The murky legal situation concerning standard Cloud Computing contracts

Are disclaimers solid enough to handle all potential liabilities?

Whenever an individual or business takes on a new cloud provider or service they are usually asked to sign some form of binding agreement. The purpose of these waivers is to ensure that, should the provider fail in its obligations, the user can’t legally prosecute them. Most of the time a simple disclaimer is sufficient enough to get the job done – which should contain basic information about roles, responsibilities and what might happen in the event of a disaster.

However, the situation becomes a little bit trickier once you factor in third parties like hackers, malcontents, or unethical employees / insiders. For example, if a cloud provider’s service is undermined by a single employee (or small group) who is acting alone, contrary to the interest of the organization, why should the entire company be held liable? This of course is just one example of the complexity presented by cloud contracts vs. potential real-world events and/or criminal activity.

The European Commission has recently suggested that cloud computing contracts need to be overhauled in an effort to eliminate expensive and unnecessary legal skirmishes. It makes sense, put everyone on the path toward doing what’s right and holding guilty parties liable; seems like a perfectly sensible and noble proposition. Basically, the big fears are still hovering around the issue of data security in the cloud. Because an overwhelming majority of cloud providers now use contracts which do not hold them liable for damages, security breaches, data reliability or service continuity, potential customers are understandably apprehensive.

Likewise, because cloud providers might use remote or third-party data centers for additional storage or backup, whoever they do business with should also be liable for the customers’ data security and integrity. The problem here is that most cloud providers seem to have the attitude that this isn’t their duty, which is completely wrong and needs to be addressed. Naturally, those businesses that have more valuable data stand to lose more than those without. If there is no system of deterrence in place, what’s to prevent criminals from stealing at whim? Creating international laws which make it easier to prosecute data thieves is the obvious answer here. One of the current roadblocks to tracking down digital criminals is the protectionist policies that certain countries have in place preventing authorities from conducting investigations.

One potential solution might be to require cloud providers to purchase some form of insurance for these types of disastrous situations. Naturally, this would also necessitate the creation of specialized insurance programs / policies designed for cloud computing operations. With such a thing in place, cloud providers would be able to, at the very least, financially compensate their clients given the value of their data and service. Another potential resolution for these contractual issues might be to require cloud providers (by law) to set aside a certain amount of funds into a segregated account to be used to cover potential customer losses. However, this still doesn’t solve the greater issue of how to track down and prosecute guilty parties, but it is a great way to ensure that users are aptly compensated for any losses incurred.

Service disruption is a big issue as well. Contracts need to clearly state the terms concerning loss of service and/or gross underperformance. Cloud users shouldn’t be obligated to pay for a substandard service and allowing depraved cloud computing providers to continue on with inferior operations is an affront to cloud computing as a whole. These low-grade cloud providers not only cause damage to users, they also steal business away from legitimate companies who are able to provide a quality service.

In the end, protecting second-rate cloud providers will only lead to an overall increase in the price of quality cloud provider services. Perhaps what’s being brought to light is the fact that cloud computing doesn’t possess the necessary regulatory measure needed to guarantee that it can grow in a free market environment?  

Protect your business or organization with knowledge
One of the easiest ways that any business or organization can protect themselves against all future cloud-related security issues (should they occur) is Cloud Computing education and training. As a matter of fact, if your IT department doesn’t contain any personnel with any form of cloud computing certification, something is seriously wrong. Everyone is turning to cloud computing because it is cheaper and a clear improvement over traditional IT in every way imaginable. Organizations that fail to realize the inherent supremacy in the cloud are going to be left behind as their competitors leverage its awesome power. Even if certification isn’t an option, there are also cloud foundation training programs which are designed to familiarize professionals with every aspect of cloud computing. Armed with cloud knowledge, your organization can avoid the pitfalls and reap all the benefits of this remarkable technology.

Categories: News