How one municipality is securing Google Apps, Docs

It may have been the ease of use and lower costs that drove the city government of Panama City, Fla., to use Google Apps and Docs, but state regulations and IT governance procedures made them look for a way to secure and manage the environment.

IT execs extol virtues of cloud computing, with familiar caveats

“There’s a push to put the records in the cloud,” says Panama City network administrator Richard Ferrick. Using Google Docs frees the municipal government of Panama City from having to buy additional file servers, while having back-up outside of Florida’s stormy climate was seen as a plus. But there were also concerns there would be a lot less visibility and control over documents turned over to the Google cloud.

The city already had experience migrating about 250 employees to Google Apps for e-mail and archiving in 2008 and more recently decided to go further to move its records into Google’s cloud, too. Panama City found a way to exert the security controls and management it wanted for this step by making use of Aprigo CloudLock for Google Apps, which is a Google marketplace application built on the Google Apps engine.

TECH DEBATE: Cloud providers will be better at security than you will ever be

Aprigo’s cloud-based security service is a tool for Google Apps that lets administrators place access controls over their documents by specific user or groups, deciding who is allowed to share what with whom. The service allows for choosing data owners or auditor rights and delegating controls. It can enforce policies around who can copy local files to Google Docs, and who has edit permissions. It offers a way to do data inventory, and keep track of which documents are shared outside the organization on a more public basis, says Ferrick, adding he didn’t spot other choices to this kind of functionality.

But the Panama City government is taking the approach that it’s not just the IT department that should be involved in using CloudLock. “Delegation will be a big part of it,” says Ferrick, saying designated departmental staff outside of IT are being brought into the CloudLock roll-out.

Delegating authority for use of CloudLock is now underway with each departmental unit in Panama City set to be given authorization over specific controls related to the records for which they have responsibility. “Each person will be given access to Aprigo to see what’s being done,” Ferrick says.

The goal is to give the departments direct access to information about how their records are being used as well as the ability to produce needed reports. The hard part of the process is bringing all the participants together under agreed procedures, Ferrick says.

Read more about wide area network in Network World’s Wide Area Network section.