How I learned to stop worrying and love the cloud

YOU CAN’T FAIL to have noticed the emergence of “cloud” as the current technology buzzword. So what’s it all about?

If you use Hotmail, Twitter, buy from Amazon, eBay or use business applications such as, you are already a cloud user. 

Lawyers have been falling over themselves writing alarmist commentary regarding the barriers of using cloud computing.  But by looking more closely at what an organisation is trying to achieve, and by establishing a checklist for likely issues, those issues can be dealt with sensibly, and the advantages of cloud computing realised.

Some suppliers admit they are still working out how to price cloud offerings and this is reflected in the variety of contractual terms on offer. 

However, from a contractual perspective, there is no one-size-fits-all solution. A number of providers are emulating their previous ‘application service provider’ (ASP) and ‘software as a service’ (SaaS) terms but often these feature service provision on an “as is” basis, insufficient data security provisions and limited remedies for breach of obligation.

The overriding concern seems to surround data, personal data and the security of data. Potential users worry where their data will be located, whether it is split, who else’s data is held in the same place and whether there is a danger of cross-contamination (not to mention confusion as to who owns the infrastructure in the first place).

To keep a grip on the issues it is important to separate data security from personal data in your mind.

Technically speaking, security is the Achilles heal of cloud computing. Potential customers need to determine how much the security issues around cloud are purely perception, and to what extent security really is the weakest link in the offering. 

Suppliers argue that the cloud is now sufficiently established and that they have the financial and people resources to provide better security, and faster, than many of their customers. Some potential customers disagree. Recent quotes include the head of information security at Renault F1, who said: “With 40% of our workforce mobile, it would make sense to put some data in cloud, but my biggest concern about cloud storage is data security.”

graph-cloud-computing-featureAs with all commercial relationships, the underlying contract needs to work and to meet the needs of both parties.

The only way to satisfy yourself that the cloud is sufficiently secure for your purposes is to negotiate a suitable contract which clearly sets out your concerns (and what happens if an issue arises). ‘As is’ service provision isn’t going to cut it. Neither are provisions that lock the customer into a contract with the supplier, or provides limited remedies if issues arise, or features limited customer data security obligations.

Practically, there are ways for customers to improve, or at least have some control over, the security offering and these can be worked into the standard due diligence process and the subsequent contract. (See checklist.)

In short, while there are issues with any new technology, and a desire to avoid finding oneself at the bleeding edge of technological advancement, it is clear that cloud computing is here, will be developed further and will become increasingly ubiquitous. And it is also clear that the legal issues are the same as those with which we are already familiar. They merely require fresh application to a new scenario.

Mark O’Conor is partner, intellectual property and technology, at DLA Piper London and a member of the commercial strategy workstream for the Cabinet Office’s G-Cloud programme

Related reading

Life Belt with Computer Folders