When your data's in the cloud, is it still your data?
Your contract with a cloud provider should have language clearly affirming your ownership of your data
Computerworld - When your data resides on a cloud provider's infrastructure, your ownership rights could be compromised. For example, what's to prevent the cloud provider from deciding to access your data and use it for its own purposes? That's why any contract for cloud services should include language clearly affirming your ownership of your data.
The good news is that well-established cloud vendors are beginning to include language along these lines in their standard contracts. For example, section 10.2 of the Amazon Web Services contract states:
"Your Applications, Data and Content. Other than the rights and interests expressly set forth in this Agreement, and excluding Amazon Properties and works derived from Amazon Properties, you reserve all right, title and interest (including all intellectual property and proprietary rights) in and to Your Content."
It hasn't always been this way with cloud computing, but as customers have voiced their ownership requirements, providers have made improvements in this area. As the cloud continues to evolve, if customers clearly state their needs, then smart cloud providers will listen and respond.
Depending on the nature of your data and how it's processed in the cloud, it may also be necessary for the contract to include language affirming your institution's ownership of the results of any processing of its data that occurs while on the cloud provider's system.
With ownership clarified, the next step is to identify the limitations on how the cloud provider may use your data. In most cases, you'll want to limit the provider's use solely to that which is necessary for it to fulfill its obligations under the contract. It is also prudent to specifically exclude the provider from any mining of your data.
Be ready for the divorce
Once your data and processes have moved to cloud, you become more dependent upon the provider. You could be locked into its services, a situation that increases the cloud providers leverage over you in negotiating contract terms.
I know this sounds like advising someone to find a divorce lawyer before getting married, but to mitigate the risk of vendor lock-in, you need to plan in advance for the eventuality that you may decide to switch to a different provider or bring your data and processes back in-house. With this in mind, the contract should state your rights to access your data on an ongoing basis. Specifically, the contract should:
* Describe the process by which your data will be returned, whether done midterm or upon contract termination.
* State the amount of time the provider will have to turn over your data.
* Specify that the data must be provided in a commonly used format that is pertinent to your expected needs, and not in a proprietary or otherwise inaccessible format.
Other columns by Thomas Trappler
- NASA's cloud audit holds value for all
- Who can pry into your cloud-based data?
- Does your cloud vendor protect your rights?
- Software licensing in the cloud
- For credit card handlers, cloud computing guidelines just got clearer
- Regulations and the cloud: HIPAA modification provides clarity
- Certification programs are making it easier to know all about a cloud vendor
- The do's and don'ts of safeguarding cloud-based data with encryption
- For a good cloud contract, start with an RFP
- It takes a team to create a good cloud contract
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Using VM Archiving to Solve VM Sprawl This CommVault whitepaper discusses how archiving virtual machines can mitigate VM sprawl with a comprehensive approach to VM lifecycle management.
- Keep Your Network Available, Efficient and Secure Make the most of your network by working with experts who "get it." CDW and F5 have partnered to keep networks highly optimized....
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts