For Tracy (CIO) and other sceptics, security and reliability issues raise serious questions. Outages of Gmail for several hours in February and April frustrated a mass of customers. Amazon, too, has experienced outages due to authentication overloads and other problems.

How much these issues matter will vary depending on the criticality of the system and the risk tolerance of the CIO, Tracy says.

Security is especially important at Rolls-Royce, which makes such items as jet engines for military aircraft and power systems for Navy ships. (The fancy cars are made by BMW.) As a defence contractor, the company is bound by strict federal technology and physical security regulations.

He contemplated cloud computing but not with Amazon or Google partly because, he says, they won't let customers inspect their data centres -- and that's a show-stopper for Tracy.

"You say you want to try cloud computing, but it's only a few hundred bucks a month to them and they say it's not cost effective to allow this tour," he says.

Google, for one, has heard this criticism before. Its response is that customers can feel comfortable with Google Apps because its systems and processes have passed a SAS 70 Type II audit of controls in place to protect data. Google has also published on its enterprise blog some of the ways it manages customer information.

That helps a little, Tracy says, but it's far from enough when he worries about exporting sensitive data. "That requires us to understand where the data is hosted and who has access, [even] the nationality of everyone who is a system administrator," he explains. "That's not feasible in cloud computing, where processing could be in any data centre around the country at any given moment."

http://www.cio.com.au/article/309978/cloud_computing_special_part_2_cloud_control?pp=5