Legal Issues in the “Cloud”

Posted on July 14, 2011 by Jean

Web-based services are cost effective – and legally complicated. 

The “Cloud” refers to  computing services performed in the Internet and it is morphing and evolving every day.  From simple email and remote backup services, to processing on-line transactions of all sorts, transmission of medical records and personal financial information we are all impacted by the Cloud in our everyday lives.

A business using the Cloud (web-based services) needs to understand and be aware of the additional level of legal complexity. 

Cloud computing is broadly defined – and complicated.

The US National Institute of Standards & Technology (NIST) defines Cloud computing as “a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.  This Cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.”

Essential Characteristics:

  • On-demand self-service.
  • Broad network access.
  • Resource pooling.
  • Rapid elasticity (scales easily).
  • Measured Service (usage metering).

Service Models:

  • Cloud Software as a Service (SaaS) 

 (e.g., web-based email).

  • Cloud Platform as a Service (PaaS)  

(e.g., hosting consumer-created or acquired applications).

  • Cloud Infrastructure as a Service (IaaS)  

(e.g., host firewalls).

Deployment Models:

  • Private Cloud.
  • Community Cloud (shared by a specific community that has shared concerns; e.g. security, compliance).
  • Public Cloud.
  • Hybrid Cloud 

For more info see:  http://csrc.nist.gov/groups/SNS/Cloud-computing/.

 

While using the Cloud for web-based services makes good business sense in terms of reduced costs and access to enhanced services, it comes with risks.  Once your data is out of your control – out there somewhere on the web – it is wise to assess your risks and use contracts to reduce your risks. 

 

Your contract for web-based services should address:

 

(1)  Security of your data.  Handled in compliance with the law?  Breaches?

(2)  Service Levels.  Guaranteed uptime?

(3)  Ownership of IP?

(4)  Disaster Recovery?

(5)  Termination.  Transition of data to new service provider?

(6)  Audits?  Liability?  Indemnity?

(7)  Choice of Law?

 

These are general guidelines.  Each business using web-based services should assess their specific requirements – and take steps to reduce risk and ensure that their service providers are operating in compliance with the law.

 

I am always interested in learning from first hand experience.  Are you using web-based services to run your business?  What has been your experience? 

 

This entry was posted in contracts, Intellectual Property, Legal, The Cloud, Web-based services and tagged , , , , , . Bookmark the permalink.

One Response to Legal Issues in the “Cloud”

  1. John Aebi says:
    February 2, 2012 at 12:07 pm

    There might be a few legal issues of using it, but there’s no doubt that Cloud computing is has brought about a cutting edge in the field of technology.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>