Home » Posts tagged 'cloud computing'
Tag Archives: cloud computing
My Master of Law dissertation on the legal enforceability of Gartner's rights for a cloud computing customer
Cloud Computing is a new technology, where scalable information technology capabilities can be provided as a service to multiple customers commonly using the internet (but also, much less likely, completely locally.) The market impact of Cloud Computing growth is staggering.
The US analysts Gartner estimates that, over the course of the next five years, businesses will spend $112 billion cumulatively on Cloud Computing. This practice-focused dissertation (PFD) promotes the need for the provision of clear legal advice to a business client wishing to implement pay-per-use Cloud Computing facilities within his or her business. This PFD will focus on its use on legal and commercial considerations of small- or medium-sized enterprises (SMEs) concerning “SaaS”, one of the most popular ? deployment methods? of Cloud computing. However, the PFD is of potential relevance of the whole of the Cloud Computing industry.
Gartner suggested in July 2010 that Cloud customers should aspire to six rights in their use of SaaS. The components of the transaction are important. The service level agreement (SLA) can become potentially a legally-enforceable contract which cover an array of other relevant legal concepts. Identifying and controlling the commercial and tactical factors can then lead the lawyer to deliver strategies which directly promote the needs of the client and profitability of the law firm. The major driver of market uptake of Cloud Computing has been in business the SMEs; therefore it seems sensible to investigate attitudes regarding SMEs towards Cloud Computing in detail.
This PFD presents findings from an original online survey from November 2010 of the business and legal attitudes of thirty-two SME Company Directors, predominantly resident in the UK, regarding the six Gartner rights towards the purchase of SaaS. Through analysing an extensive range of legal sources (including established case law and recent statutes particularly), this PFD submits evidence that the practitioner can address a number of different issues in the agreement to provide expert legal solutions. However, this novel approach necessitates lawyers to gain an accurate picture of those problems perceived by clients as the most important in the first place. As these issues are all common to all Cloud deployment methods, to varying degrees, this research should provide a foundation for further research into other classes of clients and deployment methods, to see if the findings extrapolate more widely.
To download this dissertation, click here.
LegalAware interactive presentation on e-commerce: cloud computing and e-mail marketing
Our interactive meeting of the BPP Legal Awareness Society was held last night at 5pm, BPP Business School, London. The Society holds physical meetings which are open to all, including law, finance and marketing students, but we founded the Society to promote the notion that English law is highly relevant (observing of it essential) for the conduct of any English business. All attendees last night were in fact MBA students, keen to learn about the legal aspects of English business in the context of the impact of the internet.
The internet throws up particular challenges, including data protection, security, privacy, governing laws and terms and conditions. Our discussion highlighted how many businesses and their clients would not even know about the existence of such issues.
After an introductory ‘LegalAware’ e-tutorial on e-commerce (link here), we discussed the impact which is likely to be made by “cloud computing” in the business world, the law that might be related to it, before talking about the ‘nuts-and-bolts’ of launching a successful e-mail marketing campaign, and the legal issues which most definitely relate to such campaigns. In case you missed it, I’ve uploaded the presentation here – you can ‘click through’ the menu to get to any slide. The details of the presentations are covered in these posts: cloud computing (here) and e-mail marketing (here).
To open the presentation, please click here.
LegalAware meeting: How the law of Cloud Computing might relate to English SME Directors
The uptake of Cloud Computing
A “cloud service provider” is the business entity that offers the Cloud service. Well-known examples of Cloud Computing providers currently include: Amazon, Google, Microsoft, Dell and Salesforce. Definitions of the “cloud”vary, but one commonly-cited definition is that proposed by the US analysts Gartner:
“A style of computing where scalable and elastic IT capabilities are provided as a service to multiple customers using Internet technologies.”
Cloud Computing customers do not own the physical infrastructure, thus avoiding capital expenditure by renting usage from a third-party provider. The vast majority of clouds consume internet resources as a service, and customers pay only for the resources that they use. Many
Gartner further estimates that, over the course of the next five years, businesses will spend $112 billion cumulatively on Cloud Computing. The US share of the worldwide Cloud services market was 60% in 2009, and will be about 58% by the end of 2010. By 2014, this is estimated to be diluted to 50%, as other countries and regions begin to adopt Cloud services in more significant volumes.
In August 2010, a survey by the IT consultants Spiceworks found that SMEs appear to be driving the uptake of Cloud Computing. In the first half of 2010, 14% of SMEs reported using Cloud Computing services, and another 10% reported plans to deploy Cloud-based solutions. The BBC website on 7 December 2010, in fact, even announced 2011 as “the year of the Cloud”, based on a recent report.
Features of Cloud Computing
There are a number of features of Cloud Computing which are considered advantageous to the Cloud Computing customer. Key advantages include agility in restructuring computer infrastructure, greatly reduced capital expenditure, reliability, security, maintenance and the requirement of minimal IT skills.
There are further features of note:
- Location independence enables users to access systems using a web browser regardless of their location.
- Metering means that cloud computing resources usage should be measurable and should be metered per client and application on a daily, weekly, monthly, and yearly basis.
- Scalability: the key observation is that the ability of Cloud Computing to add or remove resources at a fine level and with a processing time of minutes (rather than weeks), allowing the matching of resources to workload with enormous subtlety.
It may not be immediately obvious to a SME director that there are threats posed by Cloud Computing about legal advice can be sought. My research found that, whilst the SME directors’ interests appear to be protected by Rights which are aspirational, the creation of an agreement, offered by a provider, in return for pay-per-use services, may fulfill the requirements of a contract in law. This contract is bilateral in nature (typical for sale of goods and services), as the parties exchange mutual promises. This contract may potentially protect the client before, during, and after any dispute, should one occur.
I conducted an original study to explore the beliefs, concerns and expectations of SME directors towards Cloud Computing. The relatively recent starting point for my reseafrch was the proposal by Gartner in July 2010 that Cloud Computing customers should have six “Rights” in their service.
Respondents were invited randomly through recruitment advertisements on the discussion board of the Institute of Directors LinkedIn page, Implu LinkedIn page and the main Ecademy discussion board. These internet social-networking sites allow UK directors to engage with topical issues from the business community, and much of the audience are technologically-minded. Only individuals at Director level were invited to respond to the survey.
The majority of respondents were directors of very small businesses with 1-5 members (39%), about a half were already using Cloud Computing (55%), but the vast majority had already heard of Cloud Computing (90%). The sample stated that they had most familiarity with SaaS computing (52%).
To ensure that the Directors were informed about the subject sufficient to answer the questions meaningfully, all respondents were invited to read the current Wikipedia entry on Cloud Computing. These same Directors were then invited to rate a range of features of Cloud Computing as being of particular importance to them, using a rating scale of 3 = most important and 0 = least important.
In descending order, the most important features in a list of ten were deemed to be as follows (figure in brackets denoting the mean number of points): reliability of services (2.6), security of services (2.5), ease of maintenance of services (2.2), cost (2.1), scalability of services (2.1), flexibility in future computer infrastructure organisation (2.1), device and location independence (2.0), ability to meter services (1.8), minimum IT skills involved (1.5) and multi-tenancy architecture (1.3). The two most important factors, reliability of the services and security of services, are arguably very important issues about which a lawyer can give good-quality advice to a commercial client.
The SWOT analysis of the overall business strategy readily identifies the risks of the business to be predominantly the legal risks which need to be managed through a successful risk strategy. Data privacy and security have consistently remained the key areas of concern for Cloud Computing customers at all levels. SMEs can now exploit high-end applications such as business analytics that were hitherto unavailable opportunities to them. Finally, concerns have traditionally centred on the lack of standards, but, in fairness, Cloud Computing providers are fast adopting standards, possibly in an attempt to avoid intervention by the lawyers.
Building trust with a client is now thought to be essential both for the work of a commercial lawyer to succeed, and for the lawyer to progress to the top of his profession. In the Parks model, trust between the client and the lawyer has been proposed to be essential for the relationship to progress from imparting knowledge and expertise to the initiation of a dialogue, and can greatly improve the success of a commercial lawyer in acting as a legal advisor.
The Avande gobal study of cloud computing of 2009 described the opinions of 502 respondents, consisting of C-level executives, business leaders and IT decision-makers from 16 different jurisdictions towards Cloud Computing. Interestingly, the survey identified that, as the economy went from uncertainty to collapse in the nine months between surveys, an increasing proportion of the respondents wished to take up Cloud Computing services.
