In my previous post I talked about cloud implementation and getting it right. While there are various things that need to be done there is due diligence which also needs attention when you consider a cloud based solution.
Cloud computing is proved to be an essential solution for business and many organization have also moved a part of their business functions in the cloud. However, there are not many legal regulations about a cloud service and therefore it is essential that businesses understand the service and list out terms explicitly.
Absence of Solid Legal Framework
Despite the widespread use of cloud computing technologies and its rapid growth there is still no legal framework which regulates the use of data in the cloud environment. This poses lot of challenges for business that wish to work in a cloud environment as there is not much guidance which could outline a course of action in times of dispute.
Currently, majority of the guidance is based on the IT act’ 2000 which holds a service provider or intermediary liable for any misuse of client data or information and for not taking measures to prevent the offence in the first place.
Furthermore, the obligations of confidentiality are only applicable to people with powers under the act and are not extended to a private person and the person is not entitled to compensation for the damage done. The Penalties levied are also in the range to Rs. 200,000 to Rs. 500,000 which sounds very puny in comparison to the benefit someone can make by using the stolen data.
Overcoming the Challenges:
Having personalized agreements is the best way to plug in any loopholes in the delivery of a desired cloud computing service from the chosen vendor.
The agreement can have project specific clauses which highlight the type of service and the obligation of both the parties to the contract. The clients and cloud vendor can clearly mention the terms of the service and the implications in an event of breach of the contract. This would prevent any issues as the client and the vendor both have a clear idea about the terms of the service.
Furthermore, the contract may also include additional data protection and security clauses which highlight the uptime, access to data and safe transfer of data on termination of service. Usually many of these are covered by the SLA but you may clear it beforehand.
The cloud service vendor is also expected to exercise good conduct and process data as requested by the clients only. The data should be processed as per the needs of the service which is expected by the client for successful provision of the services.
Finally, you should know your cloud web hosting provider well. There are various vendors but when you think of giving control of your important data to an external service provider it is essential that you only choose a established and reliable cloud service provider which has shown the capability to provided high standards of service and competency.