As cloud computing gains momentum, so does government attention to privacy and security
While still marked by more hype than tangible success, cloud computing remains an area widely viewed as inevitable in both commercial and public sector markets. Whether you accept the predictions of cloud service vendors or favor a more pragmatic take to this evolving market, the focus of the discussion has become “when” rather than “if” large-scale use of cloud services and technology will become pervasive. One of the factors reigning in some of the enthusiasm about the cloud is concerns over security and privacy, particularly the protection of data moved to the cloud. Against this backdrop there are calls from government leaders in both the United States and Europe to take proactive action to establish security and privacy requirements for cloud computing, and possibly even enact new legislation. In the U.S., the government-led Cloud Computing Advisory Council (sort of a re-focused IT Infrastructure Line of Business) has developed a cloud computing framework and this week announced its Federal Risk and Authorization Management Program (FedRAMP) that will develop a common set of security requirements in an effort to speed up the pace of adoption of cloud computing by federal agencies. This is just one of the most recent announcements of a slew of workgroups, initiatives, and government and public/private collaborations on cloud computing, which neither separately nor collectively yet cover all aspects of what the government thinks it needs.In Europe, the biggest focus area is data security and privacy, to such a degree that some are now calling for a global data protection law. It remains to be seen whether privacy and security standards and requirements can be harmonized enough to make such an ambitious proposal a reality, but as industry groups such as the Cloud Security Alliance routinely point out, that fact that the government approach to the cloud is as yet unclear — especially what the regulatory environment will look like — neither cloud service providers, technology vendors, or government organizations (or even commercial enterprises) are going to be comfortable moving forward aggressively with cloud computing.