There is still widespread concern over Google's ability to deliver privacy, security, and meet other IT governance standards as a public cloud provider - but in one sector which is traditionally very strict on governance (Government) Google is meeting with greater success. Why is this? What are the lessons to be learned?
First, it's important to recap the worries about public cloud security and data safekeeping. If you are in a highly regulated industry with fiduciary and privacy obligations to your constituents (e.g., healthcare, finance and yes, even government), you can't place your company or your job in jeopardy by incurring a multi-billion dollar security breach or privacy compromise that effects hundreds of thousands of subscribers.
Second, there are still too many examples of public cloud prime-time players that are not ready to assume the mantles of regulatory compliance and data stewardship that enterprise IT practices demand. "We have our own internal SLAs (service level agreements), but we don't provide them to our customers," acknowledged one public cloud SaaS (software-as-a-service) provider.
Google has not been immune to these growing pains, either. Its early failures are well chronicled. Even in government, there have been hiccups. Late last year, the City of Los Angeles scaled back its Google public cloud deployment because law enforcement was concerned about how secure its data would be.
But let's not forget the victories
The State of Wyoming migrated 10,000 employees to Google Apps for Government for collaboration and unified communications in less than nine months. Wyoming believes that the online collaboration tools Google Apps offers will streamline operations and make government more efficient.
As more government agencies actively work with Google, deploy Google Apps, and boast of anticipated cost savings and workforce efficiencies, momentum is building. "Wyoming reviewed other public cloud options before we selected Google," said Flint Waters, Chief Information Officer for the State of Wyoming. Waters, who has a background in law enforcement, said that initially there was trepidation to adopt a public cloud solution for office productivity.
"Google Apps was the first application in its class to gain FISMA (Federal Information Security Management Act) certification, a comprehensive framework designed to protect government information, operations and assets from outside threats and attacks," said Waters. "FISMA compliance is a major factor in our confidence with Google. Really, using Google Apps is far more secure than our previous efforts."
The lesson here for Google and other public cloud providers is that many organizations (including large enterprises) are already "sold" in theory when it comes to public cloud's ability to deliver cost and operational savings and efficiencies. However, a public cloud must also meet the same rigorous regulatory, security and governance standards that enterprise IT does in the industry verticals it serves. Progress in this area has been made with government. This has spearheaded adoption, and adoption in turn has multiplied agency "success stories" and "word of mouth" that encourages new agencies to seriously consider Google Apps.
It's also noteworthy that Google itself doesn't acknowledge governance and security in the value proposition that it presents to users considering Google Apps, although it does reference it on its Google Apps Government page. Perhaps it is a signal that Google, like its competitors, is still working to customize solutions for governance and security for the different industry verticals it hopes to serve.
"Security is an important consideration for many CIOs, and it's something we take extremely seriously at Google," said Google spokesperson Tim Drinan. "With certifications like FISMA and ISO 27001, we can demonstrate that Google Apps has met stringent security standards that earn the trust of business and government customers."