February 17, 2011, 5:43 PM — SAN FRANCISCO -- Deciding to move enterprise data into cloud-computing environments is still a decision fraught with anxiety over security, as well as operational and legal issues, say IT managers, but the prospect of cost savings and ability to "burst" data into the cloud during peak periods is proving irresistible.
That was the sentiment expressed by IT and security managers in both government and the private sector at last week's RSA Conference 2011. "We're shifting the government from asset ownership," said Vivek Kundra, the federal government's chief information officer.
NEWS FROM THE SHOW: Vendors race to protect data in cloud security services
Kundra said it requires years and huge capital expense to build a data center -- the government has 2,000-plus -- but the plan is to start shifting to cloud-computing environments. The 2012 budget calls for a dramatic shift to the cloud. "Of the $80 billion we spend each year, $20 billon of that can actually move to the cloud," he said, adding that the plan is to shut down 800 data centers by 2015.
Some agencies already have what he called "early adopter" experience, including the General Services Administration in cloud-based e-mail, migrating 17,000 users to Google Apps. The Agriculture Department is moving onto the Microsoft Azure platform for $27 million in savings, he added. And he expects there to be a number of enterprise procurements for infrastructure as a service announced soon.
But obstacles remain. The ideal would be to reach a point where agencies have "security dashboards" to get needed information, Kundra said. There should be standards supporting interoperability and portability. "It's important to make sure we aren't in vendor lock-in."
Those concerns are shared by IT and security managers in private industry.
One reason cloud-based computing is problematic is that there's uncertainty where corporate data might be at any given moment in a cloud environment, noted Nuala Kelly, chief privacy leader at GE, who spoke at an RSA panel related to why there's hesitancy in adopting the cloud.
There's a "little bit of legal collision" the cloud has with U.S. and European data-security laws and regulations that suppose or require that data is stored in more traditional fashion. She acknowledges this legal situation "scares the bejesus out of the corporate lawyers."
To make it worse, cloud service providers also aren't always flexible or transparent.