The Wild Cloud: Legal Aspects of Cloud Computing

wild cloudWhile many organizations have been making the move toward cloud computing solutions for the past several years, the fact remains that we’re really still in the early days of figuring out how all of this is going to work. Even more than that, the laws on the books that apply to cloud solutions are woefully behind. This creates a number of challenges, both for data centers and for consumers.

Questions of compliance

Businesses, for example, are facing some serious concerns when it comes to cloud solutions. A legal firm might have attorneys who store client-related documents on Google Drive or Dropbox, for example. The question of how well protected that data is isn’t always clear. In fact, it is often those in the legal arena dealing with issues of compliance that are challenging such cloud service providers, and forcing them to examine their security policies and their security solutions.


Another important area to look at is expectations. When a consumer places a document on a cloud storage service, for instance, what does the consumer believe about that file? Does she assume that she’s the only one with access to the file? Is it possible that personnel at the cloud provider might be able to view that file?

Explicit statements from cloud providers about who can access a client’s data and when help to clarify the issue, but whether those policies meet client expectations is another issue altogether.

Geographic concerns

Yet another issue comes to light when we think about how cloud solutions physically work. For example, a given application server might reside in Europe. Suddenly, the data entered into that application isn’t subject to the laws of the United States. When cloud providers have some or all of their data center hardware located somewhere else (Iceland is a popular choice for a variety of reasons) it throws a whole set of new questions into the mix.

As time goes on, we’ll no doubt see more and more cloud computing-related laws on the books, more international agreements, and more scrutiny of cloud providers. In the interim, it’s imperative organizations address these concerns when implementing a cloud solution.

read more