Yesterday the TechAmerica Foundation released a report from the Commission on the Leadership Opportunity in U.S. Deployment of the Cloud ("Cloud2") titled "Cloud First, Cloud Fast: Recommendations for Innovation, Leadership and Job Creation." The Commission, which consists of 71 companies and organizations primarily from industry, developed the report at the encouragement of the Federal Chief Information Officer and the U.S. Department of Commerce. The Commission was tasked with developing recommendations for accelerating adoption of cloud technologies and to identify public policies that will help foster U.S. innovation, leadership, and economic growth in cloud computing.
The report delivers detailed guidance through 14 recommendations that are categorized into four themes: Trust, Transnational Data Flows, Transparency, and Transformation. Of particular interest to those who draft, structure and negotiate cloud computing contracts are the following five recommendations of the Commission.
1. Recommendation 1 (Security & Assurance Frameworks): Government and industry should support and participate in the development and implementation of international, standardized frameworks for securing, assessing, certifying and accrediting cloud solutions.
2. Recommendation 3 (Response to Data Breaches): Government should enact a national data breach law that preempts state law to clarify breach notification responsibilities and commitments of companies to their customers, and also update and strengthen criminal laws against those who attack computer systems and networks, including cloud computing services. The notification requirements should be based on risk of harm.
3. Recommendation 5 (Privacy): The U.S. government and industry should promote a comprehensive, technology-neutral privacy framework, consistent with commonly accepted privacy and data protection principles-based frameworks such as the Organization for Economic Cooperation and Development (OCED) and/or Asia-Pacific Economic Cooperation (APEC) frameworks. The Commission believes this would be a step toward fostering a global marketplace for cloud services.
4. Recommendation 6 (Government / Law Enforcement Access to Data): The U.S. government should demonstrate leadership in identifying and implementing mechanisms for lawful access by law enforcement or government to data stored in the cloud. The U.S. government needs to address the uncertainty and confusion caused by national security statutes that are viewed as barriers to a global marketplace for cloud services.
5. Recommendation 9 (Transparency): Industry should publicly disclose information about relevant operational aspects of their cloud services, including portability, interoperability, security, certifications, performance and reliability. Industry and Government should support development of metrics designed to meet the needs of different user groups. These metrics should be developed in an open and transparent environment, taking into account the global nature of cloud use.
A complete version of the Commission's report can be found here.