In my research, I found that a much higher proportion of company directors were found wishing to embrace “service as a software” (SaaS) Cloud Computing (79%). The vast majority had experienced Cloud Computing anyway, and therefore it was very promising that satisfaction was very high (90%).
The Legal Services Act 2007 was enacted with the intention of liberalising and regulating the legal services profession in England and Wales, specifically to encourage more competition and to provide a new route for consumer complaints. The Act allows the customer, potentially, to access high quality legal advice relating to business, and has had the effect of greater convergence between commerce and the law. It is now relatively straightforward for multi-disciplinary teams specialising in commerce, finance, accounting and law to work together in understanding the needs of SMEs, start-ups and not for profit organisations.
The Gartner Rights and SMEs: legal implications
Gartner have proposed in 2010 six Rights ‘protecting’ the Cloud Computing customer.
The Directors were invited to rate each of the six Gartner Rights as being of particular importance to them, using a rating scale of 3 = most important and 0 = least important. In descending order, the most important features in a list of ten were deemed to be as follows (figures in brackets denoting the mean number of points):
- the Right to retain ownership, use and control one’s own data (2.5),
- the Right to know what security processes the provider follows (2.4),
- the Right to service-level agreements that address liabilities remediation and business outcomes (2.3),
- the Right to notification and choice about changes that affect the service consumers’ business processes (2.3),
- the Right to understand the technical limitations or requirements of the service up front (2.3),
- the Right to understand the legal requirements of jurisdictions in which the provider operates (2.1).
That the data implications of Cloud Computing are reported to be the most important to the Cloud Computing customers of this PFD survey is possibly of no great surprise, given the amount of media attention there is to data protection and security in both the general and specialist press.
It is worth noting that many customers appear prepared to read all the clauses of the SLA; I found 93% of respondents ready to do so. Nonetheless, the survey results also provided that SME directors believe that the service level agreement (“SLA”) should be written in ‘black-and-white’ law (69%), implying that business clients do not expect the law to be open to ‘wild’ interpretation.
At the end of the negotiation process, provider and consumer commit to an agreement. In SOA terms, this agreement is referred to as a SLA. This SLA is the foundation for the expected level of service between the consumer and the provider. It includes four important themes: the business, technical limitations and requirements, data and jurisdiction. It is essential the client optimises this SLA, and, as will be clear from the following discussion, it is hard to see how the client can achieve this without the professional advice from a specialist lawyer. 64% of respondents in the PFD study were concerned that some of the clauses may be non-negotiable.
A further potential solution for customers might be for them to have an exit strategy from these agreements in the form of clear termination Rights. If termination for convenience cannot be negotiated, an alternative strategy might be to negotiate termination Rights for poor performance, for example a “substantial service level failure”. An example of this might be, for example, failing to be available at least 95% in a given month, which would be extremely poor performance by almost anyone’s standard.
According to my research, the quality of service expected by customers is actually extremely high – a very high proportion of respondents (93%) expected the provider from being prohibited from suspending or terminating the services suddenly, and all respondents expected that the Cloud Computing provider should provide termination assistance when the contract ends. Also, in the PFD survey, 86% of respondents were interested in negotiating termination Rights for poor performance of the provider. By paying attention to termination Rights, it is possible for a customer to mitigate some of the risk in these smaller, non-critical, agreements.
Another main way in which ‘power’ can become shifted in favour of the provider is when the provider passes on the customer’s data to subcontractors with lower performance standards. Cloud customers are often surprised to learn that many providers rely on sub-contracts to increase physically the size of their own Clouds. I found that 79% of respondents would be concerned if the work were subcontracted, and all of the respondents replied that they expected their Rights in any subcontracting relationship to be explained in full.
It is perhaps unavoidable that Cloud service providers may need to take down its systems, interrupt its services or make other changes at some stage, in order to increase capacity and otherwise ensure that its infrastructure serves its consumers adequately in the long term. However, this Right recognises that customers need to be given details to guide their own business processes (for example, including advanced notification of major upgrades or system changes), and to be granted some control over when the provider makes the switch.
