The Department of Energy is testing cloud-based e-mail and collaboration with an eye toward offering those services to its employees in addition to its on-premises e-mail system. The agency's Lawrence Berkeley National Laboratory is out in front, already moving its entire e-mail environment to Gmail.
The Department of Energy, which has a federated IT infrastructure and provides only some services to only some of its constituent labs, is looking toward Lawrence Berkeley and other labs' tests even as it carries out its pilot. Lawrence Berkeley is a quarter of the way through its migration to Gmail and anticipates completing the move by August, according to a spreadsheet posted on its Web site. The lab also plans to migrate from Oracle Calendar to Google Calendar next month, lab-wide. Users will also have access to Google Docs, Sites, and Talk.
According to Lawrence Berkeley CIO Rosio Alvarez, the main reasons for the lab's move were increased functionality over its current mail system (Lawrence Berkeley was previously running a 10-year-old Sun product), added resiliency over Lawrence Berkeley's disaster recovery plan (which Alvarez admitted in an interview was "not very good" before adopting Google Apps), "considerable" savings over the next five years, and the fact that Lawrence Berkeley's Oracle calendaring application is being phased out.
Lawrence Berkeley, like other labs, is government-owned and funded but contractor-operated and so it doesn't have exactly the same security requirements as the federal government (though there are some security requirements passed down to the labs from headquarters). That hasn't stopped the lab from doing hundreds of hours of security analysis, but it does mean Lawrence Berkeley hasn't done the full Federal Information Security Management Act certification and accreditation. Lawrence Berkeley did, however, do a deep analysis of security, data location, and privacy, and worked closely with its general counsel and general counsel at the University of California to address any legal concerns.
One of those concerns, common throughout government, is that there's often no guarantee that data stored in the cloud will reside on U.S.-based servers. In an FAQ on its Web site, Lawrence Berkeley deals with these concerns simply by noting that since Lawrence Berkeley does no classified work and no work with "foreign national restrictions," "this should not be an issue."
"There are trade-offs in the security and policy area where some risks are reduced and others increased, but taken as a whole, these risks are comparable to those we already accept, perhaps a slight lowering of risk," wrote Berkeley policy, assurance, and risk management officer Adam Stone, who also oversees the lab's collaboration strategy. His overview of the lab's analysis of privacy and security concerns is now only available in Google's cache. "The impressive functionality of the suite and how it works together is what drives us to adopt it, but we wouldn't move forward if the policy and risk management picture wasn't acceptable."
Though Alvarez and Stone foresee big benefits, the move hasn't been without a few bumps. For example, Lawrence Berkeley hasn't been able to make Gmail the default mail service for Microsoft Office, and the lab is still determining how to enable users to send large e-mail attachments. Another issue: migration has been known to create duplicate sent-mail folders.