I’ve written about cloud computing on several occasions. Namely with regards to Google Apps for Education. Well, here’s another reason to procede with caution as you head to the cloud.
In a case of trying to track down authorized access to an account, in your Domino world you’ve many familiar ways to go about finding out if someone has tried to open a mail file. Database properties, log.nsf, local log.nsf, etc., etc. But, in the case of Google, this is not so staight forward. We had such an instance where we needed to track down the activity on an account. We placed a call to Google support. And received the following email in response:
Hello #####,
Thank you for your message.
For security and privacy policy reasons, the best way to investigate this is to use the Audit API to securely pull logs via:
Sincerely,
#####
Enterprise Support
In otherwords if you want to obtain activity logs, you have to write the code yourself. This applies to Google Apps Premier, Education, and Partner Edition domains. If you’ve got staff who are programming your Google account APIs then you probably have the necessary resources. So keep in mind, while the data is in the cloud, the responsibility to audit it is apparently not with the cloud.
