Over the past two years I’ve interviewed dozens of government ICT managers in countries throughout Asia, the Caribbean, and Europe. One of the surprising items collected during the interviews is the large number of government employees – some at the highest levels, using public mail systems for their professional communications.
While this might appear as a non-issue with some, others might find it both a security issue (by using a foreign commercial company to process and store government correspondence), as well as an identity issue (by using an XXX@gmail.com or XXX@yahoo.com ) while communicating with a government employee or official.
Reasons provided in interviews concluded the reason why government employees are using commercial email systems include:
- Lack of timely provisioning by government ICT managers
- Concerns over lack of privacy within a government-managed email system
- Desire to work from home or while mobile, and the government system does not support remote or web access to email (or the perception this is the case)
- Actual mail system performance is better on public systems than internal government-operated systems
- Government ICT systems have a high internal transfer cost, even for simple utilities such as email
and so on.
When pressed further, many were not aware of the risk that government correspondence processed through public systems potentially resulted in images being stored on storage systems probably located in other countries. Depending on the country, that email image could easily be provided to foreign law enforcement agencies under lawful warrants – thus exposing potentially sensitive information for exploitation by a foreign government.
Are Public Email Accounts Bad?
Not at all. Most of us use at least one personal email address on a public mail system, some many addresses. Public systems allow on-demand user creation of accounts, and if desired allow individuals to create anonymous identities for use when using other social media or public networks.
Public addresses can separate an individual’s online identity from their “real world” identity, allowing higher levels of privacy any anonymous participation in social media or other activities where the user wishes to not have their full identity revealed.
The addresses are also quite simple to use, cost nothing, and are in use around the world.
Governments are also starting to make better use of commercial or public email outsourcing, with the City of Los Angeles being one of the more well-known projects. The City of LA has service level agreements with Google (their outsource company), assuring security an confidentiality, as well as operational service levels.
This is no doubt going to be a continuing trend, with public private partnerships (PPPs) relieving government users from the burden of infrastructure and some applications management. With the US CIO Vivek Kundra aggressively pushing the national data center consolidation and cloud computing agenda, the move towards hosted or SaaS applications will increase.
Many benefits here as well, including:
- Hosted mail systems may keep an image of mail in storage – much more secure than if an individual PC loses single images of mail from a POP server
- Access from any Internet connected workstation or computer (of course assuming good passwords and security)
- Standardization among organizational user (both for mail formatting and client use)
- Cheaper operating costs
To address recent budget and human resource challenges, the City of Orlando moved its e-mail and productivity solution to the cloud (application and cloud hosting services provided by Google). The City has realized a 65 percent reduction in e-mail costs and provided additional features to increase the productivity of workers. (CIO Council, State of Public sector Cloud Computing)
For developing countries this is probably a good thing – have all the features and services of the best in class email systems, while significantly reducing the cost and burden of developing physical data center facilities.
But for the meantime, as that strategy and vision is defined, the use of public or cloud hosted email services in many developing countries in one of convenience. We will only hope that commercial email providers safeguard data processed by government user’s personal accounts, used for communicating all levels of government information, with the same service level agreements offered large users such as the City of LA or City of Orlando.
The Station Fire ripped through communities along the northern rim of Los Angeles in August and September, consuming an area more than 160,000 
acres. Evacuations came with little or no warning, homes and buildings lost, and the entire ordeal put a tremendous strain on utilities and resources. Including water.
When the city of Glendale needed to quickly alert residents to lower their water and power use to enable fire fighters to gain access to critical resources, they turned to a local company, Everbridge, to reach citizens with real-time notifications alerting them to the emergency.
On Thursday night Marc Ladin, VP of Global Marketing at Everbridge, walked CTC members though an introduction to emergency and incident communications management.
The Need for Emergency Management
Communications technology has made incredible leaps in utility, applications, ands capacity over the past few years. We can reach nearly any point or person in the world through telephone, mobile phones, Internet email, Twitter, Blackberry messaging, radio, television – the list is becoming endless.
Regardless of the technologies, natural and man-made disasters and problems remain a part of our lives, and will always be part of our lives. Our businesses, governments, and even survival, depends on how we prepare for disaster, and are able to respond to events that touch our lives. Good events and bad.
