Data ownership question looms for cloud providers

Find opportunities — and win them.

Cloud computing requires an evolution in thinking on the part of agency managers and cloud providers on issues including acquisition and data ownership, a panel of CIOs representing defense and civilian agencies said.

For contractors jumping on the cloud computing bandwagon had better get ready to address data ownership concerns of their customers.

Agency CIOs who have already moved applications to the cloud are advising their brethren to lock down ownership of the data and to make sure it is in writing.

Agency managers moving to the cloud have to stipulate upfront in their contracts that ownership of data must remain with the agency, agency CIOs engaged in cloud implementation told attendees at the recent Cloud/Gov 2011 conference.

The CIOs spoke about acquisition, cloud governance, data ownership, return on investment and workforce issues related to the cloud Feb. 17 at the conference held by the Software Information and Industry Association and the consulting firm Input in Washington, D.C.

The Veterans Affairs Administration, for example, has developed a private cloud that runs in a commercial provider’s facility.

“We made sure that when the contract was put in place that our folks understood and the provider understood that we are not giving the data and business rules away,” said Stephen Warren, VA's deputy CIO.

If an agency is in a situation in which its contract is about to expire and the agency managers want to move to another service provider, they’ve got a problem if someone else owns their business rules. “Now you are not only paying to get out, you’re also paying to get in,” Warren said. The VA makes sure that it owns data that is core to VA’s mission of providing service to veterans, he said.

“We have 25 applications at [the Securities and Exchange Commission] in the cloud,” said SEC CIO Thomas Bayer. “All of our vendor contracts [stipulate] we own the data, workflow and IT associated with the management of those systems. We are moving more into the cloud and that is a prerequisite,” Bayer said.

“I think part of the message to the business community is there is no long-term lock-in based on the cloud," VA’s Warren said. “We still run across some folks who don’t get that,” he said. “There isn’t a guarantee of 50 years of revenue."

Cloud computing has the potential of letting agencies share capital expenditure risks with vendors, which is what Keith Trippie, executive director of enterprise system development for the Homeland Security Department, likes about the shifting business model.

The traditional vendor license model is very complex, he said. Open-source software is helping to drive down costs. However, technology providers should be willing to develop pay-for-what-you-use revenue models rather that continue to promote a licensing model where software and equipment wind up on the shelf unused.

“I think if the vendor community will take that step, then we’ll see a shift in the business model,” Trippie said.