NASCIO report provides overview of cloud-computing risks
A new report by the National Association of State Chief Information Officers (NASCIO) is designed to help state and local governments better understand and prepare for the risks stemming from the use of cloud computing. Titled "Capitals in the Clouds, Part III — Recommendations for Mitigating Risks: Jurisdictional, Contracting and Service Levels," the brief provides an overview of such issues as service agreements, how to evaluate service providers, interstate collaboratives, data protection and privacy, and the location of data storage.
"Shrinking budgets continue to push state CIOs toward finding cost savings, new efficiencies and achieving greater economies of scale," said Doug Robinson, executive director of NASCIO, in a press release. "Cloud solutions will certainly be part of this mix and will involve new risks. Our latest brief focuses on understanding and mitigating these risks."
"We fully anticipate further adoption of cloud computing and creation of multi-jurisdictional collaboration across the country," added Carolyn Parnell, co-chair of NASCIO's Enterprise Architecture and Governance Committee and the CIO for the state of Minnesota, in the release. "We're expecting a proliferation of state and local government partnering. This presents some of the jurisdictional issues CIOs are facing or might face in the future, and calls to action for anticipating and avoiding potential conflicts of laws."
Among the issues the report urges state and local governments contemplating cloud computing to consider are the potential for data breach, the total cost of the service, and the service provider's access to and use of government data. The report urges governments to involve their legal staffs early in their planning for cloud-computing use and their negotiation of service terms.