Many organizations are quickly running to the cloud, but who is taking the time to evaluate and review the legal issues that comes with this new technology offerings. I have spoken with several organizational legal teams to find out they are brought in after there is a problem, breach of contract or a change of heart. Perhaps, the legal review needs to be done up front.
Let's take a few minutes to talk about some of the key issues. The characteristics of cloud computing -- on demand self-service, elasticity, metered service or ubiquitous access -- make it look like a simple and casual operation, but cloud computing services present many legal issues. Organizations need to tread carefully and perform due diligence, this means bring the corporate attorney into the loop.
Cloud computing legal issues: data location
Organizations need to know where the data they’re responsible for – both personal customer data and corporate information -- will be located at all times. In the cloud environment, location matters, especially from a legal standpoint. I would also demand all your data is encrypted while at rest in the cloud.
Cloud computing legal issues result from where a cloud provider keeps data, including application of foreign data protection laws and surveillance. In my next post, learn about cloud computing legal issues stemming from data location, and how to avoid them.
Cloud computing contracts and cloud outages
When a cloud service goes down, users lose access to their data and therefore may be unable to provide services to their customers. When is a cloud user compensated for the loss of service, and to what extent? Users need to examine how cloud computing contracts account for cloud outages.
In a future post, learn how a cloud outage could negatively affect business and examines some cloud computing contracts and their provisions for cloud outages. You are still responsible for your Business Continuity Plan and Disaster Recovery Plan - you can not outsource that.
Cloud computing contracts: Tread carefully
Organizations must be careful with cloud computing contracts, according to a panel of lawyers at the RSA Conference 2011. Cloud computing contracts should include many data protection provisions, but cloud computing service providers may not agree to them.
In a future post, learn some advice on negotiating with cloud computing service providers and on legal considerations for organizations entering cloud service provider contracts, including data security provisions. I have found many service providers will push back on encryption demands, or even backup requirements. Make sure the contract and services agreement meet all YOUR business requirements, not theirs.
Ten key provisions in cloud computing contracts
When entering into a relationship with a cloud computing service provider, companies should pay attention to contract terms, security requirements and several other key provisions when negotiating cloud computing contracts.
In a future post, I will discuss cloud computing contracts and the ten key provisions that companies should address when negotiating contracts with cloud computing service providers. Have it in writing, including performance metrics, data ownership, and most important, the right to audit their facility and operations.
Developing cloud computing contracts
Cloud service relationships can be complicated. The use of cloud services could sacrifice an entity’s ability to comply with several laws and regulations and could put sensitive data at risk. Consequently, it’s essential for those using cloud computing services to understand the scope and limitations of the services they receive, and the terms under which these services will be provided.
In this series of posts, I will explain the critical considerations for cloud computing contracts in order to protect your organization as well as reviewing the critical steps and best practices for developing, maintaining and terminating cloud computing contracts. I will also give you advice on the terms and length of such contracts, and what your options are if you need to make a change due to performance.
In summary, not all Cloud Service providers are equal, and not all have your best interest in mind. After all, they are in this to make money, your money. Move to the cloud with caution, an open mind, and your legal affairs in order.
Happy Holidays
Bob Lankey
bob@arnettservicesgroup.biz
www.arnettservicesgroup.com
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment