Cloud computing frustrations surface

Cloud computing users are shifting their focus from what the cloud offers to what it lacks. What it offers is clear, such as the ability to rapidly scale and provision, but the list of what it is missing seems to be growing by the day.


Cloud computing lacks standards about data handling and security practices, and even whether a vendor has an obligation to tell users whether their data is in the U.S. or not. And the industry is only beginning to sort out these issues through groups, such as the year-old Cloud Security Alliance.


The cloud computing industry has some of the characteristics of a Wild West boomtown. But the local saloon’s name is Frustration. That’s the one word that seems to be popping up more and more in discussions, particularly at the SaaScon 2010 conference here this week.


This frustration about the lack of standards grows as cloud-based services take root in enterprises. Take Orbitz LLC, the large travel company with multiple businesses that offer an increasingly broad range of services, such as scheduling golf tee times, and booking concerts and cruises.


As with many firms that have turned to cloud-based services, Orbitz is both a provider and user of cloud-based software as a service (SaaS) offering. Ed Bellis, chief information security officer at Orbitz, credits SaaS services, in particular, with enabling the company’s growth and allowing it to concentrate on its core competencies.


But in providing SaaS services, Orbitz must address a range of due diligence requirements among customers that are “all across the board,” and can vary widely to include on-site audits and data center inspections, he said.


A potential solution is a security data standard being developed by the Cloud Security Alliance that would expose data in a common format and give customers an understanding of exactly “what our security posture is today,” said Bellis.


If an agreement can be reached on such a standard “it would be heaven,” said Bellis, and would “cut out a third of our internal work on due diligence.” But he doesn’t know when or if that standard will be reached because of the work it will take to get a large number of users and providers to agree on it.


At the SaaScon conference, in interviews and on panels, the need for industry agreements was apparent. While the idea behind cloud-based services is flexibility, the ability to rapidly scale and provision servers, contracts with vendors may be anything but flexible, as Keith Waldorf, vice president of operators of e-prescription service Doctor Dispense LLC, discovered.


Waldorf spoke of one service provider he previously worked with which upgraded services, but his service-level agreement (SLA) kept him locked-in to using only the software and hardware that he initially signed up for.


The types of agreements offered by cloud providers “are all over the map and it’s really vendor driven,” Waldorf said. He has since moved his services to StrataScale Inc., a Sacramento, Calif.-based firm that gives him dedicated hardware that’s managed virtually.


The big cloud customers, such as the City of Los Angeles, which reached an agreement for unlimited damages with Google when it contracted to use its Google Apps services , should it ever violate its nondisclosure agreements, can negotiate terms that may give them a transparency and enforcement leverage.


But many other users don’t have that clout and, and in a lot of cases cloud providers may not even provide the logging information needed to prove a breach, said Jim Reavis, the founder of the Cloud Security Alliance.


Jeff Spivey, president of Security Risk Management Inc., said the market has to define its needs, because for now “the vendors are driving the service.”


Predicting when the industry will reach agreements that set levels of transparency about data handling procedures and security is not something anyone was willing to bet on.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now