Subscribe via RSS

RSS

Subscribe via Email

Your email:

Most Popular Posts

Latest Posts

Browse by Tag

Posts by Month

Admin Arsenal Blog

Current Articles | RSS Feed RSS Feed

Windows administrators can learn from DoD policies

Posted by Shawn Anderson on Mon, Jan 18, 2010
Submit to Digg digg it | Submit to Reddit reddit | Add to delicious delicious | Submit to StumbleUpon StumbleUpon 

Google and the US Department of DefenseThe US Department of Defense (DoD) is being advised to take a long hard look at Google Apps Premier edition.

As I wrote about using Google Apps for the company last October, the topic has been on my mind - which explains why this article  jumped out at me.

I've done quite a bit of consulting with the DoD. Some of their policies, like any other organization, don't seem to make much sense. Other policies however, are cutting edge (Federal Desktop Core Configuration, for example). 

This past week China and Google have been having some fairly heated discussions, some of which have been released publicly, no doubt to up the ante to the other side. Google in short is thinking of pulling out of China, including their server farms. That brings us to the heart of the China/Google problem.

Paul Strassmann wrote a guest post for Larry Dignan column on ZDNet titled "Government Gmail use following Google's China news". The crux of Mr. Strassmann's position is that all Google servers should be removed from China because it must be assumed that the Chinese government has access to the server farms. He was specifically discussing gmail servers, and Google released a statement stating that Google has no gmail servers in China.

While the back-and-forth is certainly entertaining, it begs the question; can the DoD, and for that matter any organization, really trust a cloud in which they do not have full control.

This poses problems not only for the DoD, some of whose smaller organizations actually use Google Apps Premier, but for their contractors, sub-contractors, and vendors. A number of companies use Google Apps Premier for their internal email solutions. If these companies have dealings with the DoD they may find themselves at odds with new policies, should the DoD find cause to ban Google Apps from inside its network and with any vendors it deals with.

Keep an eye on this, Windows administrators. When it comes to the DoD and security, especially during times of war, they prefer to err on the side of security.

What do you think? Cutting edge or paranoid?


Tags: ,

Comments

Google and China are bringing up a 21st century battle of democracy and freedom verse Communism and restricted personal freedom. When we started using cloud computing systems we saw the HUGE area of security problems being created in cross country internet usage. Thrown in that the entire world is "outsourcing" computer stuff to Southeast Asian countries, and you have a plan for these socio-technology issues going to ahead. We study search demand/supply trends from around the world to find profitable niches and products. A niche, or hot predictions, is not just a demand side issue, but a supply/demand curve. If you predict IPHONE apps will take off, and there are already 100,000 aps, then you aren't going to hit that one. If you see that demand for cell phone radiation shields is going nuts and there are only two suppliers, then you can be pretty sure that it will be a good year for those 2 supplies. The software atwww.TheInternetTimeMachine.com studies both the demand (search volume) and supply (think "results" in Google). The Google Phone is generating much more buzz right now then say the Apple Tablet. 
 
Cheers, 
 
Curt 
 
Here is a video on what I mean.. http://bit.ly/SupplyDemandCurves 
 
Posted @ Monday, January 18, 2010 3:00 PM by CurtD
Miss Anderson: 
 
Please note that I was NOT discussing Gmail files, but wire taps into Google's data center in China. 
 
The claim by Google that it does not host Gmail in China does not address "...most probable and easiest way for Chinese agents to insert wiretaps..." that would allow them to read Google traffic. 
 
Paul 
 
The most probable, and easiest way, would be for Chinese agents with physical access to Google servers to insert physical wiretaps. A modified version of a Cisco switch with an extra optic fiber leading off to the police would be 
easy to hide. It would be reasonable to assume that Google 
does not encrypt traffic sent between machines in the same subnet (i.e. in the same physical cabinet). 
 
Once you can wiretap, you can eventually figure out how to distinguish Gmail traffic from other traffic, and reverse engineer how Gmail data is replicated across servers. 
 
There is no defense against a hostile party with full physical access to your server room. 
That is why Google's only logical option is to withdraw all physical servers from China. 
 
There are two Google data centers in China, almost surely co-hosted on shared facilities and not owned by Google. Similarly, there is a co-hosted facility  
in Russia. Unless a facility is owned and operated by Google it would be always suspect, and even then it would not qualify to operate DoD classified 
mail. 
 
Sincerely, prof. Paul Strassmann
Posted @ Monday, January 18, 2010 4:16 PM by Paul Strassmann
Prof. Strassman - thank you for your comment. I was quite interested when Google responded to your story.  
 
It is clear that the Chinese gov't would have capabilities into any infrastructure hosted within its borders, and Google's wide offerings make it a very juicy target.  
 
More interesting to me was the number of DoD entities (smaller departments) that are using Google Apps Premier. Our company uses the service, and I am aware of two other DoD vendors who also use that service for their own corporate email solutions.  
 
I'm waiting to see direction from the DoD on Google Apps use by approved vendors. This goes depper than email, as documents and now file hosting is now available on Google servers. Should DoD reject this platform it will speak volumes about the level of security that they feel Google is providing. I will certainly write of any decisions that I get wind of. I'm going to setup a Google news alert (pun appropriate, I suppose) on this topic as well as any updates penned by you.  
 
Thank you very much for writing. 
 
Shawn Anderson
Posted @ Monday, January 18, 2010 5:49 PM by Shawn Anderson
Hi Curt - thank you for comment. This is a hot topic not only because of the players in the game, but because so much of the world is moving to cloud computing. The trade-offs of self hosting vs. cloud have not yet been realized, and there are some organizations who will certainly be surprised at what those trade-offs turned out to be. 
 
Thanks for reading. 
 
Shawn Anderson 
 
Twitter: ShawnAnderson
Posted @ Monday, January 18, 2010 5:55 PM by Shawn Anderson
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics

Receive email when someone replies.