Call for Industry and Government to Get Their Heads in the Clouds

By TAP Staff Blogger

Posted on January 26, 2010


Recently, the Brookings Institution in Washington, D.C., hosted a forum, Cloud Computing for Business and Society. Speaking there was a panel of leaders in the cloud computing arena:

  • Robert Atkinson, president of the Information Technology and Innovation Foundation
  • Michael Nelson, chairman of the Technology Section of the American Association for the Advancement of Science
  • Jonathan Rochelle, project manager at Google

The forum was an opportunity to address the need for legislation and industry participation in securing the cloud.

Cloud computing, for those unfamiliar, is a means of holding data on remote servers so information can be accessed anywhere; this, rather than holding information on an on-site mainframe computer. Unclear on what this means? You may use it frequently. TAP does. Most social media sites, such as Facebook, are in the cloud. But there are more serious, valuable applications for the cloud.

Storing information in the cloud is a way to maximize utility and cost efficiency for businesses, organizations, governments and individual citizens the world over. Users can scale IT systems based on immediate needs and access advanced tech capabilities. The advantages are seemingly limitless – provided legislation and international agreements keep the cloud safe.

Prior to the panelists’ discussions, Brad Smith, Microsoft’s senior vice president and general counsel for Legal and Corporate Affairs, delivered the keynote address.

Smith’s speech urged Congress and the IT industry to update legislation to match rapidly developing technology areas. Fostering the development of cloud computing requires full trust in the technology’s ability to keep data private and safe from those who would steal and exploit it. Smith called for cloud security standards, and while the government cannot regulate the tech industry, forcing all clouds into a similar format, government can insist on basic security measures.

Smith used the following example: A Volvo may have the safest crash test rating with the most up-to-date safety features. Now, it may be that Volvo is the safest of all cars, but the government cannot require that all consumers buy Volvos. That hurts the market and discourages competition.

On the other hand, the government can (and has) regulated basic safety features, such as seatbelts. Apply this same principal to the cloud. The government won’t tell consumers which cloud to use, but it may be within their power to legislate basic cloud security standards.

The panelists addressed some of the more important nuances of cloud security. Atkinson argued that open source cloud computing (a concept Nelson supports) requires an international agreement on cyber standards. Specifically, he said that state-sanctioned hackers (meaning cyber criminals who attack abroad but face no criminal charge in their home country) are the biggest threat to the cloud. Well, doesn’t everyone want to see safer clouds? Not necessarily.

Recent news reports have revealed major international cyber threats originating from China. China is surely ready for cloud security, right? It’s complicated because circumstantial evidence suggests the Chinese government was behind the attacks. How can we establish international standards when a major cyber player refuses to play by any rules, even to the detriment of other countries?

Clouds can be accessed throughout the world. It’s part of their value. But without high security, clouds can be penetrated by bad guys with malicious intent. So do we set standards at home only to have them broken abroad?

Figuring out the complex nuances of cloud security will take years, but the dialogue, such as that held at the Brookings conference, is well underway. Who else will take part?