Harris Corp. has pulled out of its off-premise remote hosting business because of lack of adoption from customers in what could be seen as a sign of hesitation by some IT executives to store sensitive data in the cloud.

Harris - an international provider of communications and IT services - last year opened a 100,000-square-foot data centre in Virginia with the goal of hosting data for government, health care and financial industry customers. But, not more than a year after the company's Cyber Integrated Center opened in May 2011, Harris announced plans to close the facility and sell the data centre.

"The company determined that although demand continues for cybersecurity and cloud enabled solutions, its government and commercial customers currently prefer hosting mission-critical information on their own premises rather than remotely," the company said.

Large cuts at Harris

Mark Jordan, an analyst with Noble Financial Markets who tracks Harris and the defence and intelligence industry, said the move was not made as part of larger cuts within the company. Harris invested in a market that wasn't providing a return, so it backed out, he said. Harris expects to incur a $70 million to $80 million after-tax charge because of the action.

"This is a sign, at least in the intelligence and defense industry, that there is reluctance to move to a third-party hosted environment for sensitive data," Jordan said.

Robert Mahowald, a cloud researcher with IDC, was surprised by the move. Government agencies, he said, are being encouraged to move as much data and IT resources to the cloud as possible as a way to save money and reduce capital expenses. 

Strict requirements for cloud storage

"I don't know that demand is not there," he said. But, agencies also have to work with IT providers that are certified through the Federal Information Security Management Act (FISMA), which Mahowald said has strict requirements to become compliant with. Harris spokesperson Jim Burke said the data center was FISMA compliant, yet customers still were not utilising the service.

According to the National Institute of Standards in Technology fact sheet about FISMA, to become certified by the US General Services Administration, an organisation must provide documentation in the following areas: access control, identification and authentication, audit and accountability, encryption, system and communications protection, physical security, personnel security, continuity of operations, awareness and training, incident response, security planning, system integrity, and acquisition.

Jordan, the Noble Financial analyst, said even if a data centre is FISMA certified, government agencies must have a good reason to move data off site.

"Unless the financials make the decision overly compelling, in the intelligence and defence world, they are going to be overly sensitive to valuable information," he said.