Tag Archives: data contractor

How to protect your intellectual property and sensitive data in your cloud computing deployment ?

Cloud Computing (sorry, buzz word) has been the hot new trend for enterprises for the past year and will continue to be the same for years to come. The cloud service deployment contract signings have been going on fast and furious, not just for commodity work like IT management and e-mail, but also for software and infrastructure which is the core of corporate value.

If you have no idea what cloud computing really means, you too must be living under a rock (Yep, I really met people like that. Weird !). Cloud computing is the delivery of information technology services over the internet without the need for businesses to purchase or install software or run their own application and data servers. Applications are stored in the huge data centers of cloud computing provider, benefiting from massive economies of scale which in turn lower the costs of the service to the businesses.  Cloud computing services include software as aservice (SAAS), Platform as a service and infrastructure as a service, all of which involve delivering information technology components that had previously been regarded as infrastructure or hardware.

During the past few months complaints have soared against these cloud deployment services.  Cloud services customers, business leaders and IT executives were panicked as they began to realize that their intellectual property (IP) and business secrets were now at risk. It was reported that one client who discovered that he potentially exposed his company’s precious formulas and business secrets had to immediately bring the software and associated processes back into house at the expense of huge costs. Those businesses and enterprises who made very aggressive movements into cloud computing deployments had to retreat because they didn’t keep proper controls in place.

So, Should you, as an enterprise, scale back on your plans too regarding cloud deployments ? The answer is NO. Cloud computing deployment gives any enterprise a lot of advantages including low and fixed charges; improved support and maintenance through greater competition between service providers; any time anywhere access; ease of adoption; greater flexibility with business requirements that can expand or contract as required.

But, enterprises have to plan for risks too which include: standard solutions may not precisely match business needs, limited warranties, indemnities, lack of integration and management of legacy systems, lack of control over daya and content with potential data protection issues, risk of lock-in, risk  that business fails to control usage. They introduce increased threats to intellectual property (IP). The nature of business whether it is software or infrastructure or platform where understanding where the data is and who can access it and how it is being used is difficult. For example, a highly distributed and highly virtualized pool of storage service deployed in cloud may make it very difficult for the provider to guarantee that deleted files have been securely deleted and not just the file system pointer to the data has been removed. The actual data has to be overwritten or removed from every single location the cloud provider might have stored them on.

Cloud providers sometimes also use sub-contractors to meet spikes in demand who can be located in any country which may have weak intellectual property laws or enforcement. Similarly, if your cloud service provider uses personnel who can remotely access data from a country with weak intellectual property protection laws (IP laws) you might be putting your IP at risk of theft and misuse. Also, most cloud offerings are extensions of consumer offerings, which means their standards might not match with the enterprise security requirements. Usually, the terms of service in consumer offerings notes that all data is owned by the cloud service provider. That condition might be good enough for a picture of a consumers dog, but not to your enterprise programming effort.

How to protect your corporate data and intellectual property in the cloud ?

Pick the right provider.

The cloud deployment concept itself is still relatively new. The players are new too who are just testing and trying to figure out the best way to offer their cloud services. So, take the selection of your provider seriously. Consider how you will get back the data and your sensitive intellectual property (IP) in case your cloud service provider goes out of business or you want to walk away or is acquired by a competitor. Carefully study the cloud service provider’s plans in case of disaster recovery and pick your provider based on your level of requirements (depending on the sophistication of trade secrets etc.)

Select the right service

If you are deploying a cloud service for the first time in your organization, do yourself and your organization a favor. Do not sign your first cloud service contract for your organizations core business function. Enterprises who are looking to tap into benefits of cloud must move their Intellectual Property, the last. It keeps a check and makes sure you and your enterprise understand the nuances.

Read and add more to the fine print

Cloud services are supposed to make your enterprise life easier and simpler. So their ads and websites obviously look simple. In reality, that simplicity is masking the underlying complexity. Read the contract, not the web-site. Also include some of your own requirements in addition to the ones that are stated by your cloud service provider. Add in your enterprise approved security and other industry standards, rights to audit or to receive audit from an independent provider, certification reports, right to name the locations where data and applications will be processed and stored, rights to approve subcontractors, a change control process and any others that can help your business enterprise protect its data and intellectual property.



While these concerns may not be absolute barriers for enterprises or businesses to move data storage and applications to the cloud environment, clearly they are  significant obstacles that will require any enterprise to carefully examine its contractual obligations, risk profile, security infrastructure and  oversight ability. An enterprise should be prepared to present the vendor with detailed security and legal requirements applicable to  their business needs and the nature of the information being stored or transacted.

A major challenge today is that law involving information stored in the cloud is nearly non-existent. The enterprise must take  measures to legally protect intellectual property and secure title over its information. Legal departments may be wary about moving  intellectual property, trade secrets and legally privileges information to the cloud due to the lack of relevant case law in this space. In  any event, the business must ensure that its security and legal requirements are made part of the contract and that it conducts periodic  audits to ensure the vendor is meeting the requirements.

Enhanced by Zemanta
Social Share Toolbar
Posted in Industry Trends | Tagged , , , , , , , , , , , , , , , , | Leave a comment