Risks and Rewards of Putting Company Data in the Cloud

, Corporate Counsel


The cloud is everywhere, raining down apps and digital services on companies. But do businesses that use the cloud know if important data is safe up there?

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Continue to Lexis Advance®

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at customercare@alm.com

What's being said

  • John P. Tomaszewski

    I would like to point out that the service delivery model of Mozy isn‘t "could" but the more traditional "co-location". One of the features of the cloud is the elasticity of the resource allocations. Simply plopping your data at a data center in your jurisdiction isn‘t using the cloud. The risk model is very different. Co-lo services are fairly stable and don‘t move the data around as much so the control element is not as fractured. Consequently, Gitys is correct - co-lo services aren‘t your enemy. In many instances those services can be as (if not more) secure as an in-house solution.

    However, a true cloud service doesn‘t have that level of stability - even in the IaaS service layer. The unfortunate side effect of this is that most of the public or hybrid cloud providers won‘t allow for negotiation of the services agreements which would conform to Mr. Katz‘s recommendation. Unless you are the City of LA, Google or Amazon aren‘t going to negotiate favorable security provisions. It tends to be a take-it-or-leave-it adhesion proposition.

    So, while the advice in the article *is* helpful, it isn‘t necessarily on point for a public or hybrid cloud solution. It also doesn‘t take into account that if you are buying a SaaS solution (which is in the middle of the cloud stack) your SaaS provider may also be using a public cloud "Storage-as-a-Service" solution which you as an end user don‘t have privity with. Then you end up relying on your vendor to have contractual provisions (which you can‘t enforce) to protect your data (which isn‘t the SaaS provider‘s best interest).

    This is a bit more risky than the above article makes it out to be. Not impossible, but significantly more risky.

Comments are not moderated. To report offensive comments, click here.

Preparing comment abuse report for Article #1202650048488

Thank you!

This article's comments will be reviewed.