Frustrations with cloud computing mount

Lack of standards, industry agreements get more attention as industry expands

Cloud computing users are shifting their focus from what the cloud offers to what it lacks. What it offers is clear, such as the ability to rapidly scale and provision, but the list of what it is missing seems to be growing by the day.

Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.

The cloud computing industry has some of the characteristics of a Wild West boomtown. But the local saloon's name is Frustration. That's the one word that seems to be popping up more and more in discussions, particularly at the SaaScon 2010 conference here this week.

This frustration about the lack of standards grows as cloud-based services take root in enterprises. Take Orbitz LLC, the large travel company with multiple businesses that offer an increasingly broad range of services, such as scheduling golf tee times, and booking concerts and cruises.

As with many firms that have turned to cloud-based services, Orbitz is both a provider and user of cloud-based software as a service (SaaS) offering. Ed Bellis, chief information security officer at Orbitz, credits SaaS services, in particular, with enabling the company's growth and allowing it to concentrate on its core competencies.

But in providing SaaS services, Orbitz must address a range of due diligence requirements among customers that are "all across the board," and can vary widely to include on-site audits and data center inspections, he said.

A potential solution is a security data standard being developed by the Cloud Security Alliance that would expose data in a common format and give customers an understanding of exactly "what our security posture is today," said Bellis.

If an agreement can be reached on such a standard "it would be heaven," said Bellis, and would "cut out a third of our internal work on due diligence." But he doesn't know when or if that standard will be reached because of the work it will take to get a large number of users and providers to agree on it.

At the SaaScon conference, in interviews and on panels, the need for industry agreements was apparent. While the idea behind cloud-based services is flexibility, the ability to rapidly scale and provision servers, contracts with vendors may be anything but flexible, as Keith Waldorf, vice president of operators of e-prescription service Doctor Dispense LLC, discovered.

Waldorf spoke of one service provider he previously worked with which upgraded services, but his service-level agreement (SLA) kept him locked-in to using only the software and hardware that he initially signed up for.

The types of agreements offered by cloud providers "are all over the map and it's really vendor driven," Waldorf said. He has since moved his services to StrataScale Inc., a Sacramento, Calif.-based firm that gives him dedicated hardware that's managed virtually.

The big cloud customers, such as the City of Los Angeles, which reached an agreement for unlimited damages with Google when it contracted to use its Google Apps services , should it ever violate its nondisclosure agreements, can negotiate terms that may give them a transparency and enforcement leverage.

But many other users don't have that clout and, and in a lot of cases cloud providers may not even provide the logging information needed to prove a breach, said Jim Reavis, the founder of the Cloud Security Alliance.

Jeff Spivey, president of Security Risk Management Inc., said the market has to define its needs, because for now "the vendors are driving the service."

Predicting when the industry will reach agreements that set levels of transparency about data handling procedures and security is not something anyone was willing to bet on.

Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld . Follow Patrick on Twitter at ? @DCgov or subscribe to Patrick's RSS feed ? . His e-mail address is pthibodeau@computerworld.com .

Read more about cloud computing in Computerworld's Cloud Computing Knowledge Center.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags Cloud

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Patrick Thibodeau

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?