Like many businesses, the U.S. government sees cloud computing as the future. As Vivek Kundra, the former U.S. CIO recently put it, “the movement to the cloud is a one-way street.”
As part of that strategy – which includes a new mandate that any agency considering new computer systems look at cloud technology first — the government recently called on more than 70 industry experts to deliver their recommendations on how cloud computing adoption can be accelerated in both the public and private arenas.
Besides some accompanying case studies on how different organizations are using the cloud, the report raises a number of issues that businesses considering cloud technology might want to think about, including data security and privacy needs.
Acknowledging that data security is one of the central challenges with Software-as-a-Service (SaaS) models, the report calls on industry and government to do more to create common frameworks, best practices and metrics to help organizations decide what kind of security they need for their data.
Data security is one of the key reasons why SAP runs its on-demand ERP suite Business ByDesign on its own private cloud, and not on Amazon’s EC2 cloud, where it runs SAP Carbon Impact, which is less mission-critical.
When I asked Rainer Zinow, senior vice president of SAP Business ByDesign last year if they’d ever consider moving ByDesign to Amazon, given that some think Amazon could do it more cheaply and efficiently than SAP can, he said data security trumps other cost advantages.
“We have said that our Business ByDesign customers have specific requirements regarding security, data privacy, regulations and other aspects. So for them, it is very important that we run Business ByDesign on a highly secured private cloud,” Zinow told me.
While SAP has relatively few online applications at this point, the number will only grow in the future. If you’re one of those companies that are considering running more of your operations in the cloud, how much of an issue is data security in your decision? Do you agree with the federal government that industry standards and benchmarks would help, or is do you already have the same degree of confidence in cloud security that such standards might provide?