Corporate cloud showdown: IT vs. Legal

Computerworld - The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was these people must be nuts.

"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.

To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for twelve months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's reaction was, in her view, reasonable -- "because the terms were offensive."

Computerworld - The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was these people must be nuts.

"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.

To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for twelve months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's reaction was, in her view, reasonable -- "because the terms were offensive."

Tanya Forsheit, with whom Bowen shared the dais at a Practicing Law Institute cloud computing seminar in San Francisco in June, shares similar concerns. "The cloud providers try to convey a take-it-or-leave-it attitude for their contracts, expecting people to click through the 'I Accept' options the way people click through the iTunes website," says Forsheit, a founding partner at the national firm InfoLaw Group who works out of its Manhattan Beach, Calif., office.

That take-it-or-leave-it approach is causing problems for IT internally -- most specifically, with the legal professionals charged with mitigating risk for the organization. At the Port of San Diego, for example, Director of Business Information and Technology Services Deborah Finley has just begun thinking about cloud computing for email archiving with a small cloud vendor.

"We're a medium-sized organization without the leverage a larger organization might enjoy. The vendor's contract had a limitation of liability for the cost of the contract, while our legal department has standard language about indemnification," Finley explains. "To change that language, we would need board approval."

After some back and forth, Finley and the Port lawyers reached a compromise, but she's reluctant to go to the board every time she wants to sign a cloud computing contract.

The bottom line, for Finley and many other IT execs, is this: cloud computing was supposed to make things easier and cheaper for IT; instead, it's turning lawyers and CIOs -- two groups with more common ground than they realize -- into adversaries, at least temporarily.

The lawyers, whose job is to advise the company on legal, risk, and compliance issues, want to limit contracts that ignore or gloss over potential data loss, privacy, security and e-discovery issues. CIOs, whose job it is to advise the company on technological issues, want to provide computing capabilities to business units as quickly as possible.

• Google I/O 2013's Coolest Products and Services
• 10 Star Trek Technologies That are Almost Here
• 19 Generations of Computer Programmers
• 25 Must-Have Technologies for SMBs
• A walking tour: 33 questions to ask about your company's security
• 15 social media scams
• The 7 elements of a successful security awareness program