However, perhaps the greatest concerns that customers face when using a Cloud Computing solution are those relating to security and privacy. Once data are transferred to the Cloud, customers are forced to rely on the physical and information security of the whole provider to protect their valuable information. The providers are under obligation to comply with the data protection laws, but there has been no formal study of the understanding of people in SMEs regarding these laws, and their understanding of what protection they afford for their Cloud Computing services.
Where a business is located in the UK, it will be subject to the Data Protection Act 1998 (the Act) when handling personal data. As a result, if that business decides to use Cloud Computing, it will need to ensure that the Cloud Computing services comply with the Act. Under this Act, the data collector is the customer who is solely responsible for compliance with the Act. This includes the obligation to ensure that the customer retains close control over its personal data, even when the data is being processed by a third party on the customer’s behalf. It is likely that the Cloud Computing service provider will consider itself to be a data processor for the purposes of the Act.
Cloud Computing services in the UK may involve the transfer of personal data to data centres within countries outside the European Economic Area (EEA) To transfer personal data to a country outside the EEA, the data controller must first consider whether there is an adequate level of protection in that country and whether appropriate safeguards are in place.
Gartner has also provided seven principles of identifying security risks, such that customers can raise with providers before selecting a Cloud provider, including privileged user access, data security, recovery, long-term viability and and investigative support. In the present study, company directors believed regulatory compliance to be the most important factor (86%), but the actual location of the data the least important governing data security (64%). In relation to this, lawyers should provide advice that Cloud customers are ultimately responsible for the security and integrity of their own data, even when it is held by a service provider; however, the Cloud Computing providers accordingly should provide details of their regulatory compliance.
If the Cloud provider stores or transports the consumer’s data in or through a foreign country, the service consumer becomes subject to laws and regulations it may know nothing about. Customers therefore need to consider whether they have become subject to the laws of a specific jurisdiction, even if their data has been stored there on a temporary basis. The present (preliminary) survey found that 71% of company directors were aware of this fact. In relation to the governing law, the parties will usually expressly provide that the Cloud Computing contract is to be governed in accordance with the laws of a particular jurisdiction.
© LegalAware 2011
A plethora of opportunities for the cloud computing provider to stand out, argues Frank Jennings
Frank Jennings is Head of Commercial, DHM Stallard LLP. Frank specialises in technology and new media and has advised private-sector clients such on managed IT services, as well as SaaS and cloud computing,and a public sector London Borough on the new IT system for their one-stop reception service. Legal 500 2009 says his “knowledge is exceptional because he has worked in-house for a software firm” and he regularly speaks at conferences on these topics. DHM Stallard LLP clearly describe what makes their law firm special on their website as follows:
Speaking your language
Unlike many law firms, we don’t operate in a legal ‘bubble’. We don’t indulge in ‘lawyer-speak’. We won’t swamp you with the intricacies of legal procedure or deliver impenetrable documents. We talk your language. We’ll explain the business benefits – or disadvantages – clearly and simply. So you will get the best legal advice, based on sound commercial principles.Legal experts with broad commercial experience
Our lawyers enjoy considerable business expertise from outside the legal profession. They know the law. But they also know that there’s life outside it – because they’ve been there themselves. Which means that you not only receive the benefit of first-class legal opinion – but also professional project management delivered by people with proven business acumen.
This morning he offered an overview of cloud ‘best practice’ in terms of the law. This is a great opportunity for the supplier to stand out, and to improve his market share.
Choice of Law
In the standard version, the customer will choose which jurisdiction. For a bespoke service, there is a negotiation to have had. The key difference is that in the US courts you pay for our own legal fees, and tend to contain a plethora of indemnities, and exclusions of liability.
Data control
Why should a cloud provider offer protection over the data? From the customer’s perspective, the critical system. Data providers can state where their data are based; many people requested would like to keep their data in the US. Local datacenters should be considered from the supply chain perspective. Transfer of data outside the Data Protection zone of European Commission needs to be regulated by ‘best protocol’. Customers should think about what happens if the dataset ‘falls over’. Does there need to be a hybrid solution? This is a great opportunity for the supplier to stand out.
