The SaaS nature of the cloud as a leading and widely adopted technology has introduced a new set of challenges for providers and end users. Whether companies employ a hybrid, private or public cloud model, the cloud by its very nature will create new dynamics in the relationship between a company and its data, and, now, a third party: the cloud provider: and it is not always transparent, from a buyer’s point of view, just what set of services, service levels and guarantees are on offer.
For example, does the cloud provider rent their data centres rather than owning them outright? What if your data is breached or stolen? Ultimately it may not just be the cloud vendors who will be held responsible when lawsuits are initiated.
These situations can affect the legal contract and licensing agreements and companies may find themselves without adequate legal protection if they have not negotiated their contract with cloud vendors adequately.
Frank Jennings in this interview, makes the point that “if vendors have no assets to pursue, then customers may have little recourse despite a robust contract… and that if in your contract the SLA suggests hundred percent availability does it really mean that in practice”?
The importance of data security has always been important cloud computing. Data theft and an increase of sophisticated cybercriminals represent a rapidly growing problem. For many companies, the firm belief that they actually own the data that the vendor utilises and gathers on their behalf may be held in error if it is not detailed clearly in the services contract. Companies need to understand which methods of infosec, including data encryption are being deployed and insist on independent audits of security procedures, and to be informed immediately if there are security breaches.
With this year’s NSA revelations from Edward Snowden and the rise in cyber attacks and third party snooping, companies no longer have the option of making assumptions about ownership and protection. The Web has seen an increase of the amounts of multi-border disputes that take place and the fact that cloud computing facilitates huge transfers of data across borders, simply exacerbates the problem. If your contract does not implicitly state that all data is owned by you, and that you have a right to receive all copies of client data once the cloud vendor permanently destroys all copies in its possession, then you may have liabilities.
Technet Magazine lists some of the issues companies should consider at all stages of the contractual process:
- Initial due diligence
- Contract negotiation
- Termination (end of term or abnormal)
- Supplier transfer
Frank Jennings is a lawyer specialising in cloud & technology, advising cloud customers looking to manage risks when adopting cloud and advising providers to prepare clear cloud contracts. His clients come to him not just for his specialist legal advice but also rely upon him for his “can-do” mentality and his pragmatic approach to solving problems and managing risk. He chairs the Cloud Industry Forum’s code governance board and has published a number of reports on contracting cloud services and keeping data secure. Independent legal directory Legal 500 ranks him #1.
About the Beyond Cloud series
Taking a conversational, interactive approach, we pose four broad but critical questions on the issues impacting businesses today to perspectives including Technologists, Strategists, Users, CEOs, Marketers and other Business and Thought Leaders across the sector. Each session begins with positioning our guest, by means of what Cloud means to their role and their business – either the delivery or use of cloud – including views on the risks and the opportunities. The conversations – each unique but overlapping as a result of the various points of view on offer – then move to the outcomes and promise of this technology and, from there, where and when regulation and standards should (or shouldn’t) come into play. We close with their views on what this cloud thing really means and where it is might take us, going forward.
The nature of our guests and the variety of discussion provides a broad set of insights which in whole or in part promises to deliver some clarity and a framework for understanding of the impact of cloud technology to all audience. We welcome your comments and feedback.
Produced by IntelligentHQ, hosted by Groupe INSEEC London and presented by Daniel Steeves, Beyond Cloud is a “mostly pitch-free” environment: discussions will necessarily include product and company references but, hopefully, used to illustrate rather than to sell.
Daniel is a management consultant with Beyond Solutions Ltd. More a realist than a futurist, Daniel Steeves advises SMEs to transform and grow their businesses – and enable a different way of thinking – both as a Partner with James Caan’s Advisory Business as well as independently across the Digital, Social, Technology and IT sectors. Daniel is a growth-focused change agent with thirty years leading, brokering, designing and selling complex programmes. He collaborates at C-level, adding experience and perspective to fine-tune what your business says and does (and sells and delivers) with a focus on profitable, sustainable growth.