Cloud Computing – Non Technical Considerations

The cloud presents many opportunities for business to operate more efficiently and with less capital investment. Clearly, the cloud is here to stay and is part of the current language of business and technology.

That being said, it is CRITICAL to educate yourself to ensure you understand the risks (so you can remediate them) and the legal issues regarding cloud computing so you can ensure that you protect your business, your customers and yourself.

Just to give an example of how case law is just emerging on major cloud issues, until just about a week and a half ago, law agencies could seize most any data in the cloud without a warrant. Many people were unaware of this, because the Electronic Communications Privacy Act (ECPA) was primarily written in 1986 and technology has vastly outpaced the law which was written during a time things like cloud storage, cloud email and social networks did not exist and were not conceptualized. That left a lot of decisions regarding data in the cloud and how it could be accessed up to interpretation. New laws just passed have increased protections and ensure that a warrant must be first obtained before legal and government agencies examine your data, however, that was just a WEEK AND A HALF AGO! Think about that for a minute… the cloud has been around for a number of years and this huge issue (not the only issue to be sure) was just resolved.

There are still many issues that must be considered. The seizure of servers and massive numbers of hard drives with customer data in the Megaupload case early this year is a great example. These servers were legally seized by the government as part of an action against Megaupload. Even before you get to the questions regarding what access the government will have to the data on these and what actions they could take against data owners (all in a quest to prosecute the original case against Megaupload of course) there is the question of 'what if that was your data'. How do you get it back, what if you used them as your only place to store that data, etc.

Additionally, there are issues like HIPAA which requires data never leaves US soil, that you are accountable that the cloud provider meet the HIPAA physical security standards, questions around how data is erased(deleted or wiped), Patriot Act issues that are in conflict with HIPAA when gag orders are placed by the government and client access rites and abilities.These issues are complex enough with a storage array sitting in a locked room onsite, but infinitely more complex when the data is shared to servers that are often around the world.

What about business continuity issues that could result by cloud vendors shutting down unexpectedly, whether by legal issues, financial issues, or natural disaster? Is your data backed up somewhere other than the single vendor or single location? Do you know?

None of this should indicate that the cloud is unsafe for business.

It should, however, cause you to slow down and really invest in understanding the implications of moving data to the cloud, and ensuring you have all the right solutions and steps in place to take part in the best of the cloud while protecting yourself against the risks. Jumping into the cloud without doing homework is risky, and potentially very costly to your business and possibly even customers. There are financial AND legal implications to consider, so make sure you understand what your choices are, what the risks are and what the proper steps to remediate those risks appropriately may be. The cloud is the next big thing to be sure, but it ADDS complexity in as many or more areas than it reduces complexity, and that too must be considered alongside capital and total expenditure issues.

Keep up the happy computing, on land or in the cloud!

Richard Brunke

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>