Earlier this week, a wide range of companies testified to the House Committee on Oversight and Government Reform on the question whether it makes sense to bring government IT infrastructures to the cloud. The key concerns of the hearing surrounded security issues and data that is not under local control anymore on the side of critics as well as cost and security improvements on the side of proponents.
Google led the charge with its testimony, highlighting that storing data on local computers is the equivalent of storing cash under a mattress. Storing data in the cloud, however, is like keeping cash in the bank. While some may reason that data cannot be recovered in a way money can be recovered when it is stolen from a bank, Google pointed to data that is stored on thousands of local notebooks that are carried around and can be lost or stolen. Data that is stored in the cloud could solve the problem as lost hardware would not result in lost data, Google said.
The company also argued that cloud computing can result in infrastructure cost savings of up to 50%, or up to $38 billion for the federal government. A large portion of that would simply come from hardware investment savings: According to Google, only 7% of actual server capacity is typically used.
The committee acknowledged that the number of data centers in the United States Government has gone from 482 to over 1100 in over a decade. In the private sector, IBM went from 282 data centers to 12.
Microsoft was a bit more cautious, but also said that “cloud computing in its many forms creates tremendous new opportunities for cost savings, flexibility, scalability and improved computing performance for government, enterprises and citizens.” But he noted that cloud computing requires expertise, and that it “presents new security, privacy and reliability challenges, which raise questions about functional responsibility (who must maintain controls) and legal accountability (who is legally accountable if those controls fail).” Microsoft believes that cloud security will result in “shared responsibility” between the provider and the government client.