Cloud adviser: Where's your data?
Be sure your contract specifies where your data can be located and obligates the cloud provider to tell you when the data has been disclosed to a third party.
Computerworld - With cloud computing, technology has advanced more quickly than the law's ability to effectively address its implications.
Consider the U.S. Patriot Act. It was recently revealed that U.S.-based cloud providers may have to comply with Patriot Act requests for data that's located in a provider's European data centers, even though this conflicts with the European Union's 1995 Data Protection Directive.
In response to that conflict, the European Commission recently announced that it plans to propose reforms to the EU directive by the end of January 2012.
Of course, cloud computing was not even a buzzword when the directive was first formulated in 1995. But all of this serves as a good reminder to ensure that your cloud-computing contract effectively addresses issues associated with data location and legal requests for data access.
When you use a cloud computing provider, your data travels over the Internet to and from one or more externally managed data centers. It may be in, or processed by, data centers in multiple locations around the world.
A variety of legal issues can arise when a customer's data resides in a cloud provider's data center in a different country than the one in which either the customer or the customer's clients reside. Different countries, and in some cases even different states, provinces or municipalities, have different laws pertaining to data.
A key question about cloud computing remains unresolved: Which law applies to my organization's data in the cloud: The law where I'm located, the law where my data's located, or the law where the data subject is located? International consensus on this issue has not yet been achieved.
Most contracts specify the governing law under which any disputes would be resolved, as well as the location of the court where such disputes would be heard. With cloud computing, applicable laws governing your data could include the laws where your organization is headquartered, where your cloud provider is headquartered, where your cloud provider's data centers are located, where the subjects of the data reside, and potentially the laws of the countries that your data passes through on its way to, from and among the cloud provider's data centers.
For these reasons it's essential for a cloud-computing contract to identify the geographic region within which the data centers hosting your data, and potentially the headquarters of the cloud provider, may be located, and to address the cloud provider's obligations to keep your data in those regions. Otherwise, the overlaps and potential conflicts between the possible governing laws could make legal and data access compliance impossible.
Legal requests for data access
Other columns by Thomas Trappler
- NASA's cloud audit holds value for all
- Who can pry into your cloud-based data?
- Does your cloud vendor protect your rights?
- Software licensing in the cloud
- For credit card handlers, cloud computing guidelines just got clearer
- Regulations and the cloud: HIPAA modification provides clarity
- Certification programs are making it easier to know all about a cloud vendor
- The do's and don'ts of safeguarding cloud-based data with encryption
- For a good cloud contract, start with an RFP
- It takes a team to create a good cloud contract
- Accelerating Cloud Deployment and Operations with Managed Services Companies that do not have sufficient in-house expertise to either deploy or maintain an IaaS cloud should turn to Managed Service Providers .
- Rethinking IT Operations in the Cloud This paper breaks down the challenges that often prevent the cloud from delivering the fast, flexible and affordable infrastructure companies seek - and...
- Gartner Magic Quadrant for Cloud-Enabled Managed Hosting, North America Cloud-enabled managed hosting brings cloudlike consumption and provisioning attributes to the traditional managed hosting market
- Clearing the Network Hurdle to Cloud Deployment Although enthusiasm is high among IT pros for cloud services, an IDG Research Quick Poll survey found that, in fact, the cloud is...
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- ElectricAccelerator: Dramatically Faster Builds and Test ElectricAccelerator dramatically speeds up builds and test by parallelizing jobs across clusters of physical or cloud CPUs. All Cloud Computing White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!