July 26, 2010, 3:57 PM — Google led a coup against Microsoft to win the contract with the city of Los Angeles to provide messaging and productivity software for roughly 30,000 city employees. Nine months later, though, implementation is behind schedule as Google and the city of Los Angeles address security concerns with the cloud-based services.
The Los Angeles police department (LAPD) is not ready to embrace the migration due to concerns with lags in e-mail delivery, and continued anxiety over the security of data entrusted to Google. The LAPD must comply with rigorous data protection requirements and it is not yet convinced that the Google security controls are sufficient.
A memo last fall from the Los Angeles Information Technology Association which contributed to the Google contract win spelled out that Google will "provide a new separate data environment called 'GovCloud.' The GovCloud will store both applications and data in a completely segregated environment that will only be used by public agencies."
The Google GovCloud is encrypted, and is both physically and logically segregated from the rest of the Google-verse. Google also specified that the data stored in GovCloud would only be housed in US-based servers, and only available to US citizens with proper clearance and authority.
Those seem like fairly stringent security measures, but to quell any remaining unease Google also committed to notify the city of Los Angeles of any security breach. To hedge the bet, Los Angeles council members added a clause to the contract which requires Google to pay the city in the event of a data breach.
All of the promises, commitments, and security measures, though, can't undo a security breach. Having Google pay the city a penalty in the event of a data breach might be a windfall for LA, but it won't un-breach the data.