WASHINGTON - When the city of Los Angeles migrated to Google Apps last year, city officials insisted that the deal require that its data remain in the U.S.
They didn't want to risk the possibility that city government data could end up on a server in a foreign country located outside U.S. legal jurisdictions.
Such concerns about cross border access to data don't yet seem to be hampering the growth of commercial cloud computing. In fact, at a Congressional Internet Caucus forum to discuss regulation and cloud computing, cloud vendors urged lawmakers to resist regulation to see how the cloud computing market evolves and adapts.
"It is premature for Congress to be pass legislation," said Dan Burton, senior vice president for global public policy at Salesforce.com, who spoke at Monday's forum at the U.S. Capitol.
Burton said that current data security tools, such as the Safe Harbor certification program, appear to be working for providers and users of cloud-based applications. Cloud providers that sign up for the U.S. Department of Commerce's program voluntarily pledge to follow the European Union data protection principals.
"There is this creaking policy infrastructure which is holding up OK," said Burton.
Salesforce.com also knows from experience that businesses can work around cross-border concerns. The provider of hosted CRM applications has, for instance, signed contracts with customers in Japan who are accessing data off Salesforce.com's data centers in the United States.
Nonetheless, Salesforce.com in filings with the U.S. Securities and Exchange Commission has warned investors that it believes "increased regulation is likely" in areas that could impact its business.
Meanwhile, Microsoft has been urging Europe to adopt a common set of data rules.
Jim Reavis, co-founder of the Cloud Security Alliance, who wasn't on the forum panel, said in an interview that he sees problems ahead if issues concerning the protection of data once it crosses international borders aren't resolved.
In Europe, in particular, there's a lot of concern about the reach of the U.S. Patriot Act, passed in response to 9/11, which increases the ability of law enforcement to access data, said Reavis. The Patriot Act "is something that definitely gets debated hotly outside the United States," he said.
"There is a long-term risk that U.S. companies may need to move offshore if the laws in the United States aren't changed," said Reavis.
The Obama Administration is proposing new data privacy laws that may affect some cloud providers, but it has not proposed any cloud specific laws.
But the administration may see the need for international agreements.
At a separate forum on cloud computing held by the National Institute of Standards and Technology last week, federal CIO Vivek Kundra said that as data moves across multiple boundaries, the U.S. and other countries have to think about "data sovereignty" issues. "We have to think about governance models," he said.
Burton would like to see the U.S. send a strong signal that it will "pledge to work cooperatively to overcome the policy barriers that sort of Balkanize data flows." Such a policy statement "would create a lot of confidence in the cloud," he said.
David Valdez, vice president of public affairs for the Computing Technology Industry Association (CompTIA), said a lot of concerns about cloud computing can be handled with education and through service level agreements with businesses and consumers.
"There is not a need for new laws and regulations," said Valdez.
What the U.S. companies do control, right now, is a cloud computing market that is growing is by leaps and bounds.
"If you are a startup company right now in Silicon Valley, the venture capitalist will demand that you run your business on the cloud," said John Calhoun, managing partner of OnPoint Consulting, who was also on the panel at the Congressional Internet Caucus panel.
Calhoun's confidence in the cloud finds some support in Gartner's estimate of the market for cloud-based infrastructure services, which allow users to acquire server, storage, networking and other services through cloud providers.
Gartner expects the worldwide market for infrastructure services in the cloud is expected to increase from $3.7 billion in 2011 to $10.5 billion in 2014.
Patrick Thibodeau covers SaaS and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov , or subscribe to Patrick's RSS feed . His e-mail address is [email protected] .
Read more about cloud computing in Computerworld's Cloud Computing Topic Center.