Don't let cloud computing legal issues disrupt business

There will, out of necessity, be changes to the risk profile and management of organisations using cloud services.

Surprisingly, cloud computing security is a practical concern rather than a legal one. It is true that the law already provides some options. There will be a contract with the usual stipulations. There is a plethora of rules on data, negligence, and more. Cloud computing legal issues also revolve more around practical concerns: Can you prove that something has gone wrong? Do you have the evidence? The chances are that you do not, and that you will not be able to prove your case.

In the physical world, a stolen laptop quickly comes to light. However, a rogue agent siphoning data from a cloud resource will not necessarily be apparent to the customer who owns that data. Accordingly, there is a heavier reliance on the service provider's due diligence than there has been in the past. There will, out of necessity, be changes to the risk profile and management of any organisation using cloud services as well as the audit and responsibility chains within an organisation.

It is this author's experience that, unfortunately, few who choose cloud services ask the full set of necessary questions before signing up.

A series of due diligence checks will need to be made. Ensure that you ask the following questions, among others not listed here.

• Where is the data stored?
• Is data replicated? (This may actually be desirable so there is backup within the service provider, although this adds to expense of the service and leads to data retention issues if the customer deletes data.)
• What happens to data when it is deleted?
• What happens to hardware used in the cloud (e.g., trailers of servers) when that hardware reaches its end of life and is replaced?

Step 1 should be risk analysis and due diligence. Only after that has been done should step 2, contractual legal protections (such as strong contracts, service-level agreements, robust remedies, etc.) be put in place.

It is worth noting that as cloud services become commoditised and provided by a few big players such as Microsoft and Google, the ability to dictate strong terms will be practically nonexistent (in the same way trying to negotiate a strong BT service level for your phone lines is well-nigh impossible). So step 2 may prove to be illusory, meaning even greater reliance must be placed on step 1.

There are numerous questions that should be asked and clarifications that should be requested. For more advice in this area, read our checklist that covers cloud computing legal issues.

Cloud legal concerns: Final thoughts
A customer of cloud services should go into the deal with its eyes open, aware of cloud legal issues. The law may provide a remedy, but it will be subject to the contract terms, which the customer may have little freedom to negotiate -- assuming that a customer can rely on this by proving its case, which often it cannot.

The law is more than ready to cope with yet another contracted service -- cloud computing. However, the difference this time around is that proving something has gone wrong, so as to take advantage of the remedies the law provides, will be difficult. Due diligence will help by avoiding the problem in the first place.

Mark Weston is a Principal at Matthew Arnold & Baldwin LLP and a contributor to SearchVirtualDataCentre.co.uk

Rate this Tip To rate tips, you must be a member of SearchVirtualDataCentre.co.UK. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Working with colocation or managed service providers Clarifying cloud computing: Unravelling the definitions Is PCI compliance attainable in a public cloud? The benefits of outsourcing server virtualisation Cloud computing's only for grown-ups, survey says Virtual disaster recovery: How to take advantage Crystal ball predictions for 2010 Moving to the cloud: UK guide Defining the Infrastructure as a Service (IaaS) side of cloud Getting cloud to deliver benefits: It's not as hard as it looks Cloud computing: How to draw up your plan Cloud computing services HP unveils Cloud Design Service despite customer caution Clarifying cloud computing: Unravelling the definitions Is PCI compliance attainable in a public cloud? VMware earnings strong, but profit takes a hit: News Roundup Cloud computing's only for grown-ups, survey says Moving to the cloud: UK guide Defining the Infrastructure as a Service (IaaS) side of cloud Getting cloud to deliver benefits: It's not as hard as it looks Cloud computing: How to draw up your plan Private clouds, desktop virtualisation offer data security, flexibility and ROI Data centre IT security and compliance Why virtual machine updates are so important How to steal a virtual machine and its data in three easy steps Don't let dormant virtual machines threaten data centre security Check data migration policies before signing with a cloud provider Legal storm gathers in the cloud Are you operationally ready to recover from a nondisaster? RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.