Legal concerns curb corporate cloud adoption
Inside the enterprise, the biggest obstacle to cloud computing is often the company's own corporate counsel. Here's how IT is getting to yes with legal.
Computerworld - The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was, essentially, "These people must be nuts."
"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.
To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for 12 months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's assessment of the contract was blunt: "The terms were offensive," she says.
Tanya Forsheit, with whom Bowen shared the dais at a Practising Law Institute seminar on cloud computing in San Francisco last summer, says she has similar concerns. "The cloud providers try to convey a take-it-or-leave-it attitude for their contracts, expecting people to click through the 'I accept' options the way people click through the iTunes website," says Forsheit, a founding partner of InfoLawGroup who works out of the firm's Manhattan Beach, Calif., office.
Because of the take-it-or-leave-it approach of cloud providers, IT professionals are running into problems with the legal professionals charged with mitigating the risks that their organizations face. That's the case at the Port of San Diego, where Deborah Finley just began thinking about using a small vendor's cloud-based email archiving service.
"We're a medium-size organization without the leverage a larger organization might enjoy. The vendor's contract had a limitation of liability for the cost of the contract, while our legal department has standard language about indemnification," says Finley, the Port's director of business information and technology services. "To change that language, we would need board approval."
After some back and forth, Finley and the Port lawyers reached a compromise, but she's reluctant to go to the board every time she wants to sign a cloud computing contract.
For Finley and many other IT execs, the bottom line is this: Cloud computing is supposed to make things easier and cheaper for IT, but instead, it's turning lawyers and CIOs -- two groups with more common ground than they realize -- into adversaries, at least temporarily.
The lawyers, whose job is to advise the company on legal, risk and compliance issues, want to limit contracts that ignore or gloss over matters related to data loss, privacy, security and e-discovery. CIOs, whose job is to advise the company on technological issues, want to provide computing capabilities to business units as quickly as possible.
As cloud computing becomes more prevalent, the two groups can find themselves at loggerheads -- though both are striving to serve the business.
As an IT leader, how can you come to terms with your company's legal counsel? How can the two of you work together to make your company's transition to the cloud fruitful rather than fretful? The process is fairly simple, cloud pioneers say: Ask lots of questions and exercise a healthy dose of due diligence -- all of which can lay the groundwork for future teamwork in the cloud.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!