I try not to comment on cloud issues too often, because it's one of those areas where, if you're not careful, you can spend all night arguing about stuff you don't want to argue about. But I noticed a phrase in a recent post by David S. Linthicum of Blue Mountain Labs that really got my attention: “data in flight”.
Linthicum is reasonably pointing out that cloud providers can't reliably tell you where your data resides. In-cloud security measures aren't always as secure as they could be, so once your data's flying about in there, anything could be happening to it.
Now, it's easy to get alarmist about any new technology. There are plenty of people who would still rather trust a printout than an electronic copy, even if the electronic data is held locally. I wouldn't be surprised if some people's discomfort with cloud computing is, well, its cloudiness. You want me to send all my business data into some big, vague, virtual world and just trust you with it?
However, there is an economic case for shifting your computing costs onto bigger shoulders. You're not in the computing business. An expert external provider is going to be at least as competent as an in-house provider, plus it'll have economies of scale.
The way out of this tangle is for cloud providers to embrace business data standards. If you're entrusting well-formed business information to a cloud, you have every right to demand that the cloud respects the integrity and security of that information. This means that you need to look at binding security policies to your business data objects, and cloud providers need to undertake to recognize and comply with such security policies.
It's good information design practice to separate business data and security policy. But its bad information management practice to keep the two aspects apart if you're sending your data into someone else's environment. Think of security policy as body armour that protects your valuable data. It doesn't weight much, and making sure your data's wearing it could save your business's life.
Think about the role of industry standards in your cloud computing strategy. Is your supplier a member of ACORD? Do they understand the value of a lingua franca because your business is not an island?