A long-time favourite blogger of mine, JP Rangaswami recently shifted to Salesforce – I guess they picked up on his keen interest in “cloud computing” in general.

As Chief Scientist at Salesforce, JP now has a more specific interest in Cloud, and it was evidenced in his recent post “You *can* take it with you: musing about cloud principles” where ten principles for cloud computing providers were posited, as a draft which it seems Salesforce at least would be willing to sign up for.

JP’s ten principles are a good starting point (and they’ve kicked off a good conversation – check out the post’s comments), and I think they form a basis for “table stakes” in the trust game that needs to be resolved before cloud fulfills anything like its potential. JP uses the bank analogy, where we trust our financial institutions with some of our most valuable assets rather than stuff our cash in the mattress, but as one commenter points out when suggesting an eleventh “resilience” principle, we need to be able to use the “cash in our pocket” (e.g. a local data cache) when our cloud-based data isn’t readily available.

Another comment highlighted a subtle difference between “Customer data” (i.e. data about the Salesforce customer using the service) and “customer’s data” (i.e. data that the customer is storing on the service) when talking about the `limitation of use` principle: there should be different guidelines about how a cloud provider protects/discloses these different data sets in a `legally compelled disclosure` situation. The other question on disclosure is about the extent to which (for example) Salesforce would push back against information requests from law enforcement or other government agencies – Twitter’s recent action in that arena is one I’d like to see adopted more widely.

Clearly, we are some distance from seeing even these early principles being adopted widely by cloud providers, but if we as customers of cloud services are ever to have even the same level of trust in them as we do in financial institutions (and heaven knows that’s a bit shaky these days!), they are a minimum entry point. If a cloud service provider wants to differentiate themselves, then I think they will have to go well beyond these minimum levels …