Virtually every established industry in the world presently involves risk transfer and massive insurance markets to absorb unexpected catastrophic financial or legal impacts, except for the cloud computing industry. Industries that rely on the insurance marketplace range from banking to property, energy to transportation; even the rental car industry relies on insurance for business-sustaining risk mitigation purposes. The cloud computing sector is an emerging industry with enormous promise with equally great unseen, aggregated financial liabilities. Prediction: The risk transfer marketplace for cloud computing will soon take hold through the powerful force of sheer, simple economics.
Over four months during the first half of 2010, Gartner convened an IT council comprising CIOs of large enterprises that consume cloud services. The Gartner Global IT Council for Cloud Services defined six rights and one responsibility of service consumers that will help both providers and consumers establish and maintain successful business relationships. This article is an excerpt from a paper authored by the council and describes some of the most pressing rights and responsibilities, along with the reasons why they are necessary.
Your company uses cloud computing as a cost-effective element of its business operations. And then one day your company is sued. What are the implications?
I recently watched the CSPAN coverage of Cloud Computing in political campaigns held at the Graduate School of Political Management at George Washington University. Participants shared their views about cloud computing in campaigns, but the issue of“Auditing through the Cloud” appeared problematic. I put on my “Auditor” hat and began to question a number of issues related to the performance of a reliable audit in a Private, Public or Hybrid Cloud environment.
An extensive discussion about various platforms, architectures and application layers as well as corporate protocols and policies provide a lot of food for thought as we consider how, when and if we should deploy a Public or Private Cloud in our enterprise.
The ability to establish standards for auditing through the cloud is captured in ISO/IEC27001 “Information Security Management which replaces BS7799-2. The standardapplies Organization for Economic Cooperation and Development (OECD) principlesgoverning security of information and network systems to the process of developing“Best Practices” which will ensure that providers and customers are satisfied with thelevel of transparency, security and verifiability of both the process and the results of anaudit review. The standard is intended to provide a foundation for third party audits.
James Urquhart - Manager, Cloud Computing & Virtualized Data Centers Marketing at Cisco Systems, Inc
Lately there has been some intersting claims of the superiority of public clouds over privately managed forms of IT, including private cloud environments. Regardless of the technical and organizational realities, there is one element that is completely out of control of both the customer and cloud provider that makes public cloud an increased risk: the law. Ignoring this means you are not completely evaluating the "security" of potential deployment environments.
Have SaaS Contracts Become Commodities? From a software licensing attorney perspective the answer is in some ways yes, and other ways no. Here is a more thorough explanation.
IT contracts are arguably more important than contracts in other industries. In most industries, the buyer purchases a tangible product they then own, or generally knows what type of services they will receive. However, in the IT world the buyer does not own the product and is often unsure of exactly the type of service they will receive. Here is an article on figuring out the purpose of an end user contract.
Scott Sanchez - Director of Cloud Security Solutions at Unisys Corporation
Why are the issues for BDSG any different in a cloud computing environment? People see it as a risk, some of which I believe are real and others which I believe are just perception.
James Urquhart - Manager, Cloud Computing & Virtualized Data Centers Marketing at Cisco Systems, Inc
One of the biggest issues facing individuals and corporations choosing to adopt public cloud computing is the relative lack of clarity with respect to legal rights over data stored online. However, a recent note written for the Minnesota Law Review gives a thorough outline of where we stand with respect to the application of Fourth Amendment law to Internet computing.
Stefan Ried - Sr Analyst, Business Process Platforms, Middleware, Cloud, SaaS, PaaS at Forrester Research, Inc
Cloud Computing challenges the CIO legally as well as technically. There are many challenges which CIOs will face when running firm critical applications and data over the Internet. The most successful CIOs have built an IT governance strategy to avoid the uncontrolled variety of technologies, meta data and business process evolution in their IT landscape.
The Altimeter Group published a report called the Customer Bill of Rights: Software-as-a-Service that outlines "39 Best Practices to Improve Client - Vendor Relationships". Here is an overview with some suggestions for SaaS vendors.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
As a cyberlaw expert, Zittrain, has his worries about the shift to the cloud. His arguments generated a big response during this show so he clarifies some of his points and explains further his worries about cloud computing.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
The Co-Founder of the Berkman Center for Internet & Society & Harvard Law Professor, Jonathan Zittrain and Technology Columnist for the Wall Street Journal, Kara Swisher, discuss the possibilities and potential dangers of cloud computing.
