Hunter 2014 (†602)Hunter, Steven V. "As You Consider Moving Data to the Cloud..." Computer and Internet Lawyer 31:1 (January 2014), p. 16-18.
- confidentiality (p.18): You should require the [cloud] provider to sign a confidentiality agreement wherein the provider promises to keep your company’s data confi dential and that establishes a protocol for notice of inadvertent or compulsory disclosure of your company’s confidential data. (†1387)
- data (p.16-17): Valuable proprietary/sensitive data should be stored in the cloud only when there are sufficient privacy and security safeguards in place. What procedures does your company have to insure important/sensitive data are not transferred to the cloud ( i.e., even via email as an attachment), or is transferred only if safeguards are in place? In some states your company technically waives the attorney–client privilege by transferring attorney–client privileged information to a third-party ( i.e., cloud provider). To help avoid this problem the service agreement should contain a “non-waiver” provision and a provision that restricts the provider (or anyone else) from accessing or reading data your company stores on the cloud. All other types of data may be stored on the cloud (subject to the data location concerns above). Ideally, the service agreement will contain a provision that prohibits the commingling of your company’s data with the data of any other company. (†1389)
- IaaS (p.16): Provider owns, leases, or licenses the facility, hardware, and software for a complete network environment to support the operations of its customers, including storage, servers, and networking components. The customer is no longer accessing a few specific pieces of software but has outsourced its entire computing infrastructure to the provider. (†1386)
- PaaS (p.16): Provider owns, leases, or licenses the facility, hardware and software, and allows customer access to software computing foundational platforms upon which customer can build its own scalable software applications. The PaaS is similar to other computing platforms, such as Windows or Linux, that allow developers to build within those platforms, but now instead of being locally installed the entire platform is on the cloud. The Google App Engine is an example of PaaS. (†1385)
- SaaS (p.16): Provider owns, leases, or licenses the facility, hardware and software, and allows customer access to software applications via the Internet. Many software companies now operate with a SaaS model. It makes it easier for them to support, maintain (and control) the software and often is less expensive for the customer as the customer has no onsite installations to maintain. (†1384)
- security (p.18): Cloud providers use data encryption and other techniques to ensure no unauthorized users have access to your company’s data. You should confirm whether the type of security proposed is sufficient to accomplish the following objectives: your company’s data should be secured from access by the general public, your company’s data should be secured from access by other cloud users, our company’s data should be secured from access/review by cloud administrators. You should be notified when your data has been breached. How does the cloud recognize data breaches and how will it inform your company? Some of your company’s data is “sensitive”; what additional security protocols are in place to ensure your company’s sensitive data (even more than its “regular” data) is not breached? The answer to each of these questions should be clear from the language of the provider agreement. (†1388)