Energy Department Testing Cloud E-MailEnergy Department Testing Cloud E-Mail

The Department of Energy is testing cloud-based e-mail and collaboration with an eye toward offering those services to its employees in addition to its on-premises e-mail system. The agency's Lawrence Berkeley National Laboratory is out in front, already moving its entire e-mail environment to Gmail.

The Department of Energy, which has a federated IT infrastructure and provides only some services to only some of its constituent labs, is looking toward Lawrence Berkeley and other labs' tests even as it carries out its pilot. Lawrence Berkeley is a quarter of the way through its migration to Gmail and anticipates completing the move by August, according to a spreadsheet posted on its Web site. The lab also plans to migrate from Oracle Calendar to Google Calendar next month, lab-wide. Users will also have access to Google Docs, Sites, and Talk.

According to Lawrence Berkeley CIO Rosio Alvarez, the main reasons for the lab's move were increased functionality over its current mail system (Lawrence Berkeley was previously running a 10-year-old Sun product), added resiliency over Lawrence Berkeley's disaster recovery plan (which Alvarez admitted in an interview was "not very good" before adopting Google Apps), "considerable" savings over the next five years, and the fact that Lawrence Berkeley's Oracle calendaring application is being phased out.

Lawrence Berkeley, like other labs, is government-owned and funded but contractor-operated and so it doesn't have exactly the same security requirements as the federal government (though there are some security requirements passed down to the labs from headquarters). That hasn't stopped the lab from doing hundreds of hours of security analysis, but it does mean Lawrence Berkeley hasn't done the full Federal Information Security Management Act certification and accreditation. Lawrence Berkeley did, however, do a deep analysis of security, data location, and privacy, and worked closely with its general counsel and general counsel at the University of California to address any legal concerns.

One of those concerns, common throughout government, is that there's often no guarantee that data stored in the cloud will reside on U.S.-based servers. In an FAQ on its Web site, Lawrence Berkeley deals with these concerns simply by noting that since Lawrence Berkeley does no classified work and no work with "foreign national restrictions," "this should not be an issue."

"There are trade-offs in the security and policy area where some risks are reduced and others increased, but taken as a whole, these risks are comparable to those we already accept, perhaps a slight lowering of risk," wrote Berkeley policy, assurance, and risk management officer Adam Stone, who also oversees the lab's collaboration strategy. His overview of the lab's analysis of privacy and security concerns is now only available in Google's cache. "The impressive functionality of the suite and how it works together is what drives us to adopt it, but we wouldn't move forward if the policy and risk management picture wasn't acceptable."

Though Alvarez and Stone foresee big benefits, the move hasn't been without a few bumps. For example, Lawrence Berkeley hasn't been able to make Gmail the default mail service for Microsoft Office, and the lab is still determining how to enable users to send large e-mail attachments. Another issue: migration has been known to create duplicate sent-mail folders. At the agency level, the Department of Energy must go through the required compliance steps, and things there are moving just a bit slower.

A series of tests at headquarters and several labs, in combination with observation of Lawrence Berkeley's experience, will help the agency plot its course, leading to a decision within six months about the next steps to take, according to John Dunlap, the agency's acting associate CIO for IT support, who heads up a number of the Department of Energy's shared services. Among the smaller-scale tests is a 50-user Google Apps pilot that then-deputy CIO Carl Staton signed off on before retiring earlier this month, and a planned Microsoft Exchange Online test by Argonne National Laboratory.

"The Department of Energy sees that cloud computing has significant potential for decreasing costs, improving efficiency, and improving the end-user experience," Dunlap said in an interview. "It's an industry with great potential, but, of course, it is young and there are many immaturities in the marketplace."

The choice to test e-mail is a strategic one, said Dunlap. Unlike the prospect of trained IT administrators working with an outside provider to stand up cloud-based infrastructure, e-mail is less easily controlled because it's subject to use by the average worker, and e-mail use varies widely from person to person. Testing e-mail in the cloud gives Energy the chance to explore and test the level of granularity included and required in both technical controls (i.e., the ability to set limits on which features which users can tap into and when) and prospective policy guidance on use of the cloud.

Department officials foresee an eventual hybrid e-mail system that would integrate things like directories and calendaring between the cloud and the agency's on-premises system. By moving to offer cloud-based e-mail alongside on-premises e-mail, the agency will be able to give users a choice, while at the same time future-proofing and preparing itself for any major market shift toward the cloud.

However, before that happens, concerns about security, records management, and contracting, among other things, must be worked out. That's especially challenging in an agency like Energy that has a diverse group of users working on everything from open science to classified research and development projects. According to an Energy Department IT executive who asked not to be named, Staton's initial memo approving the headquarters-based Google Apps pilot identified a dozen cybersecurity risks that need to be tackled.

For example, remote access and identity management could prove to be thorny issues. The agency requires two-factor authentication for remote access, which raises questions about how that requirement interferes with the access-from-anywhere portability benefits of cloud computing. Federated identity management, meanwhile, could require infrastructure upgrades depending on the ultimate choice of technologies.

Archiving presents another of the test's challenges, as the federal government has unique records management requirements that will require thoughtful contracting. "When you rely on an external provider, if you fail to contract properly and ask them to, for example, do a deep fuzzy logic search because of a [Freedom of Information Act] request, they might be able to say that it's not what you contracted for," said Dunlap.