Michael Manos - SVP of Service Operations at Nokia Corporation
How Regulation, Texas, and National Borders are Shaping the Infrastructure of the Cloud. Most people think of the Cloud as a technical place defined by technology, the innovation of software leveraged across a scale of immense proportions and ultimately a belief that its decisions are guided by some kind of altruistic technical meritocracy. At some levels this is true on others one needs to remember that the Cloud is ultimately a business.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Many people consider the development of Cloud Computing to be as sensible and inevitable as the move from answering machines to voicemail. As more and more of our information is gathered from and shared with others - through Facebook, MySpace or Twitter - having it all online can make a lot of sense. The cloud, however, comes with real dangers.
James Urquhart - Manager, Cloud Computing & Virtualized Data Centers Marketing at Cisco Systems, Inc
Lawyers are finding the uncertain legal and regulatory terrain of cloud computing fertile ground for new legal analysis and business. The gap between the cloud and the current state of legislation is serious. Here are a few examples of some of the issues and advancements in the cloud legal discussions.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Jonathan Zittrain reprises his popular Minds for Sale talk at Harvard Law School. He presents the potential dark side of cloud labor, discusses how cloud computing is not just for computing anymore, and takes questions from the Harvard Law School Alumni Community.
CEO of CyberRiskPartners, LLC discusses the global impacts of the Internet and the implications for shared risk, self-governance, and the future of data privacy.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Harvard law professor and author Jonathan Zittrain discusses the unusual and distinctive technologies whose power increases in proportion to the people participating in them, contrasted with other technologies that leverage what the few can impose on the many - whether a PC virus maker who crashes millions of machines or a law enforcement officer who can use new consumer platforms to spy far easier than before.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
A new range of projects are making the application of crowdsourcing as purchasable over the cloud as additional server rackspace. Professor of Law and co-founder of the Berkman Center for Internet & Society at Harvard, dives into the ethics and issues surrounding cloud labor.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Dartmouth College Institute for Security, Technology, and Society presents Professor Jonathan Zittrain, Harvard Law School on Civic Technologies and the Future of the Internet.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Jonathan Zittrain, the inspiration behind Herdict.org, the community driven site that tracks web filtering around the world, introduces some of the most exciting features of the site.
Jonathan Zittrain - Professor of Law & Co-Founder & Director of the Berkman Center for Internet & Society at Harvard University
Harvard's Jonathan Zittrain discusses his new book "The Future of the Internet - and How to Stop It" with a response by Professor Larry Lessig and an introduction by Google's own Vint Cerf.
Despite the ever-increasing buzz about cloud computing and its purported operational and economic benefits, insurance executives still have many legitimate questions about the value and security of the cloud computing model. Insurance & Technology has identified four of the most pressing questions and provides some answers to help CIOs make up their minds.
Last week’s possibly lightning-caused outages at Microsoft and Amazon Web Services reiterated a very important lesson in cloud computing: Stuff happens, and even the best-laid plans won’t stand up to an act of god or faulty electrical infrastructure. That’s why the burgeoning field of cloud insurance looks even better than ever. A well-thought-out insurance model will address the actual costs and risks of cloud outages or security breaches, for both customers and providers.
CIO - Here's the scenario: Your IT team writes a web service, and part of its WSDL interface includes a hash algorithm the team came up with on their own. You publish the API and your business partners use your clever little hash in integrating with across cloud services. Years later, you get a letter from a lawyer from a town in Texas you've never heard of, claiming you've infringed on a patent you never heard of. Your team scrambles to replace that hash algorithm, but that means a change to your API and some of your business partners resist making the change. It doesn't matter though: the infringement has already occurred, and you're going to pay somebody quite a bit of money even if you can prove your innocence.
There are no legal precedents concerning transnational laws and trade agreements with respect to cloud computing.
Due to this lack of regulation, companies in smaller nations are vulnerable to foreign governments seizing their data when it’s hosted internationally in a cloud-based system.
While this shouldn’t encourage paranoia, companies should seriously consider where they host their data in the cloud.
The migration of computing into a cloud of massive data centres spread all over the world is giving regulators a headache as they find themselves on the back foot of an industry-driven trend.
Cloud Computing will be a disruptive technology that will ultimately change the face of computing," with a market approaching $300 billion over the next five years, according to recent research from the Market Intel Group.
The seemingly unstoppable migration of data to the "cloud" is undoubtedly due to numerous financial benefits, particularly for small and medium-sized companies that historically didn't have the same capital budgets as larger enterprises. However, what lurks below the surface is that this boundless upside isn't without significant risks from a legal and compliance perspective.
From Gmail and Flickr to Marks & Spencer and Mothercare, you would be hard-pushed to find a consumer or business in the UK that does not rely on at least one cloud-based service.
An umbrella term for outsourced technology services, such as email and web hosting, cloud computing allows businesses to outsource a crucial but highly specialised part of their operation to a specialist firm. But with cloud services now so ubiquitous and easy to use, could companies be overlooking the legal implications of such a major shift in their business?
Content
