In what could be a sign of hesitation by some IT executives to store sensitive data in the cloud, Harris Corp. has pulled out of its off-premise remote hosting business because of lack of adoption from customers.
Harris Corp. - an international provider of communications and IT services - last year opened a 100,000-square-foot data center in Virginia with the goal of hosting data for government, health care and financial industry customers. But, not more than a year after the company's Cyber Integrated Center opened in May 2011, Harris announced plans on Monday to close the facility and sell the data center.
Background: 4 essential cloud security tips
"The company determined that although demand continues for cyber security and cloud-enabled solutions, its government and commercial customers currently prefer hosting mission-critical information on their own premises rather than remotely," the company said in a press release.
Mark Jordan, an analyst with Noble Financial Markets who tracks Harris and the defense and intelligence industry, said the move was not made as part of larger cuts within the company. Harris invested in a market that wasn't providing a return, so it backed out, he said. Harris expects to incur a $70 million to $80 million after-tax charge because of the action.
"This is a sign, at least in the intelligence and defense industry, that there is reluctance to move to a third-party hosted environment for sensitive data," Jordan said.
Robert Mahowald, a cloud researcher with IDC, was surprised by the move. Government agencies, he said, are being encouraged to move as much data and IT resources to the cloud as possible as a way to save money and reduce capital expenses.
"I don't know that demand is not there," he said. But, agencies also have to work with IT providers that are certified through the Federal Information Security Management Act (FISMA), which Mahowald said has strict requirements to become compliant with. Harris spokesperson Jim Burke said the data center was FISMA compliant, yet customers still were not utilizing the service.
According to the National Institute of Standards in Technology fact sheet about FISMA, to become certified by the U.S. General Services Administration, an organization must provide documentation in the following areas: access control, identification and authentication, audit and accountability, encryption, system and communications protection, physical security, personnel security, continuity of operations, awareness and training, incident response, security planning, system integrity, and acquisition.
Jordan, the Noble Financial analyst, said even if a data center is FISMA certified, government agencies must have a good reason to move data off site.
"Unless the financials make the decision overly compelling, in the intelligence and defense world, they are going to be overly sensitive to valuable information," he said.