I just read this week that the city of LA is considering the use of Google Apps for storing and processing government data rather than upgrading their internal IT infrastructure. Will data stored by the government at the cloud come back to bite us in the shorts?
This is really an interesting announcement, especially in light of the recent Twitter incident and the breach at Network Solutions. Cloud services are slowly making their way into mainstream business. EMC, HP and IBM are aggressively evangelizing their cloud strategies. I've sat in on several briefings and have great concern that these solutions are not ready for prime time.
In moving the IT infrastructure into the cloud an organization delegates the responsibility for data security and privacy to a 3rd party. While a commercial organization can do it on its own financial risk (i.e. if a breach occurs - that organization is going to have to compensate affected individuals) a government will actually compensate affected individuals with their own funds, paid for by our taxes. I don't know about you, but I pay enough taxes and had had it with government bailouts.
I believe that ventures such as LA's planned use of Google Apps should be avoided until legislation exists that defines who is responsible for the security of personal information stored by governments on 3rd party systems. I'd also like to see a new Federal agency empowered to audit the securuty posture of any 3rd party that stores government data or PII.