Skip the navigation

Congress urged to leave cloud computing alone

But experts note that there are worries about how the world perceives U.S. data security laws

April 12, 2011 03:46 PM ET

Computerworld - WASHINGTON -- When the city of Los Angeles migrated to Google Apps last year, city officials insisted that the deal include a requirement that its data remain in the U.S.

They didn't want to run the risk of city government data ending up on a server in a foreign country, outside the legal jurisdiction of U.S. authorities.

Such concerns about cross-border access to data don't yet seem to be hampering the growth of commercial cloud computing. In fact, at a Congressional Internet Caucus forum to discuss regulation and cloud computing, cloud vendors urged lawmakers to resist regulation to see how the cloud computing market evolves and adapts.

"It is premature for Congress to be pass legislation," said Dan Burton, senior vice president for global public policy at Salesforce.com, who spoke at Monday's forum at the U.S. Capitol.

Burton said that current data security policies and initiatives, such as the Safe Harbor certification program, appear to be working for providers and users of cloud-based applications. Cloud providers that sign up for the U.S. Department of Commerce's Safe Harbor program voluntarily pledge to follow the European Union's data protection principals.

"There is this creaking policy infrastructure which is holding up OK," said Burton.

Salesforce.com also knows from experience that businesses can work around cross-border concerns. The San Francisco-based provider of hosted CRM applications has, for instance, signed contracts with customers in Japan who are accessing data off of Salesforce.com data centers in the United States.

Nonetheless, Salesforce.com in filings with the U.S. Securities and Exchange Commission has warned investors that it believes "increased regulation is likely" in areas that could impact its business.

Meanwhile, Microsoft has been urging Europe to adopt a common set of data rules.

Jim Reavis, co-founder of the Cloud Security Alliance, who didn't participate in the forum, said in an interview that he sees problems ahead if officials don't resolve issues concerning the protection of data once it crosses international borders.

In Europe, in particular, there's a lot of concern about the reach of the USA Patriot Act, passed in response to the 9/11 terrorist attacks, which increases the ability of law enforcement to access data, said Reavis. The Patriot Act "is something that definitely gets debated hotly outside the United States," he said.

"There is a long-term risk that U.S. companies may need to move offshore if the laws in the United States aren't changed," said Reavis.

The Obama administration is proposing new data privacy laws that could affect some cloud service providers, but it hasn't proposed any cloud-specific laws.

But the White House might see the need for international agreements.

At a separate forum on cloud computing held by the National Institute of Standards and Technology last week, the U.S. government's CIO, Vivek Kundra, said that as data moves across networks from jurisdiction to jurisdiction, the U.S. and other countries have to think about "data sovereignty" issues. "We have to think about governance models," he said.

Burton would like to see the U.S. send a strong signal that it will "pledge to work cooperatively to overcome the policy barriers that sort of Balkanize data flows." Such a policy statement "would create a lot of confidence in the cloud," he said.

David Valdez, vice president of public affairs for the Computing Technology Industry Association (CompTIA), said a lot of concerns about cloud computing can be handled with education and through the service level agreements between vendors and their customers.

"There is not a need for new laws and regulations," said Valdez.

What U.S. companies do control, right now, is a cloud computing market that is growing by leaps and bounds.

"If you are a startup company right now in Silicon Valley, the venture capitalist will demand that you run your business on the cloud," said John Calhoun, managing partner of OnPoint Consulting, who was on the panel at the Congressional Internet Caucus panel.

Calhoun's confidence in the cloud finds some support in a Gartner growth projection for the market for cloud-based IT infrastructure, where users acquire server, storage, networking and other computing services from third-party providers.

The research firm expects the worldwide market for cloud-based IT infrastructure services to increase from $3.7 billion in 2011 to $10.5 billion in 2014.

Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at Twitter@DCgov, or subscribe to Patrick's RSS feed Thibodeau RSS. His e-mail address is pthibodeau@computerworld.com.

Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.



Our Commenting Policies