Falling through clouds
Legally, do you dare trust your business's data to the cloud?
Computerworld - Everyone knows the big virtues of using cloud computing services: They're cheap, you can scale them on demand, and they're fault-tolerant. Everyone also thinks they know cloud computing's vices: a variety of security and management concerns. What a lot of people have been missing, though, is that there's another real problem with cloud computing: legal liability.
You see, the default contract from Amazon Web Services and the other major public cloud providers puts the onus for any privacy trouble that might develop on you, the customer, not them. So, say that 100,000 of your best customers' records end up on WikiLeaks because your cloud provider's security is breached. Who do you think is going to be legally and financially responsible for the leak and any damages it causes? You can probably guess, but I'll tell you anyway: If you signed the standard cloud contract, you are. Never mind that it was the cloud provider's security failure; you're the one who will be stuck with the bills. Lucky you.
According to one report from SearchCloudComputing, Eli Lilly, the pharmaceutical giant, is fighting with Amazon over just these kinds of issues. Amazon's Werner Vogels denied the story's contention that Eli Lilly had walked away from AWS. "Eli Lilly is still very much a customer and has not dropped their use of AWS," wrote Vogels. Be that as it may, not everyone is content with Amazon's contract policies. Burton Group analyst Drue Reeves said at the Burton Group's Catalyst conference, "We don't feel like there's enough transparency in Amazon. We would like to trust you [but need more information]."
Trust is important. Eli Lilly was burned publicly once before by an accidental release of the e-mail addresses for nearly 700 subscribers to its Prozac.com e-mail alert. The company certainly doesn't want a repeat performance of that, and no company wants to be left holding the bag in the event of a data breach because of the negligence of a cloud provider.
So, what can you, as a corporate officer, do about this? Tanya Forsheit, founding partner at the Info Law Group has some advice. First, Forsheit told me, you should be aware that "many providers of cloud services tends to offer one-size-fits-all contracts. You shouldn't just sign up for them. You need to negotiate."
In fact, Forsheit thinks you should start looking at the legal aspects of any cloud deal long before you get around to talking about the contract. "You should ask questions about data security and privacy during the preliminary stages, even before you get to the contract. You should ask them what kind of privacy and security controls they have, whether they'll let you audit their security, and what they will agree to in regards to liability. These are all places where there's room to compromise. On your side, you need to know what level of risk you're ready to take. If a provider won't agree to even consider negotiating, that's a big red flag, You need to be ready to walk away from the deal."
More by Steven J. Vaughan-Nichols
- Steven J. Vaughan-Nichols: Patent trolls under attack, but not dead yet
- Steven J. Vaughan-Nichols: Bye, Nokia, nice knowing you
- Steven J. Vaughan-Nichols: Who should really worry about Apple/IBM? Microsoft
- Steven J. Vaughan-Nichols: Does HP have a development pipeline or a pipe dream?
- Steven J. Vaughan-Nichols: Give us the Windows 8 Start menu and no one will get hurt
- Steven J. Vaughan-Nichols: Windows 8.1 Update 1, now with less annoyance
- Steven J. Vaughan-Nichols: Here comes the black market for XP patches
- Steven J. Vaughan-Nichols: What's the best smartphone? That's the wrong question.
- Steven J. Vaughan-Nichols: Office for iPad: Big deal, or big yawn?
- Steven J. Vaughan-Nichols: Who needs operating systems anymore? Not you.
- Case Study: Intuit Turns to Self-Service IT Intuit empowered its users to resolve their own IT issues with a consumer-like experience to free IT to focus on more strategic initiatives....
- Automation for a Better Tomorrow Check out the five most common annoyances facing enterprise IT service desks today, and how automation can resolve all of them. Download the...
- Beyond the Enterprise App Store Leverage proactive, secure and automated IT Service delivery to move beyond the traditional App Store and empower your users. Read the white paper...
- Bridging the Gap Between Business and IT There's a growing gap between business users and IT services. Differences between what users want and what IT can provide are driving a...
- Expert Panel: Enterprise Mobility and Data Loss Prevention When it comes to enterprise mobility, it's not just about devices, it's about the way people work. Hear this expert panel discuss the...
- Princess Cruises collaborates across the globe in the IBM cloud Norm Ayers, Director of Emergency Response and Social Projects at Princess Cruises explains how IBM and Cloud helped the company rapidly scale its... All Management White Papers | Webcasts