Cloud computing business models are precipitating new opportunities and risks for IT suppliers and customers alongside key legal issues.
Consumers and businesses increasingly rely on computing resources in the internet cloud, fuelled partly by faster internet connections, cheaper components and huge datacentres.
Software-as-a-service (SaaS) gives suppliers more control over software access and signals a move away from conventional software licensing models where customers would install the software on their own systems.
Sometimes, these service agreements expose customers to new risks. For
example, Google’s Gmail service is freely available. Gmail is popular and increasingly used by businesses as well as individuals.
Unless users make their own backups of all content stored on Gmail, the content remains at risk; comfort comes from Google’s size and stature rather than any technical or contractual commitment.
Google Docs provides online word processing, spreadsheet and presentation services and allows for document storage on Google servers.
Again, Google gives no commitment to availability or quality and expressly excludes liability for loss of data.
Relying exclusively on Google to replace storage and back-up procedures means risking document loss or corruption or that Google will terminate the service at any time because it deems it no longer commercially viable.
Google’s service is free; users are consequently expected to bear all risk.
This showcases the risk involved when customers put themselves at the mercy of such service providers.
Of course, not all SaaS is offered free.
Nor do most providers have Google’s ability to call the shots on terms of service. Yet users will need to be increasingly accustomed to checking terms so they understand the risks they are asked to bear.
Can SaaS replace software systems, or should users take their own precautions, such as backup and disaster recovery, to compensate for the loss of control?
What commitments are given by the service provider in terms of the quality and availability of the service?
Are these commitments backed up by defined service levels? If the service provider fails to meet agreed service levels, such as availability, does the customer get any form of rebate or discount on payments?
And what if there is a problem with accessing the service what support
commitment will the service provider give?
These may be usual questions, but with SaaS in-house IT teams may not offer
first-line support for cloud-based apps.
Customers will also need to consider how and when the service can be terminated. Do any notice periods give the customer sufficient time to move to an alternative service provider?
Last year saw an increasing focus on data security, with various high-profile instances of data security breach. Customers using service providers in the cloud must evaluate whether or not appropriate data security measures are in place.
Businesses have obligations under the Data Protection Act pertaining to the
security of data relating to, for example, staff, customers and suppliers.
They must also have a data processing contract with third-party suppliers appointed to collect, store or destroy personal data on their behalf. Do the service provider terms include appropriate provisions?
Businesses also need to consider where the data is stored. Transfers outside the European Economic Area would need to be justified under the Data Protection Act.
New business models create new business risks. Cloud computing signals greater reliance on networks, infrastructure and suppliers outside user control.
Customers will need to be increasingly adept at understanding what they are
paying for and how to manage the risk.
There is a silver lining to this cloud, though. For suppliers, cloud computing presents new business opportunities, with customers outsourcing functions that were once done in-house.
Flexible, efficient, cutting-edge tools may cost less. Smaller businesses may level the playing field with fewer up-front costs.
Peter Wainman is is senior solicitor in the technology & commerce team at Mills & Reeve LLP
Security firm set to become part of acquisitive Shearwater Group
Distributor merges three northern sites into one new hub in Warrington
Activist investor puts forward five director candidates as turmoil continues at security giant
Nima Green asks what is driving public cloud uptake in Germany