Cloud Computing – Where’s My Data?
By: EMILY E. DUKE
March 2011
Could this happen to you!?! After investigating all your options, you have decided to put your customer relationship management data in the cloud, and license a CRM software application from the cloud-provider. Unexpectedly, your data is inaccessible because, unbeknownst to you, the FBI is investigating another customer of your provider. Unfortunately for you, the same server holds your data and that of the company subject to the FBI’s seizure. Do you know when you will be up and running again?
As businesses move data and applications to the cloud in order to cost-effectively increase their competitive advantage, they may also be inadvertently adding risk associated with loss of control of their electronic data (ESI). Surprisingly, although much of the ESI in the cloud is competitively sensitive, and sometimes subject to privacy or other regulatory restrictions, cloud computing contracts often lack important data security terms. In part, this is because cloud computing customers may not be savvy in negotiating terms that protect them from data loss, disclosure, inaccessibility, etc. As a result, companies may find their business ground to halt, even if only temporarily, when their “cloud” becomes a tornado.
E-Discovery issues abound as well. Who owns the data? Where is it located? How often is it backed up? What is the cycle for writing over the data on those back-ups? How quickly can historical data be retrieved, and at what cost?
Practice Tip: Review cloud contracts for terms addressing data ownership, access, and security. Don’t be afraid to negotiate with your cloud vendor.