Congress urged to leave cloud computing alone
But experts note that there are worries about how the world perceives U.S. data security laws
Computerworld - WASHINGTON -- When the city of Los Angeles migrated to Google Apps last year, city officials insisted that the deal include a requirement that its data remain in the U.S.
They didn't want to run the risk of city government data ending up on a server in a foreign country, outside the legal jurisdiction of U.S. authorities.
Such concerns about cross-border access to data don't yet seem to be hampering the growth of commercial cloud computing. In fact, at a Congressional Internet Caucus forum to discuss regulation and cloud computing, cloud vendors urged lawmakers to resist regulation to see how the cloud computing market evolves and adapts.
"It is premature for Congress to be pass legislation," said Dan Burton, senior vice president for global public policy at Salesforce.com, who spoke at Monday's forum at the U.S. Capitol.
Burton said that current data security policies and initiatives, such as the Safe Harbor certification program, appear to be working for providers and users of cloud-based applications. Cloud providers that sign up for the U.S. Department of Commerce's Safe Harbor program voluntarily pledge to follow the European Union's data protection principals.
"There is this creaking policy infrastructure which is holding up OK," said Burton.
Salesforce.com also knows from experience that businesses can work around cross-border concerns. The San Francisco-based provider of hosted CRM applications has, for instance, signed contracts with customers in Japan who are accessing data off of Salesforce.com data centers in the United States.
Nonetheless, Salesforce.com in filings with the U.S. Securities and Exchange Commission has warned investors that it believes "increased regulation is likely" in areas that could impact its business.
Meanwhile, Microsoft has been urging Europe to adopt a common set of data rules.
Jim Reavis, co-founder of the Cloud Security Alliance, who didn't participate in the forum, said in an interview that he sees problems ahead if officials don't resolve issues concerning the protection of data once it crosses international borders.
In Europe, in particular, there's a lot of concern about the reach of the USA Patriot Act, passed in response to the 9/11 terrorist attacks, which increases the ability of law enforcement to access data, said Reavis. The Patriot Act "is something that definitely gets debated hotly outside the United States," he said.
"There is a long-term risk that U.S. companies may need to move offshore if the laws in the United States aren't changed," said Reavis.
The Obama administration is proposing new data privacy laws that could affect some cloud service providers, but it hasn't proposed any cloud-specific laws.
But the White House might see the need for international agreements.
At a separate forum on cloud computing held by the National Institute of Standards and Technology last week, the U.S. government's CIO, Vivek Kundra, said that as data moves across networks from jurisdiction to jurisdiction, the U.S. and other countries have to think about "data sovereignty" issues. "We have to think about governance models," he said.
Burton would like to see the U.S. send a strong signal that it will "pledge to work cooperatively to overcome the policy barriers that sort of Balkanize data flows." Such a policy statement "would create a lot of confidence in the cloud," he said.
David Valdez, vice president of public affairs for the Computing Technology Industry Association (CompTIA), said a lot of concerns about cloud computing can be handled with education and through the service level agreements between vendors and their customers.
"There is not a need for new laws and regulations," said Valdez.
What U.S. companies do control, right now, is a cloud computing market that is growing by leaps and bounds.
"If you are a startup company right now in Silicon Valley, the venture capitalist will demand that you run your business on the cloud," said John Calhoun, managing partner of OnPoint Consulting, who was on the panel at the Congressional Internet Caucus panel.
Calhoun's confidence in the cloud finds some support in a Gartner growth projection for the market for cloud-based IT infrastructure, where users acquire server, storage, networking and other computing services from third-party providers.
The research firm expects the worldwide market for cloud-based IT infrastructure services to increase from $3.7 billion in 2011 to $10.5 billion in 2014.
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov, or subscribe to Patrick's RSS feed . His e-mail address is firstname.lastname@example.org.
- Enterprises increasingly look to the private cloud
- Without the cloud, Microsoft may lose grasp on the enterprise
- How the cloud can make IT shops more innovative
- Business users bypass IT and go rogue to the cloud
- HP looks to ease enterprise IT cloud fears
- Afraid of the cloud? How to handle your fears
- 5 reasons why Google can catch Amazon in the cloud
- Public cloud market ready for 'hypergrowth' period
- Cloud security concerns are overblown, experts say
- Cloud computing 2014: Moving to a zero-trust security model
Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.
- The Truth About Virtual Computing for CAD If you're a user of graphics-intensive software such as 3D modeling, simulation and analysis, and visualization, you might be skeptical about moving to...
- Simplifying Product Design In A Complex World Product design engineering has moved far beyond the confines of ever-more powerful workstations. Companies can't afford to restrict projects to using only local...
- What is this "File Sync" Thing and Why Should I Care About It? All of a sudden, getting a file from your work laptop to your iPad became as simple as clicking "Save." So it's no...
- The Truth About Cloud Security "Security" is the number one issue holding business leaders back from the cloud. But does the reality match the perception?
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- ElectricAccelerator: Dramatically Faster Builds and Test ElectricAccelerator dramatically speeds up builds and test by parallelizing jobs across clusters of physical or cloud CPUs. All Cloud Computing White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!