But even as the prospect -- or for the federal government, the mandate -- for cloud computing takes shape, sorting out what are seen as the legal and operational pitfalls to actual deployment is a daunting task.
Many of the federal government's applications simply aren't ready for the cloud yet, said Tim Grance, director of the systems and network security group at the National Institute of Standards and Technology (NIST), also on the RSA panel. While migrating to a public-facing e-mail service could be done now, other applications are going to need to be changed to make the cloud work, he pointed out. And security concerns are certainly likely to hold back some public cloud adoption. "If it's a hugely critical app, you might not want to do it," he said. The Defense Department likely has the basis to run its own private cloud.
Management at some companies is flat-out rejecting cloud-based computing. Some are being told "why do you need this" after building a very high-speed network, according to representative from a company which provides financial information, who asked to remain unidentified. There, requests to try cloud-based services are rejected again and again.
The security controls around governance and regulatory reporting are not viewed as easily available in cloud-computing environments today. But last week, there were indications that vendors are taking notice that this is a vacuum to be filled and announced efforts to come up with large-scale governance and risk-management platforms for service providers. Symantec (SYMC) announced its own effort, dubbed O3, and VMware (VMW) and RSA, both part of EMC (EMC), announced something they call "Project Horizon." Neither project, though, came with specific deadlines for product availability.
Sign up for CIO Asia eNewsletters.