I participated as a member of a group studying the benefits, risks and responsibilities associated with the use and provision of cloud computing services. The group was formed to provide advice to the European Network and Information Security Agency (ENISA). The group spent over nine months intensively looking at the cloud and identifying issues that are of importance to the cloud.
While the report focuses on cloud computing from a European perspective, the vast majority of the analysis and conclusions have general applicability. While I’ll leave it to readers to apply the report to their own businesses, the key legal conclusion was that most legal issues associated with the cloud should be remedied in the parties contracts. For those interested in the conclusions of the legal team, they are at pages 43, 81 and Annex I of the report.
Cloud providers and users should be able to answer the following questions, and understand their repercussions, when engaging in a cloud based transaction:
1. In what country is the provider located?
2. Where is the provider’s infrastructure?
3. Will other providers be used?
4. Where will the data be physically located?
5. Should jurisdiction be split?
6. How will data be collected, processed, transferred?
7. What will happen to the data on termination?
Users of the cloud should do the following:
Focus on how the cloud services will be used, and whether the provider’s contract actually addresses these issues.
Evaluate the cloud structure, and determine whether you and your customers can place data on that provider’s cloud.
Understand data collection, processing and transfer and any legal and regulatory implications.
Determine whether the provider will notify you of security breaches and the how breach is defined.
About David Snead
David Snead is a lawyer whose practice is focused on internet infrastructure providers. In his eleven years in this practice, he has represented clients including multinationals, middle tier hosting companies, and two guys, a server, a T-1 and a huge MasterCard balance.
A long-time WHIR contributor, David Snead is the Web hosting business's best-known legal expert. Through his WHIR blog, he offers a credible legal perspective on both specific actions in the Web hosting business and general developments in legislation.
No related posts.