Service availability and resilience
CEOs do not often check the SLA with the CTO. The SLA is a very transparent document, so the supplier can offer service levels but choose not to cover such as programmed maintenance. What kind of warranties will the cloud provider hold? Implied terms, such as satisfactory quality and fitness for purpose, can be extremely difficult to define. The assessment of risk is often a business decision, and a financial decision concerning insurance. The cloud provider and customers are going to have their own predetermined insurances, or is it an assessment where the business risk lies? Discussion by Andy Burton, CIF Chairman, CEO Fasthosts, considered that expectations can be much greater for third party contexts.
Termination
Termination issues need to be considered upfront – and it would seem legitimate for contracts to be terminated if there is a breach, or if the customer does not pay. The customer needs to consider whether the cloud provider can terminate without any real reason. Customers tend worry about control – the provider can change the terms without consent, which is typical perhaps in the social media scenarios. Changes can be ‘demanded’ on a rolling basis, and clearly from a customer’s perspective this is not desirable. This is a great opportunity for the supplier to stand out.
Deletion of data
Data security is a key issue. Providers can delete the data at some later data. The customer, it is mooted, should have a basic right to protect their data. Data can be quarantined, for example if there is contentious litigation involving the company. The customer should be allowed time (notice) to get their data safely transferred. This is a great opportunity for the supplier to stand out.
Service Transfer
The supplier should specify whether its systems are proprietary, and whether data will transfer. The CSP should not be afraid of providing assistance in an ‘exit strategy. This is a great opportunity for the supplier to stand out.
Conclusion
There is no ‘one size fits all’ agreement. There is a negotiation to be had, and providers can expect this. From a lawyer’s perspective, you need to work out where the liability lies, particularly in the case of reselling scenarios.
@legalaware's experience of the #twegals #legaltweetup 2011 organised by @azrights
Important retraction: In the article below, Legal Bizzle should like to point out that the height stated is incorrect. It is – in fact – 6’7″. I deeply apologise for any offence caused therein.
TwegalsTweetUp may become a regular event for lawyers both in London and elsewhere. Anyone interested in law who tweets was welcome. The invite stated that, “if you are a Twegal, a Tweagle or haven’t got round to tweeting yet but would like to, you should join the conversation please come along.”
I must say that I had a really wonderful time.
It was a really nice group of people – that’s why I have tweeted this morning:
Sorry not to have seen @LegalBizzle there. Tbe place was awash with rumours about the Bizzle including how Bizzle was in fact ‘massive’ at 6′ 5”. It is in a fact thought that Bizzle’s boiler has only just been fixed and that Bizzle has had a heavy time in the law of commercial contracts.
Also, @CharonQC whose reputation in the world of legal Twitter is, quite rightly, enormous, couldn’t make it. However, I had a very encouraging conversation with those in the know about how Charonqc has contributed a great deal to legal education. On that note, I’d strongly recommend a follow to @colmmu (Jon Harman) a specialist in education at the College of Law. http://twitter.com/#!/colmmu
I should like to add that I had memorable, fascinating conversations with the College of Law media contingent and Netlaw media about the role of the media in education; very inspiring, innovative approaches.
The College of Law and Netlaw websites are linked to within this sentence. Much of the work of NetLaw media will help graduates including those of BPP in law. Their website provides that,
“Netlaw Media specialises in producing highly informative law related programs specifically tailored to deliver cutting edge presentations by renowned UK, European and Internationally acclaimed speakers and industry professionals. Our events integrate a formulated blend of strategies, case studies and interactive discussions and workshops to enable legal professionals to gain a leading edge in a constantly evolving and demanding marketplace.“
The event had some really high quality people there. Emily Goodhand is clearly very passionate about the law generally, but fielded apparently some interesting inquiries about the principles of copyright during the course of the evening. Ajeet Minhas was really buzzing about his business activities, and clearly has the energy of a young entrepreneur. Brian Inkster (and his legal practice) intrigues me because Brian has moved from being a faithful junior to setting up his own very successful professional legal services firm in Scotland. He has an interest especially in how specialist law firms are using Twitter (and the social media) to their business advantage. I further enjoyed talking with Emily aka @lawbore who was nothing like a bore, but very easy and helpful to talk with. Emily has created a very successful blog for law students, and one which I have referred to in fact in the course of my legal studies at a different law school (BPP Law School); it’s always interesting for me to appreciate what I get about the act of going to a legal library such as our one in Waterloo at BPP which is superb, additional to surfing the internet for contemporaneous legal services. The bottom line is, in fact, you can’t do everything online, and, at the very least, what legal research you decide to do online has to be effective!
