As the federal government pursues a ‘cloud first‘ strategy, service providers are rushing to offer government cloud solutions. However, for some providers new to the public sector, like Google, many serious questions about data security and ownership will need to be answered. CivSource spoke with Jeff Gould, CEO & Director of Research, Peerstone Research and Doug Miller, Principal Consultant, Milltech Consulting about the problems Google’s policies pose for the public sector.
On March 1, Google ushered in a new set of privacy policies that make it nearly impossible to keep web use data private. Even in cases where an individual disables their own history, that data is still tracked. Users of Google and its auxiliary services like YouTube, or Google Plus cannot opt out of these terms. For private individuals, the new terms should raise significant red flags. For public sector individuals using Google services for government work, the policies may be a dealbreaker.
According to Gould and Miller, recent incidents suggest that Google does not exercise adequate control over certain aspects of its technology which may compromise the security of government information in Google cloud services. The two have issued a call on SafeGov.org asking the company to become more responsive to the realities of doing business in the public sector.
“With many of these offerings, there are no boundaries between how they are used by someone acting in the private sector and public sector. Individuals get no warning when they are switching between the two spheres and indeed the data, even if sensitive, is universally kept,” Miller explains.
He notes that while Google claims that it makes special arrangements for its government and enterprise users, referring links typically go back to the global policy which gives Google carte blanche use of user data and content. To that end, they are calling on Google to create and publish an audit program to ensure that government-specific privacy policies are effectively implemented by Google’s cloud products and service delivery organization.
If crafted and utilized, an audit program could provide Congressional oversight and the American taxpayers with the information they need to ensure that they are meeting the terms and conditions of their federal government contracts.
Miller and Gould note that there are other concerns, specifically that Google has made no assurances that it is not monitoring or using government data without explicit consent. Questions about Google’s practices through its Apps for Government offering have been cropping up throughout state governments as well. The company’s high profile failure to comply with law enforcement security requirements in Los Angeles being one of the more troubling examples.
For private consumers of the internet, Google now has primacy as the custodian of that experience – a position which carries over as public sector workers use Google services of their own accord. However, the experts note, when it comes to paid use of these services through a government contract adjustments must be made.
“Google’s market share in this space is 1% if they want to get to 10% they’re going to have to make some adjustments. There are many other providers with more experience working with sensitive government data that have made those adjustments,” Gould says.
Editor’s Note: In addition to their work with SafeGov.org both Gould and Miller currently act as government IT consultants. Mr. Gould has consulting relationships with several IT service providers including Microsoft. Mr. Miller also consults for service providers including HP, and Microsoft.