Cloud computing involves the movement of content and applications from personal computers and private data centers to platforms floating somewhere in cyberspace. Users are tethered to their digital property only by an Internet connection; someone else provides and maintains the hardware and software supporting the services they use. Ideally, this shouldn’t give users anything to worry about. Reality, of course, is different. “We still have a long way to go to define what clouds can do and how users should interact with them,” says Vint Cerf, a father of the Internet who is now a vice president and chief Internet evangelist for Google.

Customers are typically concerned about the security and reliability of cloud providers’ operations. High-profile cases have reinforced those concerns–most notably when, earlier this year, the social bookmarking site Ma.gnolia.com irretrievably lost about half a terabyte of user data. “When there’s an outage, they end up in the New York Times,” James Staten, an analyst at Forrester Research, says of the cloud providers. “If there’s a significant security hole, they end up there too.”

Cloud users have the option of taking security into their own hands, says John Landwehr, director of security solutions and strategy at Adobe Systems. Some newer systems, including Adobe’s own LiveCycle Rights Management ES software, encrypt sensitive documents so engineering applications must “phone home” to check a user’s credentials before allowing a document to open. Such measures can head off some of the worries that arise when data and applications are stored remotely on virtual servers owned and managed by another company.

But there are other, potentially tougher problems–for example, the limitations of bandwidth and the architecture of today’s Internet. Customers who want to use clouds to process very large data sets sometimes find that the time it takes to send the data to the cloud provider can negate any time savings gained from drawing on its computational power. “Most of the challenge has to do with the fact that you’re accessing the cloud over the public Internet,” explains John Engates, CTO of the hosting company Rackspace. “Everybody thinks of the Internet as perfect, but it’s not … when you’re copying mountains of data across it, there are going to be failures.” And resending data that has been corrupted in transit makes transmission times even longer. Nick McKeown, director of the Clean Slate Design for the Internet project at Stanford, says that this problem will probably get worse before it gets better. “Everything will be moving around. Computation will move around, users will move around, data will move around,” he says. “Until now, the Internet’s solution to mobility has been a hack, retrofitted to an old and ossified architecture. This isn’t going to be good enough for cloud computing–we need more innovation in the architecture.”

Another issue is making cloud applications as reliable to use as locally running software, even in the face of a spotty network connection. Apple’s MobileMe cloud service, which stores and synchronizes data across multiple devices, got off to an embarrassing start last year when many users were left unable to access mail and synchronize data correctly. To avoid such problems, providers are turning to technologies such as Google Gears, Adobe AIR, and Curl, which allow cloud-based applications to run locally; some even allow them to run in the absence of a network connection. These tools give Web applications access to the storage and processing capabilities of the desktop, forming a bridge between the cloud and the user’s own computer.

But perhaps the biggest issue is the lack of standards, says Reuven Cohen, founder and CTO of cloud-computing provider Enomaly. Right now, if a company starts using the cloud services of one provider, it’s effectively locked in, dependent on that provider. Cohen believes that companies should be free to move their data to whichever cloud provider they want to work with at any time. In the absence of standards that would make this possible, companies such as the startup Cloudkick have sprung up to help users move data from one platform to another.

Mike Evans, vice president of corporate development at the open-source technology provider Red Hat, compares clouds today to the earliest online communities, such as CompuServe and America Online. “They were all siloed communities,” he says. “You couldn’t necessarily inter­operate with anybody else until the openness of the Internet came along.” Evans believes that open-source projects are “critical” to establishing standards that would encourage more companies to use cloud technology.

Two broadly supported open-source projects may help pave the way for such standards. Eucalyptus, which uses an interface familiar to those experienced with Amazon’s Elastic Compute Cloud, provides the means to create a cloud either within a private data center or with resources from a cloud provider. And Hadoop imitates elements of Google’s system for handling large amounts of data.

For the moment, Amazon Web Services seems to be the de facto standard, and the company appears not to be interested in defining more formal standards, which would inevitably force it to give up some control over its platform and make it easier for other providers to compete. Says Adam Selipsky, vice president of product management and developer relations for Amazon Web Services: “We think it’s very early to understand not only what the standards are, but along what dimensions standards are even useful.