May 16, 2011, 3:28 PM — Boston-based Bay Cove Human Services is a non-profit organization that offers assistance and service to 4,000 people and families in Massachusetts. CIO Hilary Croach has several technology challenges to contend with. For starters, the agency has its hands in a number of service areas, including helping individuals with developmental disabilities, mental illness, drug and alcohol addiction, and those who need support with aging. With about 140 locations around Eastern Massachusetts, Bay Cove's employees and IT operations are scattered.
Learn more about cloud computing and security
* Cloud security predictions for 2011
* Hybrid cloud security: Real-world tales
* Why security pros hate Sharepoint and what to do about it
Because of the expansive nature of his users, Croach decided to take some applications into the cloud with Google Apps for Business. But Bay Cove is subject to a number of regulations, including HIPAA, so the move to the cloud wasn't done without extreme consideration with regard to access control and privacy. Croach recently detailed for CSO why he felt Google Apps tools were the right fit for his agency, and how he handles security in a regulated environment like social services.
CSO: How did you first become interested in using Google Apps for Bay Cove?
Hilary Croach: We had an email platform we had used for fourteen years. It was a great platform when we first got it. But, in recent years, it became clear it wasn't being updated, it wasn't connecting in with mobile devices, so we couldn't continue with it for our email platform. We looked at Exchange and the idea of hosted solution was on the table. We have about 1600 users. When I looked at Exchange implementation from the ground up, I was talking about a $100,000-capital investment, and that was with the relatively-cheap licensing that Microsoft offers to non-profits. But Google, for non-profits of our size, offers Google Apps for free. That was a huge deal for me.
Now, of course using Google Apps means it's not in my data center. And there are concerns about security if it's not in my data center. But we quickly became pretty confident that the email and calendar piece of the Google Apps suite would work as well and be as secure as our previous email system for internal communications - and we were clear that sending an email out of any system is pretty much unsafe unless you have encryption tools and so forth. So we made the move.
Did you use everything in the suite?
No. When we first moved to Google Apps, all we had turned on was Gmail and Calendar. And it's a better platform than we had before, with better connectivity to mobile devices.
When we rolled it out, Google had just given administrators the ability to parse out other pieces. Prior to when we did starting using it, if you wanted to use Google Apps, you had to roll out whole thing. But we were able to just use Gmail and Calendar. And we also rolled out Docs to small group of people. We were using sites for other stuff, like our personnel policies. We were using it as adjunct to our intranet. But more and more people starting coming to me, telling me they really liked the collaborative abilities of Google Docs and they wanted me to turn it on for others.
Did you have hesitations about that? How did you handle it?