Marc Ladin makes a living solving the problem of communicating during emergencies and events. The residents of Glendale, like most communities in the United States, offers residents the option of registering their preferred communications devices with the city.
This gives the city an immediate channel to reach and inform residents in the event of disasters and other incidents of interest or impact to the city and residents.
In the case of the Station Fire, Glendale was able to immediately reach enough residents, and the city was able to lower residential utility draw to the level fire fighters had adequate water resources to protect the community.
The same model applies across the spectrum of emergency notification.
The Enterprise Business Continuity Plan
Nobody wants to think of a disaster that will hurt people, or isolate them from their family or organizations. However, it is also clear that any organization needs to have a business continuity plan in place, and a disaster response plan in place to allow the organization to quickly respond to, and manage, any event that will potentially damage the organization’s ability to function.
Consider this scenario. A large multi-national chemical products company. Highly visible in the world business community, and customers located around the world.
The worst case scenario happens. At the HQ site an explosion occurs in the manufacturing plant, killing several person in senior leadership roles, and requiring a massive response by emergency services and evacuation in the surrounding community.
Who do we need to notify to respond to the emergency, and who needs to know about the problem?
- First responders – fire fighters, HAZMAT teams, ambulances, local hospitals, police
- Local Community – residents, media (radio and television)
- Company leadership – management, public affairs, operations
- National and global media
How do you get the message – the real message – out to those people?
How do we determine if somebody is trapped in the disaster area, and needs help?
The process is getting easier. Every person, machine, and device connected to the Internet or other global communications service can be part of the event notification process.
Registering Your Communications Device for Notification
A company such as Everbridge offers as utility for managing emergency and event notifications. The utility (Everbridge) operates as a SaaS (Software as a Service) application, physically separated from the users. The SaaS application resides on several geographically diverse data centers, with multiple communication providers providing the conduit for global device notification access.
An organization will compile a table of their users and devices, with an individual having the ability to register all their available communications devices (mobile phones, email, Twitter accounts, etc), including a preference on notification priority (i.e., mobile phone message first, email second, home phone third…).
The organization then has the ability to sort members into different categories of notification. An example of how an organization might be sorted is:
- C-level management notifications
- Persons notified during emergencies
- Geography (everybody in the Long Beach office, everybody in the Atlanta office, everybody in Japan, etc)
- Function (operations, engineering, marketing and sales)
- Local area first responders
- And any other desired sort
Of course a single entry is easily tagged for multiple notification categories.
How to Make a Notification
In a traditional environment company leadership wants to make a notification. They may have their secretary make phone calls, might call an operations center and open a notification checklist, or other time-tested process.
The modern notification system can use a wider variety of methods for generating a notification:
- A human being opens a web page and types in a notification message for distribution
- A human being prepares an email or SMS message, and sends it to an address that spawns the desired notification tree
-
A machine experiences a condition that requires a human response
- Fire alarm
- Equipment failure
- Security break-in or event
- Etc
Once the message is triggered, and the notifications made, then you need to make a decision on whether or not the notified persons need to acknowledge or respond to the notification. Modern systems also manage and automate the acknowledgement process by logging replies to the notification message, allowing the alert initiator to determine if everybody has received the message.
This is important if you are managing a disaster, and need to determine if somebody could potentially be hurt or in danger, or if you need to escalate a decision situation to the next person in a business continuity plan.
With GPS capability, it is now even possible to determine the exact location of a desired device, further helping locate persons in a disaster. Consider a heart patient with an active monitoring device – that device can be registered in a hospital, first-responder, family, and neighbor notification matrix. This will increase the probability that person will survive in the event of health problems.
Other Creative Ways to Use a Notification System
Of course the same system that handles emergencies can also handle positive messages. The marketing group can use the same notification system for press releases, management can deliver positive company results to employees – basically once the person and device/s are registered in a data base, the entry can be used for whatever desired.
Marc Ladin presented a great vision. His company is putting the vision into reality, and has a lot of exciting features available today, and in the mill for tomorrow.
John Savageau, Long Beach
