What is "cloud computing"?

Cloud computing is the term used to describe the delivery of internet-based data storage and other IT services. Generally, cloud computing services are provided to an organisation by a third party provider (Provider), who hosts the services off-site. The two main categories of cloud computing are:

  • Infrastructure as a Service (IaaS): IaaS involves the replacement of local network infrastructure with external hardware, storage and network components that are owned, housed, operated and maintained by the Provider and utilised in return for a fee.
  • Software as a Service (SaaS): SaaS involves the provision of web-based applications, which are hosted by the Provider and do not generally require local installation. Popular examples of cloud applications include search engines, internet-based email services such as Gmail and Hotmail, and social networking sites including Facebook and MySpace.

Cloud computing contract issues

The use of cloud computing services gives rise to a number of potential legal and commercial issues that need to be considered in each cloud computing service contract including:

  • the Provider's responsibility to secure an organisation's data including physical, operational and electronic/software security
  • the Provider's privacy and confidentiality obligations in relation to the collection, storage, use and disclosure of personal information. The Provider must comply with all applicable privacy laws, which may differ depending on the jurisdiction in which the data is physically stored
  • ownership of intellectual property, the Provider's right to use the organisation's data (for example data mining) and the non-disclosure of information stored on the Provider's cloud servers
  • the imposition of service level benchmarks on the Provider and the consequences of service failures
  • data back-up, disaster recovery and business continuity planning to ensure a business is not adversely affected when there are issues with the cloud
  • whether the level of coverage provided by current insurance policies is sufficient to cover business interruption or loss of client data resulting from problems with the cloud
  • how long the data is retained by the Provider for compliance with document retention policies, legal and taxation requirements
  • whether subcontracting by the Provider is prohibited or controlled - subcontracting may mean an organisation's data will be disclosed to third parties
  • ownership and portability of data and applications - this may become an issue if attempting to switch Providers in the future. Can the organisation make a back-up of its data at any time? How long does that right last after termination of the contract?
  • insolvency planning - what will happen to essential data or applications if the Provider becomes insolvent, or if the organisation's usage fees are not paid on time? Will the Provider's business failure impact on the future of the organisation using its cloud computing services?
  • due diligence prior to contracting to ensure the Provider's ongoing viability, reputation and service quality.

What does it mean for you?

Organisations considering cloud computing as an option must carefully balance the issues against any indentified cost saving associated with a switch to cloud computing. Adequate due diligence on a prospective Provider and careful consideration of the terms of the cloud service contract are strongly recommended.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.