Submitted by: Ned Dunham, Litigator, Kleinbard Bell & Brecker LLP
Many businesses have bought into the idea that “cloud computing” means saving a ton of money while at the same time exponentially increasing information technology capabilities. There is considerable upside in converting to this paradigm-shifting approach, but companies also need to exercise some necessary precautions.
We begin by demystifying the term. Cloud computing is a marketing term that refers to any set of Web-hosted services, files or applications that are used over the Internet. It is a hugely scaleable way to use the Internet to service multiple external customers.
There’s a lot to like about it. Gartner Inc., the technology research and advisory company, thinks that the evolution of cloud computing is no less influential than the advent of e-business. Users can access applications through Web browsers for desktop and mobile apps and thereby save development costs. Shared services and infrastructure convergence make it easier to get applications up and running more quickly with lower development costs and less maintenance and are easier to manage during their operational life. These capabilities provide significant cost savings for users who now are not paying for 80 percent to 90 percent excess capacity which they will rarely, if ever, use. On-demand access, or just-in-time access with just the right amount of capacity, makes for more efficiency and less cost. The use of multiple, redundant sites improves reliability and addresses some security concerns.
The value-add proposition is significant. Small- and mid-sized businesses can scale their usage to meet demand and launch new service offerings, products and internal processes that they simply could not have afforded if they had to do it with their own individual hardware and software.
Like most other new technology, however, informed prudence is in order before letting your intellectual property, trade secrets and other information you are charged with keeping private, out of your direct control. When engaging cloud computer vendors, you may be taking the data out of your safe and putting it in someone else’s equally strong safe, or you may be putting it into someone else’s shoe box. Weak systems that are easily penetrated and critical encryption issues fall into the latter category. With careful and knowledgeable planning, you can address the most important operational issues and get the most from your cloud-based system.
When switching its IT operations to cloud computing, a business trades the control of its data and processing for greater efficiencies and cost reductions. This loss of control has a number of risks. Data may be located in servers in various jurisdictions around the world, creating potential legal problems when a dispute arises between a business and its cloud vendors. With access over the Internet, the potential for successful hacking increases exponentially. There may be serious security issues if the third-party vendors do not protect a business’ data like it is their own. Encryption of data, in its several forms, is a major issue that businesses need to address competently to ensure that not only is their data secure but that they have continuous access to it. Finally, the availability of insurance coverage for losses incurred when a business, or its customers, lose access to data and processes, is critical and may be complicated.
These risks can and should be controlled by careful lawyering in close cooperation with IT experts and knowledgeab