Legal concerns curb corporate cloud adoption
Inside the enterprise, the biggest obstacle to cloud computing is often the company's own corporate counsel. Here's how IT is getting to yes with legal.
Computerworld - The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was, essentially, "These people must be nuts."
"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.
To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for 12 months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's assessment of the contract was blunt: "The terms were offensive," she says.
Tanya Forsheit, with whom Bowen shared the dais at a Practising Law Institute seminar on cloud computing in San Francisco last summer, says she has similar concerns. "The cloud providers try to convey a take-it-or-leave-it attitude for their contracts, expecting people to click through the 'I accept' options the way people click through the iTunes website," says Forsheit, a founding partner of InfoLawGroup who works out of the firm's Manhattan Beach, Calif., office.
Because of the take-it-or-leave-it approach of cloud providers, IT professionals are running into problems with the legal professionals charged with mitigating the risks that their organizations face. That's the case at the Port of San Diego, where Deborah Finley just began thinking about using a small vendor's cloud-based email archiving service.
"We're a medium-size organization without the leverage a larger organization might enjoy. The vendor's contract had a limitation of liability for the cost of the contract, while our legal department has standard language about indemnification," says Finley, the Port's director of business information and technology services. "To change that language, we would need board approval."
After some back and forth, Finley and the Port lawyers reached a compromise, but she's reluctant to go to the board every time she wants to sign a cloud computing contract.
For Finley and many other IT execs, the bottom line is this: Cloud computing is supposed to make things easier and cheaper for IT, but instead, it's turning lawyers and CIOs -- two groups with more common ground than they realize -- into adversaries, at least temporarily.
The lawyers, whose job is to advise the company on legal, risk and compliance issues, want to limit contracts that ignore or gloss over matters related to data loss, privacy, security and e-discovery. CIOs, whose job is to advise the company on technological issues, want to provide computing capabilities to business units as quickly as possible.
As cloud computing becomes more prevalent, the two groups can find themselves at loggerheads -- though both are striving to serve the business.
As an IT leader, how can you come to terms with your company's legal counsel? How can the two of you work together to make your company's transition to the cloud fruitful rather than fretful? The process is fairly simple, cloud pioneers say: Ask lots of questions and exercise a healthy dose of due diligence -- all of which can lay the groundwork for future teamwork in the cloud.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Neustar 2014 DDoS Attacks and Impact Report For the third consecutive year, Neustar surveyed hundreds of companies on distributed denial of service (DDoS) attacks. The survey reveals evidence that the...
- Acxiom Case Study This case study, which focuses on Acxiom, explores how the company was able to secure employee data, reduce migration costs and boost productivity...
- Windows® XP Migration: Protect and Secure Critical Data With the end of the Microsoft Windows XP operating system's lifecycle on April 8, 2014, businesses are faced with the decision to migrate...
- Enhancing Application Protection and Recovery with a Modern Approach to Snapshot Management This CommVault Business Value and Technology White Paper explains how Simpana IntelliSnap® Recovery Manager can make your application recovery fast and reliable.
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts