Cloud computing is starting to become real. I say that not because senior IT leaders at three of Computerworld's most recent conferences -- Premier 100, SaaScon and SNW -- couldn't stop talking about it, but because we're moving out of the "Why should I do this?" stage and into the "How can I do it?" phase.

What's more, the blind fervor is gone, replaced by healthy skepticism and active grappling with the frustratingly complex issues that need solving before CIOs will feel comfortable signing up with software-as-a-service, platform-as-a-service or infrastructure-as-a-service vendors. Many see the potential benefits of at least one of these cloud-based services for their organizations, but they need vendors to clear a number of hurdles before they will seriously consider adopting services-based IT.

You've heard the litany of concerns before: security, privacy, compliance, liability, vendor lock-in, customization, service levels, performance, support and so on.

That's what made the opening presentation at SaaScon 2010 last month so interesting. Kevin Crawford, assistant director of IT for the city of Los Angeles, spoke about the terms of the city's agreement to outsource all of its e-mail to Google. L.A. negotiated the deal through CSC, its direct supplier, and it got CSC to negotiate with Google in turn.

Crawford mesmerized the SaaScon audience by describing a long list of concessions that it won during its negotiations with CSC. Among them: L.A. can pull out of the contract without cause, and CSC will return any prepaid fees for the balance of unused time; the city will receive payment of liquidated damages in the event of liability due to any sort of breach or damage to data, and unlimited damages should Google ever violate the city's nondisclosure agreements; it will get a mounting refund in cash or rebates if downtime exceeds five minutes per month; Google employees are barred from looking at L.A.'s data in clear text without written permission; Google will keep data in the U.S.; and, of course, the city always owns the data.

The audience was clearly wowed by the success that Los Angeles had in addressing concerns that most CIOs share when it comes to placing data in the hands of a third party. As Crawford fielded 20 or so questions from the intensely curious group, you could see the wheels turning in scores of minds.

Of course, Los Angeles has some weight to throw around. Smaller IT organizations can find it difficult to get vendors to listen. The Cloud Security Alliance, a nonprofit organization whose executive director, Jim Reavis, spoke at SaaScon, is one place to look for help. Although its membership is largely made up of vendors, the Cloud Security Alliance offers interesting research and is pushing for a better cloud marketplace.

For cloud computing to flourish, it needs a set of standards that IT leaders can feel safe with. SAS 70, an auditing standard, is a start. But it covers only some of CIOs' concerns about SaaS and cloud. In order to grow, smart SaaS vendors need to come together, in conjunction with IT customers, to figure out a standard set of service levels, metrics and protections for security, performance, vendor lock-in, liability and so forth. Cloud vendors can't just expect their IT customers to pay every month and shut up. Senior IT leaders also have to tell cloud vendors what they need to make this work. Los Angeles did it. You can too.

Cloud is still a long way from taking off in a significant number of IT organizations. But with the economy showing signs of waking up, cloud is starting to take shape as it emerges from the hazy hype. It's not going to be easy, but it's also not just a fantasy. This time, it's for real.

Scot Finnie is Computerworld's editor in chief. You can catch him on Twitter, where he tweets as @scotfinnie, or e-mail him at

8 highly useful Slack bots for teams