Demystifying Cloud Computing

Will large enterprises embrace cloud computing? A telling point during an "Evening in the Cloud" panel discussion at this week's Enterprise 2.0 Conference came when a member of the audience (an employee of integrator CSC) said, "I know of plenty of European companies that wouldn't touch you guys with a ten-foot pole if it means putting data in an American data center. The "you guys" in question were the executives representing Amazon, Google and Salesforce.com. The objection cited was the Patriot Act, which has stoked plenty of fear about U.S. Government meddling in private data, but let's not get side-tracked on that issue. The point is that there are plenty of reasons why corporations won't move into the cloud until they can know more about where the data will reside and how it will be protected.Providing greater transparency may run counter to the cloud concept of not having to know or care about what goes on behind the scenes, but laws, regulations and mandates such as HIPPA, Sarbnes-Oxley, FIRPA, state-level privacy protection laws and countless other measures will make many executives think twice about moving corporate data into the cloud - even if they have few assurances about the security of data within the four walls of their own organization.

Panelist Carolyn Lawson, CIO, California Public Utilities Commission, said she's "a big fan" of the cloud concept, but she sounded more like a skeptic. "I can't foresee a time where we put [government] data into the cloud," she said. "We have social security numbers, we have drivers license numbers, we have photos, we have addresses and we know where your children go to school. We have a duty to protect that information, and there are a series of state and federal laws that make me accountable to do just that."

Responding to these and other questions about security, Jeff Keltner, Business Development Manager, Google Apps, said that SAS70 compliance - something outsourcers like IBM and CSC adhere to and that Google is in various stages of gaining - will put security executives in their comfort zone.

"We've taken a lot of steps that most businesses never would to lock down our environment," said Keltner. "When you get down to things like SAS70 compliance, which gives you a look behind the curtain about what's actually going on, and you do the due diligence and see what we're doing in this space, you may end up being more comfortable with our ability to invest in security, at the scale of lots and lots of customers, than even a large government entity can at the budgets they're given."

Even if they can point to credentials such as SAS70, cloud vendors will also have to grapple with protectionist laws and regs that mandate that companies doing business in X country or with Y government or working in Z trade area must work with "local" suppliers (with local data centers).

Adam Selipsky of Amazon was vague about data location provisions in this interview, so I was surprised to hear him report that Amazon has European Union-based data centers to satisfy precisely these sorts of requirements.

"In the European Union specifically there are some regulations that say specifically that European company data, or data on European consumers, must be housed in the EU," he said. "We're looking to expand geographically and also to allow customers proximity control over where they store their data. For example, we've already created a European storage location for our storage service, S3, and customers have control over where they want to store their data."

Speaking for Salesforce.com, panelist Ross Piper, senior vice president of Enterprise Strategy, told me that the company has built a data centers in Singapore and elsewhere to meet similar data location requirements, but then, Salesforce isn't really a cloud computing vendor like Google and Amazon - at least not according to Gartner analyst Don Feinberg. "One of the reasons people are comfortable with Salesforce.com is that they give you a document that describes where your application is going to be running, what their configuration is, how it's being backed up - they give you all that information and that's what helped to mature the company," Feinberg explains. "You won't see that from Amazon because that's the whole point of the cloud - you're not supposed to care about those details."

So will enterprises embrace cloud computing? My takeaway from the "Evening in the Cloud" is that the maturation process will force cloud vendors to become more transparent - at least if they hope to do real business with enterprise customers. And as they start detailing their infrastructures and the nuts and bolts of their services - demystifying the cloud, so to speak - the more they will start to look like the big outsourced service providers that have been around for years.A telling point during an "Evening in the Cloud" panel discussion at this week's Enterprise 2.0 Conference came when a member of the audience said, "I know of plenty of European companies that wouldn't touch you guys with a ten-foot pole if it means putting data in an American data center. The "you guys" in question were the executives representing Amazon, Google and Salesforce.com...