Web-based services are cost effective – and legally complicated.
The “Cloud” refers to computing services performed in the Internet – and it is morphing and evolving every day. From simple email and remote backup services, to processing on-line transactions of all sorts, transmission of medical records and personal financial information – we are all impacted by the Cloud in our everyday lives.
A business using the Cloud (web-based services) needs to understand and be aware of the additional level of legal complexity.
Cloud computing is broadly defined – and complicated.
The US National Institute of Standards & Technology (NIST) defines Cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This Cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”
Broad network access.
Rapid elasticity (scales easily).
Measured Service (usage metering).
Cloud Software as a Service (SaaS)
(e.g., web-based email).
Cloud Platform as a Service (PaaS)
(e.g., hosting consumer-created or acquired applications).
Cloud Infrastructure as a Service (IaaS)
(e.g., host firewalls).
Community Cloud (shared by a specific community that has shared concerns; e.g. security, compliance).
For more info see: http://csrc.nist.gov/groups/SNS/Cloud-computing/.
While using the Cloud for web-based services makes good business sense in terms of reduced costs and access to enhanced services, it comes with risks. Once your data is out of your control – out there somewhere on the web – it is wise to assess your risks and use contracts to reduce your risks.
Your contract for web-based services should address:
(1) Security of your data. Handled in compliance with the law? Breaches?
(2) Service Levels. Guaranteed uptime?
(3) Ownership of IP?
(4) Disaster Recovery?
(5) Termination. Transition of data to new service provider?
(6) Audits? Liability? Indemnity?
(7) Choice of Law?
These are general guidelines. Each business using web-based services should assess their specific requirements – and take steps to reduce risk and ensure that their service providers are operating in compliance with the law.
I am always interested in learning from first hand experience. Are you using web-based services to run your business? What has been your experience?