Cloud Computing Trend Sparks Compliance Concerns

Article excerpt

A network security breach affecting the Epsilon Internet and email marketing company in April provides an important reminder of the perils inherent in consolidated and integrated data storage. Though the breach reportedly affected only 2 percent of Epsilon's customers, it included many popular U.S. retailers and financial institutions. This incident further highlights the data privacy and security concerns that will arise with the expansion of "cloud computing."

Cloud computing is maintaining data, applications and programs on a remote server that can be accessed through many devices, such as desktop computers, netbooks or smartphones. Proponents often describe it as the ultimate on-demand or as-needed computing service. With traditional information technology solutions, customers must buy equipment for computing and storage and buy software to run on those systems.

In the traditional model, customers must always have sufficient capacity to cover their heaviest possible load, regardless of how rarely this heavy load will occur. This results in long time lapses during which customers pay for unneeded equipment. Cloud computing allows for server and computing capacity scalable to any specific need.

This flexibility requires trade-offs. First, customers no longer store their own data on devices they possess. Second, data stored in the cloud must always be accessible from any location, thereby increasing hacker vulnerability and the need--without degrading fast encryption and decryption--for robust measures to deflect security breaches. These trade-offs in turn have data privacy law and regulation implications.

They are most pressing for IT contractors, but even contractors of non-IT products and services should be mindful of the dependency on and integration with many day-to-day resources that will employ cloud computing.

The Obama administration is clearly focused on the cloud for future information technology needs, which will impact many facets of the defense industry. Late last year, the Office of Management and Budget announced the third element in the president's information technology procurement reforms, under the broader umbrella of the accountable government initiative, which, along with broad reforms, calls for "cloud first" acquisition strategies and computing solutions.

The broad, amorphous nature of cloud computing makes it difficult to quantify exactly what the government is buying. Many functions addressed in the past through acquisition of items such as networking equipment and software may now be procured through service contracts, which afford more flexibility for and greater demands by the procuring activity. This better facilitates detailed performance work statements, complex evaluation factors and more focus on key personnel.

Pricing mechanisms will also shift. …