The technical benefits of cloud based systems are many. Software is managed and upgraded off-site. Hardware costs are lower because all that is needed to access the system is an Internet connection and browser. Buying and constantly upgrading servers and other hardware is said to be unnecessary. The need for a large IT staff is diminished. Many cloud providers claim they provide higher levels of security and uptime than typical networks. In short, it is argued that cloud computing provides the next generation of IT resources through a platform that is cheaper, scalable and more easily managed than local networks.
Many argue that cloud computing is simply a form of outsourcing. Although this observation has some truth, it understates the legal issues raised by cloud computing.
At the heart of the issues is the fact that use of a cloud based model forces a business to entrust what is typically its most important asset – its information – to a third party. There is no doubt that, for most businesses, when the computers shut down, so does the business. Despite the many benefits of a cloud-based system, the loss of control over a company’s information is probably the most significant psychological hurdle that cloud vendors must overcome.
The legal system is lagging behind the adoption of the technology. For example, the contracts used by many cloud vendors essentially disclaim any responsibility for data loss, downtime, or loss of revenue caused by either. In addition, the federal government (and some state governments) has adopted statutory requirements applicable to many industries. Statutory and regulatory issues abound in the health care, insurance and financial services industries, although there are undoubtedly issues that will affect other industries, as well as businesses generally.
Barnes & Thornburg cloud computing and cyber-security attorneys help clients reduce the risks associated with new and existing ventures. Our legal services include:
- Review, negotiation and drafting of Service Level Agreements (SLAs) and other contracts for cloud computing services.
- Advice and counseling of clients on regulatory compliance associated with cloud computing initiatives.
- Updating or implementing record retention policies in light of cloud computing initiatives.
- Compliance with securities laws. Disclosing risks of data breach and loss in securities filings.
- Advising clients either in litigation or, preferably, prior to litigation to implement strategies for complying with discovery obligations regarding electronically stored information (‘ESI”).
- Advising clients on insurance for cloud computing initiatives including reviewing existing coverages.
- Litigation involving companies adopting cloud-based initiatives due to claims such as those noted above.
- Insurance coverage litigation for coverage for claims similar to those noted above.
- Audits of current company policies and procedures regarding information security, outsourcing and cloud computing.
- Audits and risk analysis of current contracts and applications.
- Audits of current vendor and business associates security practices and procedures.
- Employee training on issues and best practices with respect to cloud computing and information security.