Along with its never-ending stream of possibilities in revolutionizing the invention, development, deployment, scale, updating, maintenance and payment for data and applications, cloud computing brings a variety of legal risks to the table, and companies must consider these before entering a highly optimized public cloud.
Risk from uncertainty over where sensitive data and applications physically dwell arises from what Baselinemag.com calls the “nationless state” of the public cloud. Among these ricks are jurisdictions where laws governing the protection and availability of data are very different than what companies are used to. Information in the cloud can also be widely distributed across various legal and international jurisdictions (which each have different laws concerning security, privacy, data theft, data loss and intellectual property) due to the virtual and dynamic nature of cloud computing architecture.
Furthermore, when operating in the cloud, issues concerning privacy, data ownership and access to data cause many questions to arise. National or international legal precedents for cloud computing may be few and far between, but companies nonetheless must ensure that they can immediately access their information and that their service provider has appropriate backup and data-retrieval procedures in place.
A new paradigm of licensing—in which traditional software license agreements will be replaced with cloud service agreements—will be replaced with cloud service agreements as a result of the legal framework of cloud computing. Lawyers representing cloud service providers will subsequently try to reduce the liability of their clients by proposing contracts with the service provided “as is” without a warranty. Under this new paradigm, the service is provided without any assurance or promise of a specific level of performance. This added rick must be evaluated within the context of the benefits derived from the cloud as well as the proposed data which will be stored in the cloud.
Cloud computing also causes issues for companies that have to meet increasingly stringent compliance and reporting requirements for the management of their data. These issues pose major risks in protecting companies’ sensitive data and the information assets their customers have entrusted them to watch over.
In summary, enterprises must make sure that their cloud service providers specify where their data dwells, the legal framework within those specific jurisdictions and the security, backup, anti-hacking and anti-viral processes the service provider has set up. Despite these risks, cloud computing has enormous benefits which should make companies eager to take advantage of its optimization, scalability and cost savings that cloud computing provides. While embracing the cloud, companies must simply conduct a more detailed legal analysis and assessment of risks, much like they would with traditional IT services. For more information on security relating to Cloud Computing, please visit Nubifer.com.
Filed under: Cloud Compliance, Cloud Computing, Cloud Monitoring, Cloud Security, Software-as-a-Service , Cloud Compliance, Cloud Computing, Cloud Security, Software-as-a-Service