Paul Gilbert, aka the @LBCWiseCounsel, was extremely easy to talk with, and a perfect communicator as his name might suggest! Daniel Hoadley, a law reporter for the Weekly Law Reports, Times Law Reports and Road Traffic Reports amongst others, caught my attention as someone clearly very sharp, but very modest; not much surprise he is a Barrister by training. I took it easy on the comfy sofa watching people have a good time – consequently, there were a few people I didn’t meet like @cyberpixie, but whose ‘reports’ were very positive. It was a thrill for me to meet in person David Allen Green, whose thoughtful contributions on Twitter I have been watching for a long time. David is a genuinely interesting person, who tires endlessly to further general legal awareness. I know many law students at undergraduate level, who learn from his informative, educational and entertaining blog, Jack of Kent. As it happens, I reckon I share David’s political ideology which is not so clear-cut, but the tagline of his blog as being ‘liberal and critical’ is possibly fair. People who know me on Twitter will know roughly where my interests lie, and it’s thus no accident I enjoy David’s writings in the New Statesman, whether writing on the practicality of enforcement of superinjunctions in the social media or the commodification of higher education.
The evening was organised by Shireen Smith, of Azrights http://www.ip-brands.com. Recently, Shireen produced a very thought provoking article on etiquette on Twitter, which needless to say some senior tweeters agreed with, but others didn’t. It’s a wonderful article though, whether you agree with it or not, and I recommend it. If you don’t happen to agree with it, it’s obviously interesting to have good reasons why, and some people have well-reasoned ideas. And, last but not leaat, Gavin Ward with whom I had developed my thoughts during my LLM research thesis on cloud computing, was a sheer joy to meet in person. Gavin and I share much common ground in terms of law interests in technology, and it is for this reason I would like to publish with him my research findings on the legal advice given to SME directors, from a sample I surveyed who are like me Associates of the Institute of Directors, and the precise rationale for this in national and international law. His blog has developed, rightly, with time much interest internationally; whilst it has exploded because of the launch of the iCloud, until relatively recently it had been a niche field which people were aware of but hadn’t quite grasped. His first rate blog is here.
My twitter handle is @legalaware ; please follow me on Twitter!
The Golden Age Of The Cloud
This article looks at a new technology which is taking the business and IT worlds by storm: “cloud computing”. As this new industry has a lot of clients with a lot of money, it is not particularly surprising that commercial lawyers have become acutely sensitive to the cloud clients’ needs, concerns and expectations.
Why get involved in the cloud?
Small and medium sized enterprises (SMEs) have been fast to appreciate that the internet offers a golden opportunity for them, and equally lawyers have been quick to realize that they can offer specialist advice to the benefit of SMEs. Businesses remain fascinated by ‘cloud computing’.
But what is cloud computing? In the simplest of terms, it is IT-as-a-Service. Your company has access to its data and software over the internet (which in most IT diagrams is shown as a cloud). This, like many new technologies, it has its own set of benefits and challenges.
Benefits
Cloud computing fans claim five key benefits, and these contribute to the overall competitive advantage of the business.
- Cheap: your IT provider will host services for multiple companies; sharing complex infrastructure is argued to be cost-efficient, and you pay only for what you actually use. This is very attractive to SMEs.
- Quick: The most basic cloud services work ‘out of the box’ – it’s perfect for start-ups, especially in the current harsh economic client.
- Up-to-date: Most providers constantly update their software offering, adding new features as and when they become available.
- Scaleable: If your business is growing fast or has seasonal spikes, you can go large quickly because cloud systems are built to cope with sharp increases in workload.
- Mobile: Cloud services are designed to be used from a distance, so if you have a mobile workforce, your staff will have access to most of your systems on the go.
Market uptake
A report by the Centre for Economics and Business Research (CEBR), was published shortly before Christmas last year. Widespread adoption of cloud computing could give the top five EU economies a 763bn-euro (£645bn; $1tn) boost over five years; the CEBR also said it could also create 2.4m jobs. The US analysts Gartner estimates that, over the course of the next five years, businesses will spend $112 billion cumulatively on Cloud Computing.
