The Senate passed SB 310 which requires the regulatory flexibility committee to study security issues related to cloud computing by state agencies.
The study must cover issues regarding potential security risks presented by the use of cloud computing services based on the:
(1) mission of an agency that might use cloud computing services;
(2) types of data that an agency might have;
(3) level of sensitivity of the data;
(4) potential services to be used; and
(5) existing and potential security related threats to the state agency.
The bill doesn’t define “cloud computing,” and the Wikipedia definition is a little beyond me, but generally, it has a privatization feel to it:
In general, cloud computing customers do not own the physical infrastructure, instead avoiding capital expenditure by renting usage from a third-party provider. They consume resources as a service and pay only for resources that they use. Many cloud-computing offerings employ the utility computing model, which is analogous to how traditional utility services (such as electricity) are consumed, whereas others bill on a subscription basis. Sharing “perishable and intangible” computing power among multiple tenants can improve utilization rates, as servers are not unnecessarily left idle (which can reduce costs significantly while increasing the speed of application development). A side-effect of this approach is that overall computer usage rises dramatically, as customers do not have to engineer for peak load limits. In addition, “increased high-speed bandwidth” makes it possible to receive the same response times from centralized infrastructure at other sites.
Cloud computing can simply be Google Docs, which I used on occasion when I worked for the State for a few projects. Or, off-site storage is often considered “cloud computing”, which the State actively does for security concerns regarding backups. Better to have a backup off and away than in the same building in case of fire, theft, etc.
I work for a company that makes backup software, some of which can be used in cloud computing.
That said, there is a serious discussion about security of your data. As your data changes hands and gets farther from your own datacenter, it gets harder to know that someone isn’t accessing data they shouldn’t have access to.
There are many ways to address the issue, my personal favorite is to encrypt the data with your own key before sending to the cloud.
However, it isn’t something to fear and avoid completely. A could data center can store exabytes of data much cheaper, per megabyte, than a private company (or government) can store their terabytes.