SAN JOSE, Calif. – A group of 71 experts from industry and academia released a report making 14 broad recommendations for best practices and policies for accelerating adoption of cloud computing in the U.S. The TechAmerica Foundation convened the group at the suggestion of members of the Obama Administration.
The Commission on the Leadership Opportunity in U.S. Deployment of the Cloud is holding a Web broadcast detailing its report today. Marc Benioff of Salesforce.com and Michael Capellas of VCE chaired the group.
The recommendations called for cloud computing standards, especially in areas such as security, privacy and performance, echoing calls from other groups dating as far back as 2008. The report also called for more clarity in laws about attacks on data services as well as a roadmap for cloud research. In April, the IEEE launched a cloud computing standards effort.
Top computer companies including Dell, Hewlett-Packard and Intel have launched or ramped up major cloud computing programs this year. They join Amazon, Google, Microsoft and others that have already been delivering services from their large data centers for some time.
The TechAmerica group's recommendations included the following:
- Government and industry should support and participate in the development and implementation of international, standardized frameworks for securing, assessing, certifying and accrediting cloud solutions.
- Industry and government should accelerate the development of a private sector-led identity management ecosystem as envisioned by the National Strategy for Trusted Identities in Cyberspace to facilitate the adoption of strong authentication technologies.
- Government should enact a national data breach law to clarify breach notification responsibilities and commitments of companies to their customers, and also update and strengthen criminal laws against those who attack computer systems and networks, including cloud computing services.
- Government, industry, and academia should develop and execute a joint cloud computing research agenda.
- The U.S. government and industry should promote a comprehensive, technology-neutral privacy framework, consistent with commonly accepted privacy and data protection principles-based frameworks.
- The U.S. government should demonstrate leadership in identifying and implementing mechanisms for lawful access by law enforcement or government to data stored in the cloud.
- Government and industry should enable effective practices for collecting information from the cloud to meet forensic or e-discovery needs in ways that fully support legal due process while minimizing impact on cloud provider operations.
- The U.S. government should demonstrate its willingness to trust cloud computing environments in other countries for appropriate government workloads.
- Government should demonstrate flexibility in changing budget models to help agencies acquire cloud services and solutions. It also should establish policies and processes for providing fiscal incentives, rewards and support for agencies as they take steps towards implementing cloud deployments.
- Industry should publicly disclose information about relevant operational aspects of their cloud services, including portability, interoperability, security, certifications, performance and reliability. Industry and government should support development of metrics designed to meet the needs of different user groups.
- Cloud providers should enable portability of user data through documents, tools, and support for agreed-upon industry standards and best practices.
- Government and industry should embrace the modernization of broadband infrastructure and the current move to IPv6.
- Government, industry, and academia should develop and disseminate resources for major stakeholder communities to be educated on the technical, business, and policy issues around acquisition, deployment and operation of cloud services.