Widmer, Lori. "The Cloud and Your Data" Risk Management 57:9 (November 2010), p.36-40.
Existing Citations
disaster recovery plan (p.40): Risk managers need to consider simplicity in all realms of disaster recovery planning. The more complicated the process, the more chances there are that something will go wrong. "Measure complexity by how many systems are involved and how many separate systems and vendors are involved," said Rodriguez. "If there are a lot of parties, each one with their own systems and procedures, your IT department [will have] to coordinate." (†1544)
service level agreement (p.38-39): Still, an even larger risk has emerged. "The biggest risk with cloud computing vendors is that they are providing very little by way of service-level agreements," said Kalinich. "They're including exculpation of warranty clauses in those agreements, saying they're not responsible or liable for any data that is lost, stolen or damaged, and they're not liable for the accessibility of your data. It's an allocation-of-liability issue that needs to be addressed." Luckily, larger companies are beginning to negotiate away this liability with vendors. The city of Los Angeles approached Microsoft and Google to determine which company would satisfy its cloud computing requirements. And Los Angeles was able to negotiate service that included accessibility, liability, privacy, service level agreements that guarantee the availability of data, and responsibility for damages or losses of the city's data. That victory does not mean companies are now covered. Vendors have yet to remove the clause from their contracts. "[The contract with the clause intact] is the starring point the vendors are using," said Kalinich. "But the large entities are not accepting that. They're renegotiating the contracts to allocate the liability appropriately between the client and vendor." (†1543)