Energy Department Testing Cloud E-Mail - InformationWeek
10:29 AM
Connect Directly
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Energy Department Testing Cloud E-Mail

The agency is looking for guidance to its Lawrence Berkeley National Lab, which is already moving its entire e-mail environment to Gmail.

The Department of Energy is testing cloud-based e-mail and collaboration with an eye toward offering those services to its employees in addition to its on-premises e-mail system. The agency's Lawrence Berkeley National Laboratory is out in front, already moving its entire e-mail environment to Gmail.

The Department of Energy, which has a federated IT infrastructure and provides only some services to only some of its constituent labs, is looking toward Lawrence Berkeley and other labs' tests even as it carries out its pilot. Lawrence Berkeley is a quarter of the way through its migration to Gmail and anticipates completing the move by August, according to a spreadsheet posted on its Web site. The lab also plans to migrate from Oracle Calendar to Google Calendar next month, lab-wide. Users will also have access to Google Docs, Sites, and Talk.

According to Lawrence Berkeley CIO Rosio Alvarez, the main reasons for the lab's move were increased functionality over its current mail system (Lawrence Berkeley was previously running a 10-year-old Sun product), added resiliency over Lawrence Berkeley's disaster recovery plan (which Alvarez admitted in an interview was "not very good" before adopting Google Apps), "considerable" savings over the next five years, and the fact that Lawrence Berkeley's Oracle calendaring application is being phased out.

Lawrence Berkeley, like other labs, is government-owned and funded but contractor-operated and so it doesn't have exactly the same security requirements as the federal government (though there are some security requirements passed down to the labs from headquarters). That hasn't stopped the lab from doing hundreds of hours of security analysis, but it does mean Lawrence Berkeley hasn't done the full Federal Information Security Management Act certification and accreditation. Lawrence Berkeley did, however, do a deep analysis of security, data location, and privacy, and worked closely with its general counsel and general counsel at the University of California to address any legal concerns.

One of those concerns, common throughout government, is that there's often no guarantee that data stored in the cloud will reside on U.S.-based servers. In an FAQ on its Web site, Lawrence Berkeley deals with these concerns simply by noting that since Lawrence Berkeley does no classified work and no work with "foreign national restrictions," "this should not be an issue."

"There are trade-offs in the security and policy area where some risks are reduced and others increased, but taken as a whole, these risks are comparable to those we already accept, perhaps a slight lowering of risk," wrote Berkeley policy, assurance, and risk management officer Adam Stone, who also oversees the lab's collaboration strategy. His overview of the lab's analysis of privacy and security concerns is now only available in Google's cache. "The impressive functionality of the suite and how it works together is what drives us to adopt it, but we wouldn't move forward if the policy and risk management picture wasn't acceptable."

Though Alvarez and Stone foresee big benefits, the move hasn't been without a few bumps. For example, Lawrence Berkeley hasn't been able to make Gmail the default mail service for Microsoft Office, and the lab is still determining how to enable users to send large e-mail attachments. Another issue: migration has been known to create duplicate sent-mail folders.

1 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll