Cloudy with a Chance of Lawsuits: Considerations in Cloud Data Storage

Cloudy with a Chance of Lawsuits: Considerations in Cloud Data Storage

There are numerous advantages to cloud-based data storage, but there are several potential pitfalls, including legal and security considerations. Companies considering a move to the cloud should carefully analyze their data and statutory or contractual limits on what data can be moved cloud-ward and what cannot, and should consider the practical and security aspects of such a move.

The cloud is a technical environment in which computing and data storage resources are housed in remote servers, but accessed as easily as if they were on a local desktop computer. A goal cloud-based computing is to make the experience so seamless that users neither know nor care that their computers are reaching across the Internet to access the data and programs they are using.



There are many advantages of migrating to a cloud-based computing environment. Programs housed on remote servers can be kept up to date more easily than those on local computers, and there is less need for fully equipped and staffed local data centers. Remotely hosted data is more likely to be backed up, and sometimes the total shutdown of a remote data center presents no problem because other data centers are available to handle the load, and the handover is handled quickly and automatically with no impact on the end users, their data, or their programs. Data is more easily shared, not only within an organization but also with customers and suppliers.

However, the cloud has its drawbacks and unanswered questions. Legal, practical and security considerations must be addressed before company data is moved to the cloud:

Can I legally move my data to the cloud? Certain kinds of data, especially sensitive customer data such as credit cards, Social Security numbers or healthcare information, may be restricted by law from being housed on third-party storage servers. Sometimes, data stored in the cloud might cross international borders to get there, which can run afoul of export control laws. The legal landscape is not settled, and different jurisdictions (or even different judges) may look at the same question differently.

Individual contracts with customers or suppliers may also prevent certain data from being stored on a third-party server. These contracts should be checked carefully to see if they include open restrictions on cloud-based computing or terms that could be interpreted that way.

How secure is the cloud? When your data is on someone else’s servers, it is out of your control. Each cloud service handles security differently. Those worth their salt will have written security policies and remedies if security is compromised, and will allow independent security auditors to examine and certify their security practices.

What happens if there is a problem? Every cloud service provider should have a service level agreement (SLA) with its customers, which spells out what its obligations are when there is a problem of any kind. The SLA should tell you the service provider’s contact information, severity criteria and target response and resolution times for each type of problem.

Moving data to the cloud sounds tempting on the surface, but companies would do well to research the legalities before throwing their data into the care of a third-party provider.


Written by Desh Urs

Desh Urs brings more than 20 years of entrepreneurial, start-up and Global 500 corporate experience in sales, marketing and general management to the customers of iBridge. He has led sales organizations as SVP at Qsent, Inc. and VP at Acxiom Corporation, and has focused on the usage of data in data distribution, direct marketing, fraud prevention, and law enforcement.

As a Vice President of Global Sales, Services, and Marketing at Silicon Graphics, Inc., Urs managed engineering and non-engineering functions, developing solutions in sciences, telecommunications, manufacturing, media, business, and defense intelligence, for companies with revenues of several billion dollars. During his tenure as Vice President at Think Tools AG and Brio Technology, Inc., he ran business development and alliances providing solutions in Business Intelligence and Decisions Cycle Management to Global 100 corporations worldwide. In the late 1980s, Urs founded Indus Systems, Inc., which he profitably sold to a systems integration company.

Urs serves on several Advisory Boards, as well as many company Boards, in the United States and India.

CTA Newsletter

CTA Underground eBook

Comments are closed.