Government Cloud Authors: Elizabeth White, Pat Romanski, Dana Gardner, Liz McMillan, Gopala Krishna Behara

Related Topics: Agile Computing, @CloudExpo, Government Cloud

Agile Computing: Blog Post

LA City Cloud Computing Update

The L.A. Cloud Debate

Since the July 24th entry, Cloud Concerns Over Los Angeles, I have continued to monitor closely LA City’s decision to migrate to a cloud computing environment.  As myriad organizations (e.g., Cloud Security Alliance, NIST, etc.) race to understand cloud computing risks, I continue to be baffled by LA City’s “Damn the torpedoes!” approach.

Throughout LA’s decision making process, various stakeholders have raised concerns about cloud security and privacy risks.  As the City Council sought to address these concerns, I had hoped to see LA transparently address how its cloud service providers would secure LA citizens’ sensitive information.

So far, it’s been a major disappointment.

To its credit, the City held an August 11th hearing to answer a number of pressing security questions.  In this regard, the City’s Information Technology Agency (ITA) General Manager, Randi Levin, thankfully offered “to clear up a few misconceptions.”  Unfortunately, Ms. Levin’s bumper-stickeresque testimony did little more than assert without any evidence that:

1)      Google’s security is better than LA’s; and

2)      Cloud computing is safe.

Unbelievably, Ms. Levin failed to disclose to the City Council any of the proven security vulnerabilities associated with cloud-based architectures (https://www.isecpartners.com/files/Cloud.BlackHat2009-iSEC.pdf).

On October 7th, the City’s Administrative Officer, Miguel Santana, released a final memo (http://clkrep.lacity.org/onlinedocs/2009/09-1714_rpt_cao_10-7-09.pdf) to highlight the changes that had occurred since the August 11th hearing.  Mr. Santana offered, “Google has announced a new proposal for protecting sensitive government data that is consistent with the approach preferred by the Police Department …”   The announcement that Santana is referring to is Google’s “Gov Cloud.”

To be clear, “Gov Cloud” represents an untested service that Google hopes will satisfy the immediate compliance needs of Federal government customers (the security controls remain unspecified).  Most importantly, it is not even scheduled to be operational until sometime next year.

At an October 19th hearing, Dave Girouard, President of Google Enterprise, further elaborated that Google intends for all government employees across the United States to “run inside what has been referred to as the government cloud”.  Unfortunately, Google’s vision only exacerbates current concerns that LA would not be able to effectively protect its citizens’ information from disclosure to other U.S. jurisdictions.

Of course, I realize that Ms. Levin, et. al., are still “selling” to the LA City Council.  But, at some point during this process at least one of them should have been able to offer a modicum of security insight to enable the City Council to make a fully-educated decision.

The fact is that the cloud is fraught with a number of uncertainties distinct to cloud architectures.  These uncertainties are different than with traditional computing models – scale, homogeneity, and opacity introduce new risks that information technologists are just now sorting out.

So, it’s not surprising that LA City stakeholders don’t fully understand these risks.  However, with so many unanswered questions, one has to ask – why on earth is LA still moving forward?

Read the original blog entry...

More Stories By Richard Gordon

Rick Gordon is an expert on security technology, business strategy and early-stage finance. Prior to joining the firm, Mr. Gordon was a senior consultant with The O'Gara Company, a strategic consulting firm that advised large systems integrators and emerging technology companies on the homeland security market. In this role, he managed several large company accounts and developed a comprehensive investment strategy for the homeland security market. Previously, he served as CEO of Tovaris, a specialized encryption software development company, where he was responsible for raising the company's initial investment capital and developing critical relationships with key strategic partners in the information security industry. Mr. Gordon was also a technology investment banker at Bear, Stearns & Co., serving many emerging technology companies and participating in several technology initial public offerings.

Mr. Gordon has also served as a submarine officer in the U.S. Navy. He received his MBA from The Darden School at the University of Virginia and his BS in Engineering with Merit from the U.S. Naval Academy.

IoT & Smart Cities Stories
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (November 12-13, 2018, New York City) today announced the outline and schedule of the track. "The track has been designed in experience/degree order," said Schmarzo. "So, that folks who attend the entire track can leave the conference with some of the skills necessary to get their work done when they get back to their offices. It actually ties back to some work that I'm doing at the University of San...
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management company where he learned about Bitcoin and eventually Ethereal. Andrew's role at ConsenSys Enterprise is a mul...
IoT is rapidly becoming mainstream as more and more investments are made into the platforms and technology. As this movement continues to expand and gain momentum it creates a massive wall of noise that can be difficult to sift through. Unfortunately, this inevitably makes IoT less approachable for people to get started with and can hamper efforts to integrate this key technology into your own portfolio. There are so many connected products already in place today with many hundreds more on the h...
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker c...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to great conferences, helping you discover new conferences and increase your return on investment.