Potential issues which businesses and lawyers can address
Cloud computing is not without potential problems.
- Usability is an important issue. Some people, firmly wedded to “their” software, whether it’s Lotus Notes or Microsoft Outlook, are reluctant to switch to plainer online applications.
- Perhaps the greatest concerns that customers face when using a cloud computing solution are those relating to security and privacy. In a traditional commercial relationship, providers will typically split up the servers for a specific customer, and a customer may even be able to impose certain physical and logical security requirements. This may not be possible once data are transferred to the cloud.
- To the extent that personal information is stored in the cloud, customers must also consider compliance with applicable laws governing the privacy and security of personally identifiable information.
Who are the providers?
Cloud computing is at an early stage, with a small group of large providers delivering a slew of cloud-based services, from full-blown applications to storage services to spam filtering. Currently, Amazon, Google and Microsoft are key suppliers of cloud services.
Further reading
An interested reader is strongly recommended to go to the ‘cloud computing’ page of Taylor Wessing LLP. Taylor Wessing LLP is one of several firms with a specialist interest in the international commercial law of cloud computing:
http://www.taylorwessing.com/download/cloudcomputing.html
My message to the LinkedIn Institute of Directors group
Thank you to all the 32 UK SME directors who took part in my survey on cloud computing
I completed this week an independent cloud computing survey for my Master of Law dissertation at the College of Law. I had also liaised with the Policy Unit of the Institute of Directors, who had told me that they would find the research useful.
Cloud computing is a form of computing where scalable and elastic IT capabilities are provided as a service to multiple customers using Internet technologies. The market impact of cloud computing growth is staggering, estimated at 34% per annum through 2013, culminating in a market worth $500 billion worldwide.
I thought I would give you a brief summary of what I found. However, I am in the middle of writing up what is actually quite a complex rights essentially looking at the law applies to Gartner’s aspirational six rights for any cloud-computing customer.
Cloud computing undoubtedly offers a number of commercial advantages (such as cost and scability of services) in a fast growing global market, and the US analysts Gartner have proposed six rights in favour of the customer, to protect them against the customer, which are aspirational but helpful. These rights serve to draw attention to the risks facing cloud computing businesses. As yet, there has been no formal study of predominantly English SME directors towards these rights. Analysis of these rights demonstrates that they cover a number of areas in which lawyers can advise, and indeed many issues which concern the SME company director the most are issues of law such as regulatory compliance and data protection, which provides for possible legal interventions in case of dispute. The terms and conditions of the agreements between customer and supplier need to be carefully considered by the lawyer at the pre-contractual stage; cloud computing customers should ideally be aware that if the quality of service of a cloud computing supplier is poor, arbitration or self-accreditation of the provider may not provide adequate remedy, for example.
One of the most remarkable findings of the survey was how little attention (relatively) SME directors appeared to give to the cross-jurisdictional nature of data transfer, and the fact that some SME directors believe that they do not need legal advice may be a reflection of not being aware that there are potential issues. Whilst the study was of a small number of company directors, it demonstrates a clear need for further research into identifying how legal advice can best serve the interests of those in commerce in a strategic and clear way.
Please do let me know if you would to see a copy of the Report. I am already intending to send it to those who wished to a copy, as notified in the survey itself.
Dr Shibley Rahman
Queen’s Scholar BA (1st Class) MA MB BChir PhD MRCP(UK) LLB FRSA
Associate Member of the Institute of Directors
http://www.linkedin.com/in/drshibleyrahman
email: management@lawandmedicine.co.uk
IMPORTANT SURVEY ON CLOUD COMPUTING
Cloud computing is an exciting new technology, where users can ‘pay as they go’ for computing facilities over the internet. l’lI will shortly make available my on-line short survey for Directors of SME to ask them about what they think about cloud computing. The questions will be an interesting look at cloud computing (software as a service) can fit into a small business, and the six rights of all cloud users as identified by Garner this year. If you’re interested, please do contact me on management@lawandmedicine.co.uk
I have discussed with the IoD how the results will help with their policy work in this important area.
All entries get put into a prize draw!
Dr Shibley Rahman linkedin.com/in/drshibleyrahman
