Vertrouwelijkheid en beveiliging

[Cees Binkhorst]

REPLY TO: D66 at nic.surfnet.nl

In een tijd waar iedereen waarschuwt om voorzichtig te zijn met wat je op
internet websites zet, worden allerlei gegevensstromen door
overheidsorganen uitbesteed.
Volgens mij een zeer zorgelijke ontwikkeling.

MS heeft in het onderstaande artikel kennelijk de gemeente overtuigd van
de voorzorgen die genomen worden omtrent de vertrouwelijkheid.
Persoonlijk geef ik daar geen cent voor. Ik herinner me nog de tijd dat MS
in elk MS-document allerlei gegevens vastlegde, waar de eigenaar niets van
wist. Die tijd is overigens nog steeds niet voorbij!
Iedereen met MS-software op de computer is overgeleverd aan MS voor wat
betreft de vertrouwelijkheid, en wat mij betreft is dat vertrouwen er
niet!

Groet / Cees

PS. Waar staat MS, kun je wat mij betreft net zo goed Google zetten of elk
ander bedrijf. Geen permanente Clouds voor mij, en ook geen GMail etc.

http://www.networkworld.com/supp/2009/ndc3/051809-cloud-carlsbad.html?netht=rn_051809&nladname=051809dailynewspmal

California city entrusts email to Microsoft cloud-based service
By Neal Weinberg , Network World , 05/18/2009
Sponsored by:

The human resources people at Microsoft were somewhat taken aback when the
city of Carlsbad, Calif., started grilling them on what types of
background checks Microsoft performs on its own employees.

But Gordon Peterson, director of IT for the seaside city just north of San
Diego, says that before he would allow municipal e-mails to live in
Microsoft's cloud he wanted assurances that the background checks
Microsoft conducts on its people were as thorough as the checks Carlsbad
conducts on its IT workers.

"Security was a big part of the RFP," Peterson says. "We asked a lot of
questions on how you do security, on their hire-fire process." For
example, Peterson wanted to know what security procedures Microsoft takes
when it terminates an employee.

"I don't know that they'd ever been asked that before," says Peterson. But
Microsoft answered the queries to Carlsbad's satisfaction and the city
recently signed on for Microsoft's Business Productivity Online Suite, a
cloud-based service in which Microsoft hosts the city's e-mail and
collaboration services, including SharePoint, Live Meeting and instant
messaging.

Peterson readily admits that "not everybody is perfectly comfortable" with
the idea that municipal e-mails are being hosted outside the walls of the
city. But he weighed the pros and cons and worked through a variety of
issues with Microsoft before coming to the conclusion that "the hosted
environment has a higher degree of security than we can provide
internally." For example, Peterson says that within his 20-person shop,
tasks are shared, so he's not able to achieve the separation of duties
that a larger security organization can put into place.

Carlsbad is a city of about 100,000 people with a municipal employee base
of around 1,000, according to Peterson. The city has been working for the
past couple of years to consolidate the number of IT platforms and once it
chose Microsoft as a strategic partner, that meant moving from Groupwise
to Exchange for e-mail.

The next question for Peterson was whether to build and maintain the
system internally, build the system and have someone else run it, or have
it fully hosted.

Peterson had conversations with Gartner analysts, conducted a thorough RFP
process and ultimately decided that a hosted solution was the way to go.

"We felt comfortable that this is viable. We learned that it's less
expensive than doing it ourselves," Peterson says. He adds that going with
hosted e-mail frees up IT staffers to do more high-value projects. "Around
70% of our time and money is spent keeping the lights on," Peterson says.
"The rest is innovation and that's where the real value comes in."

In pure dollars and cents, over a four-year period, the Microsoft deal
will cost $330,000, a managed solution would have cost $390,000 and doing
it all in-house was a $500,000 proposition, according to Peterson. "That's
a 30% or more savings to not do it ourselves."

In term of implementation, Carlsbad went live with Exchange in late March
and everything went smoothly from Microsoft's end of things. "You went
home Friday as a Groupwise user and you came back Monday as an Exchange
user. The service works fine," he says.

The only glitch occurred when it came to data migration. Carlsbad used a
third party to migrate existing data from one system to the other, and
initially about 100 of the 1,000 end users didn't get their files moved.
That was quickly rectified.

One of Peterson's initial concerns had to do with bandwidth. Carlsbad has
a 20MB pipe to the Internet and Peterson says he was worried that it
wouldn't be enough, especially when bandwidth usage soared to near 100% on
the first Monday morning of the Exchange rollout. But Peterson said after
that initial spike, which he attributed to employees signing on for the
first time all at once, bandwidth usage has returned to previous levels.

For Peterson, the Microsoft cloud service is both a hosted e-mail service
and a disaster-recovery plan. The data is hosted at a Microsoft owned and
operated data center in Redmond, Wash., and mirrored to a second site in
Virginia. "There's full failover," Peterson says.

With all the hype surrounding cloud computing, it's not always clear
whether a hosted service is technically a cloud-based service or not.
Peterson says he's not that concerned about the semantics of it all.

But he does have his own idea of what cloud computing means. It's the
notion that he doesn't have to know exactly where the data is, as long as
he's sure that it's safe and accessible.

There's also a software-as-a-service component to cloud computing,
Peterson says. The vendor hosts the application, "they provide the compute
power to handle what we need" and the customer doesn't need to get
involved in the details, like how many servers, how many gigs of storage.
"We don’t know and we don't need to know," he says.

And finally, there's the scalability piece, where Peterson says he is able
to easily scale up the e-mail service as his needs increase. Plus, he is
able to quickly add new features and applications.

For example, if he ends up needing to archive e-mails from municipal
attorneys, he can add an archiving feature for $5 per mailbox. "It's an
on-demand sort of thing," he says.

Plus, he plans to roll out Live Meeting within the next couple of months,
followed by SharePoint a few months later. Those applications are all
included in the enterprise application contract that Carlsbad signed with
Microsoft.

Of course, there are other aspects of cloud computing that don't apply in
this case. For example, some experts and analysts say the ability to scale
down, as well as to scale up, is a feature of cloud computing. And then
there's the pay-for-usage feature of cloud computing. Carlsbad has signed
what's more like a traditional outsourcing or hosted application contract.
Nevertheless, Microsoft calls this a cloud computing service and to
Peterson it really doesn't matter as long as it works.
More cloud

Peterson says Carlsbad has had some experience with hosted applications,
including some library apps and his own help desk, which has been
outsourced for some time. He's now looking at a new human resources
management system and is looking to have that hosted.

There's another angle that comes into play with hosted services, he says.
They don't involve capital expense or new personnel, so they're an easier
sell, especially in these tough economic times.

Peterson says he will lose the ability to customize applications by going
the cloud route, but he says e-mail has become a commodity. "You don't
need to know a lick about Carlsbad to be able to provide e-mail."

And if, down the road, Carlsbad decides to go in a different direction,
provisions for what Carlsbad's legal team call "disentanglement" have been
put into the contract. "We did address getting out of the contract and how
we would get our e-mails back."

But at this point, Peterson isn't looking to do less with cloud computing,
he's looking do more. "We're asking this question on everything now," he
says.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********