Cloud Computing Considerations

Cloud computing is rapidly gaining ground in today’s workplace, offering on-demand storage capacity, software advantages, and related IT department and capital expenditure savings.  The transition to cloud computing, however, comes with a healthy dose of potential hazards. Awareness of these potential pitfalls is essential for companies considering cloud computing and various providers.

The issues associated with cloud computing vary from one provider to another and based on the type of delivery models used to access the cloud and whether services are delivered through public, private, hybrid, or managed clouds.  A company’s needs and the potential risks associated with cloud computing dictate the company’s right cloud computing options.

Unfortunately for small to medium sized companies, most cloud computing providers do not offer customizable contracts to these smaller customers.  Instead, users are presented with non-negotiable “click-wrap” licenses and terms of use, much resembling standard, non-customizable software licenses.  Because these contracts are created by the providers, they invariably favor the provider over the user.  Users should carefully read these contracts and compare the terms offered by several providers before clicking the “I agree” button.  Many times, the liability assumed by the cloud vendors is not on par with the risk delegated to users when trusting their vital data to the cloud.  When reviewing a licenses and terms of use, users should be sure they understand the security features, service level agreement, and other risks and liability provisions of the contract.

One of the largest concerns associated with cloud computing involves privacy and security of a user’s data and the user’s data use patterns.  Once data is transferred to the cloud, customers must rely on the physical and information security measures of their provider.  Users must ensure that the services offered are adequate to protect their data, and that the protections in place comply with applicable laws requiring specific levels of security and encryption of personal data.  Cloud users should also be aware that cloud vendors service and have access to data from multiple customers.  Cloud users may want to ensure that their vendor will not compare its customers’ data and use of data for any purpose, including predicting business trends.  One way to reduce this risk is for the user to ensure that its contract with the provider specifies that its data usage patterns are the user’s confidential property.

Other concerns arise from the fact that data stored in the cloud is transferred from one server to another, often across state and international borders.  This creates jurisdictional questions relating to whether cloud users subject themselves to the laws of the jurisdictions where their data is stored, even temporarily.  The transitory nature of data stored on the cloud may also create issues for companies whose data is subject to auditing or who must otherwise account for the location of their data.

Cloud users should also consider the possibility that they may eventually want to remove their data from the cloud, due to problems with the cloud provider or with cloud computing in general. Users should consider their ability to control how and when the provider will deliver their data.

While cloud computing has been gaining ground over the past several years, the implications of these and other potential legal issues are still the subject of speculation and research.  If you or your business is considering transitioning from traditional computer networking to cloud computing, careful consideration of your business needs, provider contracts, and the possible unknown implications of cloud computing is essential.  Should you need assistance with this or other business matters, Janssen Malloy LLP stands ready to assist.