November 2010

Simon Bradshaw, Christopher Millard and Ian Walden of the Cloud Legal Project at the Queen Mary University of London School of Law recently published a 47-page paper comparing the terms and conditions of 31 cloud-based services provided by 27 discrete providers. The paper is available for download here.

The study confirms many of the observations we and others have previously made regarding the form terms and conditions for cloud-based services; most notably, an effort to disclaim liability for the use of cloud-based services.   read more

Roy Hadley and I attended the Cloud Security Alliance Congress in Orlando, Florida, earlier this week. The event was extremely well-attended and featured some excellent keynote speeches. The event also included seminars and panel discussions on other topics. A few random thoughts from the Congress can be found after the jump.   read more

I recently read an interview with Jimmy Harris, the Managing Director of Cloud Services at Accenture. The interview can be accessed here.

Mr. Harris offers some interesting perspectives on cloud computing based on many years of experience in IT. Among them are the observation that cloud computing is the "purest" form of outsourcing. Mr. Harris addresses this from a primarily technical point of view. From a legal point of view, the same considerations that apply to any outsourcing agreement should apply in negotiating and drafting a cloud services agreement. These concerns include clearly defining the provider's contractual obligations, performance criteria (uptime), and warranties.

Mr. Harris also observes that the role of the IT Manager is shifting from that of a service provider to a service integrator. In practical terms, this means that an IT Manager needs to be able to compare various cloud technologies based on cost, suitability, security, and performance. From a legal standpoint, this means that a business should also compare the offerings based on contractual terms and conditions and legal compliance.

Mr. Harris has a number of other interesting observations, which I commend to your attention. read more

I just read a recent report by the Ponemon Institute and ID Experts that states that healthcare providers are potentially suffering from large data breaches in the rush to adopt electronic medical records.

The report states that many hospitals are rushing to adopt electronic health records but in doing so are not adequately addressing data security and data privacy issues. According to the report, the hospitals could collectively be looking at losses of $6 billion a year due to data breaches. The report is entitled “Benchmark Study on Patient Privacy and Data Security” and can be found here. I note that registration is required to obtain a copy of the report.

It goes without saying that any institution implementing an electronic medical records system should put data security and privacy high on the list of concerns.

read more

As organizations try to reduce expenses, gain efficiencies and stay current with today’s business environment, one of the areas they are turning to is cloud computing. While cloud computing can and often allows an organization to achieve those three goals and others, the organization must make a conscious effort to take the necessary steps to reap these benefits.

A recent article in the online edition of the Cloud Computing Journal entitled “How Companies Can Reap the Benefits of Cloud Computing?” sets forth some of the steps companies must take in order to get the full benefit of cloud computing.

According to the article, a company must first understand the problem they are trying to solve. Often, cloud computing solutions can solve some problems but they can’t solve all problems. Second, companies must understand what the cloud computing vendor is offering and whether the offering fits their needs. Inherent in this is an understanding of the contractual arrangement being entered into. Lastly, the company needs to understand the capabilities it is trying to achieve. A key question is what is the business value of the initiative.
read more

In a recent press release, the FBI warned that green technology, such as the technology behind hybrid vehicles, is "an increasingly attractive target to would-be information thieves looking to make a fast buck."

The FBI's warning should serve as a reminder to all technology companies to take proactive steps to safeguard trade secrets and other valuable confidential and proprietary information. This includes companies in the green energy space, other green technologies, and other technologies.

Technology companies are not the only ones at risk. Many traditional businesses also maintain their competitive edge through confidential and proprietary software, formulas and processes. Other important proprietary information may include customer lists, supplier lists, and financial information. read more

The Association of Certified Fraud Examiners just released their 2010 Report on Occupational Fraud and Abuse. You can find a copy of the report here.

The Report underscores the need for all organizations, regardless of size, to have policies and procedures in place to prevent and detect fraud. Fraud encompasses not only monetary losses but also the loss of sensitive information such as trade secrets, customer lists and business plans.

As we move to more and more information being accessible through electronic means, education and training on information security and fraud prevention are becoming necessary and critical parts of corporate business strategies.

Some of the findings from the reported are highlighted after the jump.  

read more

I recently read an article about security (or the lack thereof) with respect to Wi-Fi networks. This article, entitled “The Unvarnished Truth about Unsecured Wi-Fi” by Elinor Mills was posted on the C-Net online news network earlier this week.

According to the article, with a $50.00 wireless antenna and the right software, a criminal hacker can stand outside your building as far as a mile away and capture your password, email messages, and other data being transmitted over your network. I note that some large data breaches have occurred because of unsecured Wi-Fi networks.

Read the rest of this article after the jump.

read more

Cloud computing providers argue that their services provide scalability, flexibility, and information technology management at a lower cost. In these economic times, the promise of saving money is probably the most attractive selling point.

Businesses considering cloud-based services should be aware, however, that limitations of liability contained in subscription agreements or service level agreements may limit the cloud provider's responsibility for loss of data, service interruptions, or other potentially damaging occurrences. read more

A very good article discussing the future development of cloud computing was recently published in the online edition of the Cloud Computing Journal. According to the article, a group of large companies have formed the Open Data Center with the goal of defining the requirements of “the next-generation data center and cloud infrastructure.” read more