Many fail to consider legal aspects of cloud computing

Thursday, August 05, 2010

Most companies are aware of the various security and management concerns involved with cloud computing; however, some fail to consider the legal aspects of it. They don't know with whom the legal liability lies if cloud data goes astray.

According to the default contract from Amazon Web Services, and a number of other public cloud service providers, the customer is responsible if any privacy issues occur due to a security breach.

Pharmaceutical company Eli Lily experienced this when negligence of its cloud provider caused an accidental release of the email addresses for nearly 700 subscribers to its Prozac.com email alert.

Tanya Forsheit, founding partner at the Info Law Group, warns companies about signing a default contract. "Many providers of cloud services tend to offer one-size-fits-all contracts. You shouldn't just sign up for them. You need to negotiate," she advises.

Before signing a contract, companies can benefit from asking critical questions about the cloud provider's data security and privacy. If possible, companies should ask to audit their security, suggests Forsheit. "There are all places where there's room to compromise. If a provider won't even consider negotiating, that's a big red flag," she explains.