS in Engineering with Merit from the U.S. Naval Academy.

IoT & Smart Cities Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the competition, or worse, just keep up. Each new opportunity, whether embracing machine learning, IoT, or a cloud migration, seems to bring new development, deployment, and management models. The results are more diverse and federated computing models than any time in our history.
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
The standardization of container runtimes and images has sparked the creation of an almost overwhelming number of new open source projects that build on and otherwise work with these specifications. Of course, there's Kubernetes, which orchestrates and manages collections of containers. It was one of the first and best-known examples of projects that make containers truly useful for production use. However, more recently, the container ecosystem has truly exploded. A service mesh like Istio addr...
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Charles Araujo is an industry analyst, internationally recognized authority on the Digital Enterprise and author of The Quantum Age of IT: Why Everything You Know About IT is About to Change. As Principal Analyst with Intellyx, he writes, speaks and advises organizations on how to navigate through this time of disruption. He is also the founder of The Institute for Digital Transformation and a sought after keynote speaker. He has been a regular contributor to both InformationWeek and CIO Insight...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...