“Cloud computing” is a relatively recent buzzword, which dates back only to the mid-1990s and has gained in popularity over the past 10 years. The concept however dates back to the mainframe computers of the 1950s.
Today, cloud computing refers to the sharing of a centralized server and software resources that are accessed via the Internet. The size of the cloud computing market is estimated to be more than $150 billion and it is growing at the rate of approximately 50% per year.
There are three types of Cloud computing models:
- Software as a Service (SaaS)
- Platform as a Service (PaaS)
- Infrastructure as a Service (IaaS)
With the SaaS model, cloud providers manage a common infrastructure and platform, such as a server, and provide users with access to software and/or databases available on the server. Pricing for the service may be on a pay-per-use, pay-per-user, or a flat subscription basis.
With the PaaS model, a cloud provider provides a common platform that may include an operating system, a database, a web server, or other tools. The platform serves as an environment in which application developers can develop and run software.
With the IaaS model, computing resources such as virtual server space, bandwidth, network connections, etc. are provided centrally and are accessible via the Internet.
Cloud computing offers several advantages over traditional models for delivering computing services:
- lower cost
- faster and easier updates
- device and location independence/neutrality
- ease of maintenance
- reliability, especially in disaster scenarios
- improved performance
- productivity (e.g., multiple users working on the same data simultaneously)
Cloud Contract Issues
Until relatively recently, cloud service contracts were offered on a “take it or leave it” basis, much like the boilerplate contracts one might receive from the phone company. Recently, however, in the face of greater competition, cloud service providers have become more willing to open up the terms to negotiations.
The principle issues to be negotiated are similar to those negotiated in conventional non-cloud agreements, with certain tweaks required for the cloud environment. One of the most important issues to be checked carefully is data security and privacy – especially the tools used to ensure the privacy of consumer data (such as credit card numbers) stored by a business using a cloud service.
Data security and privacy
Certain businesses agree to store their data on a cloud specifically because they believe that cloud service providers are familiar with privacy and data protection issues and actually have more safeguards in place for protecting data. Recent data breaches across the spectrum of businesses, involving retailers, banks, health insurance providers, and a major American movie studio, show just how vulnerable many corporate cloud networks are.
Cloud computing agreements should not only include representations and covenants as to the level of data security that will be provided (“industry standard,” “best available,” or otherwise) but should also state what the providers’ liability will be if those representations and covenants are not met and a data breach occurs as a result.
Since data breaches can cause billions of dollars in damage and lead to massive consumer lawsuits, cloud service providers will try very hard to cap and otherwise limit their liability. Customers of cloud computing services will need to mitigate their risk of a data breach by taking into consideration:
- liability and indemnification provisions in the cloud services agreement
- the financial stability and resources of the cloud services provider
- the insurance coverage maintained by the service provider
- the user’s own insurance coverage
- viable technical alternatives –does the cloud provider offer better security than the user’s own internal systems?
If you have questions about cloud computing issues, either as a provider or consumer of cloud computing services, please contact our office.