Frustrations with cloud computing mount

Lack of standards, industry agreements get more attention as industry expands

Cloud computing users are shifting their focus from what the cloud offers to what it lacks. What it offers is clear, such as the ability to rapidly scale and provision, but the list of what it is missing seems to be growing by the day.

Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.

The cloud computing industry has some of the characteristics of a Wild West boomtown. But the local saloon's name is Frustration. That's the one word that seems to be popping up more and more in discussions, particularly at the SaaScon 2010 conference here this week.

This frustration about the lack of standards grows as cloud-based services take root in enterprises. Take Orbitz LLC, the large travel company with multiple businesses that offer an increasingly broad range of services, such as scheduling golf tee times, and booking concerts and cruises.

As with many firms that have turned to cloud-based services, Orbitz is both a provider and user of cloud-based software as a service (SaaS) offering. Ed Bellis, chief information security officer at Orbitz, credits SaaS services, in particular, with enabling the company's growth and allowing it to concentrate on its core competencies.

But in providing SaaS services, Orbitz must address a range of due diligence requirements among customers that are "all across the board," and can vary widely to include on-site audits and data center inspections, he said.

A potential solution is a security data standard being developed by the Cloud Security Alliance that would expose data in a common format and give customers an understanding of exactly "what our security posture is today," said Bellis.

If an agreement can be reached on such a standard "it would be heaven," said Bellis, and would "cut out a third of our internal work on due diligence." But he doesn't know when or if that standard will be reached because of the work it will take to get a large number of users and providers to agree on it.

At the SaaScon conference, in interviews and on panels, the need for industry agreements was apparent. While the idea behind cloud-based services is flexibility, the ability to rapidly scale and provision servers, contracts with vendors may be anything but flexible, as Keith Waldorf, vice president of operators of e-prescription service Doctor Dispense LLC, discovered.

Waldorf spoke of one service provider he previously worked with which upgraded services, but his service-level agreement (SLA) kept him locked-in to using only the software and hardware that he initially signed up for.

The types of agreements offered by cloud providers "are all over the map and it's really vendor driven," Waldorf said. He has since moved his services to StrataScale Inc., a Sacramento, Calif.-based firm that gives him dedicated hardware that's managed virtually.

The big cloud customers, such as the City of Los Angeles, which reached an agreement for unlimited damages with Google when it contracted to use its Google Apps services , should it ever violate its nondisclosure agreements, can negotiate terms that may give them a transparency and enforcement leverage.

But many other users don't have that clout and, and in a lot of cases cloud providers may not even provide the logging information needed to prove a breach, said Jim Reavis, the founder of the Cloud Security Alliance.

Jeff Spivey, president of Security Risk Management Inc., said the market has to define its needs, because for now "the vendors are driving the service."

Predicting when the industry will reach agreements that set levels of transparency about data handling procedures and security is not something anyone was willing to bet on.

Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld . Follow Patrick on Twitter at ? @DCgov or subscribe to Patrick's RSS feed ? . His e-mail address is pthibodeau@computerworld.com .

Read more about cloud computing in Computerworld's Cloud Computing Knowledge Center.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Cloud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Patrick Thibodeau

Computerworld (US)
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?