What are the legal issues of Cloud Computing?
Following are some of the legal issues that can arise while running cloud computing services:
Confidentiality: Data in enterprise world is as important as anything. Placing your data in cloud infrastructure is supposed to be vulnerable and insecure. Hence, before and after moving to cloud infrastructure, organizations should carefully judge whether their data is managed confidentially or not.
Liability and responsibility: Liability and responsibility is another legal issues that has to be addressed by cloud vendor as well as customers. It should be regularly monitored to investigate that whether cloud vendors has performed their duties in accordance to Service Level Agreements (SLA) or not. As is cloud definition, customer has to ensure that cloud vendors has sufficient infrastructure, proper backup policy, business continuity plan and all the prerequisite to host valuable data.
Compliance: Before customers will entrust their IT needs to managed or cloud services, they need two things: first, assurance that cloud infrastructure is secure and compliant, and second, visibility into their own security and compliance stance in cloud or managed infrastructure. Cloud vendors should ensure the security and compliance of their customer with powerful incident management capabilities, immediate alerts about suspicious activities, and access to detailed forensic data. It should give its customer all the components required to deliver the compliance and security reports and dashboards they demand.
Data protection, safety and recovery: Data in cloud as said should be safe enough to be trusted and protected from various attacks. Safety and protection is not only enough for operating in cloud but it should have some standard recovery mechanism to recover data in case of failure of system.
Copyright and Ownership: Even though data may be residing in cloud infrastructure in any part of the world, data should be owned by customer and it should have legal obligation of being owned by customer themselves. Data once migrated to the cloud data centers should be completely owned and should be protected by some copyright. Customers should be aware of intentional duplication of data, data being copied or any leakage of data.
Data portability: What if customers want to shift data/ app to other cloud vendors? Data portability is a major hurdle for any customer to migrate from on cloud vendor to another. Is there any legal obligation of cloud vendor regarding the move or not? What if existing cloud vendor do not allow customer to migrate data to other provider? These questions should be clear enough for both customer and vendor and there should be defining answer for these questions.
Right to Audit: IT audit in cloud infrastructure is a necessity for maintaining compliance of cloud vendor as well as customer. Before moving to the cloud, and ideally during the procurement process, you should know your risk appetite and how it feeds the control environment — and then determine the potential cloud provider’s risk appetite. Security, Risk, Compliance are some of the factors that customers need to check periodically for the risk free operations. And while moving to cloud data centers, customers should be legally enforced to have the right to audit their hardware, software, systems and applications.
Termination or Suspension Contract: Cloud computing agreement can be terminated on the account of various reasons. The contract may expire at the end of its stipulated term or it may be terminated for default or material breach of terms of contract. User may also want to terminate the contract to migrate to a better or more cost effective cloud computing service. The user’s data is most vulnerable after the termination of contract and in most cases service provider has no legal duty or liability to handle the user’s data properly unless stipulated otherwise in the cloud computing contract. Hence a careful steps should be taken whenever for various reason a customer terminates the services from cloud service provider.
Confidentiality: Data in enterprise world is as important as anything. Placing your data in cloud infrastructure is supposed to be vulnerable and insecure. Hence, before and after moving to cloud infrastructure, organizations should carefully judge whether their data is managed confidentially or not.
Liability and responsibility: Liability and responsibility is another legal issues that has to be addressed by cloud vendor as well as customers. It should be regularly monitored to investigate that whether cloud vendors has performed their duties in accordance to Service Level Agreements (SLA) or not. As is cloud definition, customer has to ensure that cloud vendors has sufficient infrastructure, proper backup policy, business continuity plan and all the prerequisite to host valuable data.
Compliance: Before customers will entrust their IT needs to managed or cloud services, they need two things: first, assurance that cloud infrastructure is secure and compliant, and second, visibility into their own security and compliance stance in cloud or managed infrastructure. Cloud vendors should ensure the security and compliance of their customer with powerful incident management capabilities, immediate alerts about suspicious activities, and access to detailed forensic data. It should give its customer all the components required to deliver the compliance and security reports and dashboards they demand.
Data protection, safety and recovery: Data in cloud as said should be safe enough to be trusted and protected from various attacks. Safety and protection is not only enough for operating in cloud but it should have some standard recovery mechanism to recover data in case of failure of system.
Copyright and Ownership: Even though data may be residing in cloud infrastructure in any part of the world, data should be owned by customer and it should have legal obligation of being owned by customer themselves. Data once migrated to the cloud data centers should be completely owned and should be protected by some copyright. Customers should be aware of intentional duplication of data, data being copied or any leakage of data.
Data portability: What if customers want to shift data/ app to other cloud vendors? Data portability is a major hurdle for any customer to migrate from on cloud vendor to another. Is there any legal obligation of cloud vendor regarding the move or not? What if existing cloud vendor do not allow customer to migrate data to other provider? These questions should be clear enough for both customer and vendor and there should be defining answer for these questions.
Right to Audit: IT audit in cloud infrastructure is a necessity for maintaining compliance of cloud vendor as well as customer. Before moving to the cloud, and ideally during the procurement process, you should know your risk appetite and how it feeds the control environment — and then determine the potential cloud provider’s risk appetite. Security, Risk, Compliance are some of the factors that customers need to check periodically for the risk free operations. And while moving to cloud data centers, customers should be legally enforced to have the right to audit their hardware, software, systems and applications.
Termination or Suspension Contract: Cloud computing agreement can be terminated on the account of various reasons. The contract may expire at the end of its stipulated term or it may be terminated for default or material breach of terms of contract. User may also want to terminate the contract to migrate to a better or more cost effective cloud computing service. The user’s data is most vulnerable after the termination of contract and in most cases service provider has no legal duty or liability to handle the user’s data properly unless stipulated otherwise in the cloud computing contract. Hence a careful steps should be taken whenever for various reason a customer terminates the services from cloud service provider.
About the author
Admin
Working as Full Time Web Application Developer and Big Data Consultant. Specialized in Web Application technologies like reactjs, PHP, YII and CMS like WordPress, Apache Spark, and SCALA. Masters in Information System.
0 comments:
Feel free to contact the admin for any suggestions and help.