Cloud Computing and Security: Know Your Risks Before You Jump In

“The FBI ranks cyber-attacks as the third greatest threat currently facing the United States, eclipsed only by nuclear warfare and other weapons of mass destruction. According to the Privacy Rights Clearinghouse 500 million sensitive records have been compromised since 2005… These problems are going to get worse. Indeed, 2011 has already been labeled the ‘year of the data breach’ … [and] as more sensitive data moves into the cloud, as we become more dependent on electronic financial records, and as more companies store vast amounts of consumer data on remote servers, the risk that personal data will be improperly disclosed or accessed will necessarily increase.” (From EPIC Warns Congress of Cybersecurity Risks to Consumers by Electronic Privacy Information Center)

Yes, cloud computing can be scary. But it doesn’t have to be dangerous. Here are five tips to help ameliorate the risks of cloud computing, from lawyers and law firms on JD Supra:

1. Be clear on what you are getting…

“Don’t give in to the temptations of ‘going Cloud’ without a program in place that clearly defines what value it provides, how it will de-risk your business and how you will manage new risks over time. Ensure that you have a handle of the realities of Cloud architectures, providers’ capabilities and the business solutions they target to prevent you or your business from being swept up by hype.” (From Getting Smart About Sourcing For Cloud: How Cloud Computing is Impacting Business and how Enterprises should Plan and Source for it by Loeb & Loeb LLP)

2. Identify and meet risks in advance…

“Entering into cloud computing contracts without understanding the inherent risks can cripple an otherwise healthy organization. The good news is these risks can be mitigated, so long as they are recognized, by ensuring that cloud agreements identify each risk, utilizing tools such as insurance, indemnity and limitations of liability to meet the risk balancing objective.” (From Taking the Risk Out of Cloud Computing by Scott & Scott, LLP)

3. Never forget that the biggest risk could be sitting in the office next door…

“More importantly, even if a company is confident that its internal data security measures would pass a SSAE 16 audit, the chances are that your employees are using less secure cloud computing resources without your knowledge… Like the social media policies that most companies have adopted, companies should consider adopting cloud computing policies as well.” (From Security in the Cloud, Your Protection May Be Under Your Control by Winthrop & Weinstine, P.A.)

4. … Or in the Federal building down the street…

“European companies are concerned about entering into agreements with U.S. cloud providers because U.S. companies may be required to turn over data to U.S. government agencies under the Patriot Act. Such disclosures would violate European data protection laws, which require that individuals be given notice when their personal data is disclosed to third-parties.” (From Dutch Government Concerned About Contracts with U.S. Cloud Providers by Loeb & Loeb LLP)

5. Sometimes, the best approach is to avoid the risk altogether…

“One way of protecting IP from the threats associated with cloud computing is not to put it on the cloud. Companies should consider using cloud services for some of their more routine computing functions, while keeping research and other highly confidential information off the cloud.” (From Blue Skies and Stormy Weather: Balancing Risks and Rewards of IP in the Cloud by McNees Wallace & Nurick LLC)


Additional Commentary and Analysis


Follow Technology Law updates on: LinkedIn | Twitter | Facebook | JD Supra