Falling through clouds
Legally, do you dare trust your business's data to the cloud?
Computerworld - Everyone knows the big virtues of using cloud computing services: They're cheap, you can scale them on demand, and they're fault-tolerant. Everyone also thinks they know cloud computing's vices: a variety of security and management concerns. What a lot of people have been missing, though, is that there's another real problem with cloud computing: legal liability.
You see, the default contract from Amazon Web Services and the other major public cloud providers puts the onus for any privacy trouble that might develop on you, the customer, not them. So, say that 100,000 of your best customers' records end up on WikiLeaks because your cloud provider's security is breached. Who do you think is going to be legally and financially responsible for the leak and any damages it causes? You can probably guess, but I'll tell you anyway: If you signed the standard cloud contract, you are. Never mind that it was the cloud provider's security failure; you're the one who will be stuck with the bills. Lucky you.
According to one report from SearchCloudComputing, Eli Lilly, the pharmaceutical giant, is fighting with Amazon over just these kinds of issues. Amazon's Werner Vogels denied the story's contention that Eli Lilly had walked away from AWS. "Eli Lilly is still very much a customer and has not dropped their use of AWS," wrote Vogels. Be that as it may, not everyone is content with Amazon's contract policies. Burton Group analyst Drue Reeves said at the Burton Group's Catalyst conference, "We don't feel like there's enough transparency in Amazon. We would like to trust you [but need more information]."
Trust is important. Eli Lilly was burned publicly once before by an accidental release of the e-mail addresses for nearly 700 subscribers to its Prozac.com e-mail alert. The company certainly doesn't want a repeat performance of that, and no company wants to be left holding the bag in the event of a data breach because of the negligence of a cloud provider.
So, what can you, as a corporate officer, do about this? Tanya Forsheit, founding partner at the Info Law Group has some advice. First, Forsheit told me, you should be aware that "many providers of cloud services tends to offer one-size-fits-all contracts. You shouldn't just sign up for them. You need to negotiate."
In fact, Forsheit thinks you should start looking at the legal aspects of any cloud deal long before you get around to talking about the contract. "You should ask questions about data security and privacy during the preliminary stages, even before you get to the contract. You should ask them what kind of privacy and security controls they have, whether they'll let you audit their security, and what they will agree to in regards to liability. These are all places where there's room to compromise. On your side, you need to know what level of risk you're ready to take. If a provider won't agree to even consider negotiating, that's a big red flag, You need to be ready to walk away from the deal."
More by Steven J. Vaughan-Nichols
- Steven J. Vaughan-Nichols: Windows 7 lives!
- Steven J. Vaughan-Nichols: You can keep using XP for another year, but do you really want to?
- Steven J. Vaughan-Nichols: Told you so! Microsoft backs off on Metro
- Steven J. Vaughan Nichols: Windows 9 in 2015: Desperation isn't pretty
- Steven J. Vaughan-Nichols: Lessons for IT from Windows 8/Metro
- Steven J. Vaughan-Nichols: The Windows killer: Chromebook
- Steven J. Vaughan-Nichols: Amazon Drone: Stunt or service?
- Steven J. Vaughan-Nichols: Microsoft after Ballmer: Can this company be saved?
- Steven J. Vaughan-Nichols: From Microsoft, more Windows fail
- Steven J. Vaughan-Nichols: The Web at 20: What's in store over the next two decades?
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Future Focus: What's Coming in Enterprise Mobility Management (EMM) Find out why Enterprise Mobility Management (EMM) solutions that are truly future-ready must be designed to enable Machine-to-Machine (M2M) capabilities and much more.
- The CIO's Guide to Enterprise Mobility Management (EMM) This guide will help those making an EMM platform decision make the best choice for their organization.
- Yankee Group: BlackBerry Results Refute Rumors of its Demise Yankee Group: BlackBerry® is stronger than the press makes it out to be.
- Your New EMM Platform: How to Streamline the Migration Smartphone migration can be resource-intensive and challenging. Find out how outsourcing the process can save significant time and money.
- Live Webcast Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information...
- Increasing the Value of Your Reports and Dashboards Learn how incorporating other analytical capabilities such as predictive modeling and visualization can increase the value of your reports and dashboards by providing... All Management White Papers | Webcasts