Skip the navigation

Legal concerns curb corporate cloud adoption

By Howard Baldwin
December 3, 2012 06:00 AM ET

Trappler says that one of the things he stresses in his classes is the importance of team building -- where the team includes the business process owner (the one who needs the cloud service), legal counsel, representatives of IT and people involved in procurement, risk management, vendor management and security. WellStar's Fisher concurs: "When IT and the attorney and someone from compliance all sit down and go through a contract, with give and take about what's best for the organization, you get a lot of goodness out of it."

Industry watchers say it's all a question of due diligence, of knowing what the risks are. There are risks in everything, even in managing data on your own premises. The biggest question is, How do you mitigate the risk? How do you protect yourself as best you can without stifling the business?

"David Wells" (a pseudonym for a Fortune 500 corporate counsel who requested anonymity) agrees that getting subject-matter experts into one room promotes understanding. Each person can address facets of the deal with his own expertise, which helps the group identify which issues are worth worrying about and which aren't. "Otherwise, you can have lawyers spinning scenarios and creating fear, uncertainty and doubt. If you can't get past FUD because people don't understand it, you'll either crater the deal or, worse, do a bad one."

How do CIOs and counsel start collaborating? By asking questions. Ideally, the CIO should know the questions to ask before the attorney even requests the answers, but that doesn't always happen. "That's why I ask the same questions over and over," says Wells. "My people finally know not to come to me without the answers to my questions."

Beyond that, lawyers suggest CIOs ask what clauses in the contract really mean. Wells says that service-level agreements drive him especially crazy. He sees contracts promising restitution for downtime, but the amount of payback is minimal. "If your lawyer's not paying attention, your remedy for downtime is actually pennies on the dollar, and you give up your right to sue for breach of contract by accepting it," he says. "If you have a service provider [whose systems are] chronically down, the lawyer should insist on the right to terminate for breach of contract."

E-discovery is another issue that lawyers tend to focus on more than CIOs do. Murphy notes that there are companies like Nextpoint and X1 Discovery that specialize in discovery in the cloud, but the issue is more complex than it appears at first glance.

Forsheit agrees. "In the cloud, data is being replicated, so it creates more data for discovery, including metadata," she warns. Federal rules require that you must know where the data is and ensure that e-discovery will find it. "But if there's a server in the cloud that nobody thought about," she says, "people can get sanctioned or jailed, and lawyers can be disbarred."

In the end, legal experts say, getting IT and legal to agree on cloud contracts comes down to a matter of careful communication. "They have to speak each other's languages," Forsheit says. "Counsel needs to understand IT and vice versa. Doing it another way is not an option."

Baldwin is a frequent contributor to Computerworld.

This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.

Read more about Cloud Computing in Computerworld's Cloud Computing Topic Center.



Our Commenting Policies