I remember a time when “build vs. buy” was a decision a company would consider for nearly every software purchase decision. Put yourself in the shoes of tech and business executives several years ago. Choices were limited: you could choose vanilla or chocolate software packages for CRM, ERP or MRP vendors. You had a limited […]
Posts by «delivered-innovation»
Our CTO, Michael Topalovich, delivered a presentation at Dreamforce ’12 in San Francisco with the title, “Integrating Chatter with Cloud Productivity: Patterns for Social Success.” Michael provides a vision and a proposed architecture for integrating Salesforce Chatter with cloud apps such as Basecamp, Github, and other productivity tools to enable users to consolidate events and […]
Recently, I had the pleasure of speaking to James Kunick, attorney and Principal at Much Shelist, about cloud computing. Jim has nearly two decades of experience representing a wide number of clients in various aspects of intellectual property, information technology, and corporate transactions. We thought he would be a great resource to reach out to regarding the legalities of cloud computing. The legal implications of cloud computing have not been a popular topic thus far, and we're not sure why. It is certainly an important topic to consider and discuss with your attorney and cloud computing provider. According to Jim, there are two major legal issues with cloud computing: loss of control over your data and applications, and the privacy and security of your data. For example, what happens if your cloud provider refuses to give you access to your data? Your contract must explicitly state that you have the right to access and retrieve your data at any time during- and after- the term of the contract. It is important to consider what happens once your contract terminates, and to lay out these details in the contract. Moreover, while fleshing out your contract with your provider, make sure to document performance requirements and remedies for failure, put special emphasis on the privacy and security of your data, and make sure what you are signing does not get you or your data trapped. Additionally, the contract should outline who is in charge of remedying a data breach, such as who pays the (potentially expensive) costs of notifying all of your customers in order to comply with the growing number of states who have breached notification statues. We hope this helps get you thinking about cloud computing from a legal perspective. When it comes time to sign a contract with your provider, make sure you have an attorney look it over in case any of these points are not addressed. Special thanks to Jim for taking the time to discuss this with us. If you would like to reach out with him for legal help, you can email him at jkunick[at]muchshelist.com. This post contains material of general interest and should not be construed as legal advice or a legal opinion on any specific facts or circumstances.
“Cloud computing is real. Cloud computing is a game changer- it requires new skills, is an opportunity with benefits, costs, risks and legal implications. Cloud computing can be an engine of growth.” -Larry Dribin, Panel Moderator Recently, our CTO, Michael Topalovich, participated in MIT Enterprise Forum's event, "Cloud Computing-Practical Guide to What Belongs in the Cloud and What Doesn't." Personally, we are tired of answering the question, "what is cloud computing?," and were excited to discuss cloud computing more in depth. Alongside Mike sat Chad Thibodeau, Director of Project Management at Cleversafe, Brandon Freitag, Cloud Specialist at VMware, and James Kunick, Attorney and Principal at Much Shelist. All the panelists added great insight from different point of views on cloud computing. I'm just going to run through some of the Q&A during the event and keep it short and sweet. If you have any further questions or want to hear more about the event, comment below. Is the cloud safe? We expected this to be the first question, it is always the first question. Bottom line, of course it is safe. Security is measured in a lot of different ways, and there is a lot of room for potential security breaches and area for vulnerability. Chew on this: if you store all of your information locally, such as on a laptop, what happens if you leave that laptop somewhere? It can easily be hacked, more easily than hosting your data in the cloud. Rather than storing it on one device, the cloud allows you to protect your data in multiple locations, through multiple passwords and ip address verification. We used Salesforce as an example (since it's what we know best), Salesforce knows what they are doing and do it well. They have experience keeping your data safe, companies depend on it, and have a great history of securing sensitive information in the cloud. How do you determine what to put in the cloud? This question is hard to answer because every company approaches the cloud differently; every company has different requirements and will use the cloud accordingly. A good cloud candidate is email; almost every company, if not all companies, could utilize email in the cloud so you can access this anywhere with internet access. If a company puts their whole business in the cloud, it has to spread out across multiple vendors. Doesn't this get nasty? It is continually getting easier to manage your cloud applications. For Delivered Innovation, we integrate almost all of our cloud services, such as Quickbooks, Basecamp, and Optify, into the Force.com platform, directly into our Salesforce. This makes it easy to manage four different cloud services from one service provider. Yes, the concept is complex, but it is getting easier, and will continue to get easier over time as more companies such as Jitterbit and Snaplogic provide more cloud service integration. If a company is interested in putting an internal application in the cloud, how much architecture is actually involved? This is a heavy loaded question- how much architecture involved depends on the situation. The dependencies are what do you currently have in place, what provider you are depending on, how much you want to move to the cloud, etc. Force.com is actually a big leap of a faith, solely because it is completely different than say, Amazon or Azure. However, if you are looking for a basic cloud service with little architecture, you might want to consider something like Amazon, but you won't get all of the benefits of the cloud such as multi-tenancy. Force.com (and the cloud in general) was described as a 'leap of faith,' what else would you say to give skeptics comfort about making this leap of faith? To be honest, it is hard to make people completely comfortable with the cloud before they start using it. However, the selling point usually comes when they see the capabilities; when they see how much more you can do now that you could not to previously. This is when concerns start to melt away. I inserted Larry Durbin's direct quote at the top of this post because I think it summarizes what was discussed during the panel. Can cloud computing be a risk? Yes, but a risk worth taking. Cloud computing is something to get used to, but once you start to get involved in it, you really start to see how the vast majority of benefits outweigh the small amount of setbacks. We enjoyed sitting in on this panel, and hopefully people found the Q&A to be helpful. If you have any other questions about this panel, our responses, or cloud computing in general, please feel free to respond below. We welcome any discussion!
The "risk" here is that the cloud provider may not be able to guarantee that where your data resides, or how it is transported across the network, won't be in violation of one of these laws.Second, there is no case law on the cloud and, he notes,
“There are many "grey areas" in existing case law, across the globe, with respect to how cloud systems should be treated, and what rights a cloud user has with respect to data and intellectual property.”Urquhart is not the first to take note. In our last Cloud Architecture Weekly Roundup, we pointed out a THINKstrategies whitepaper that looked at the impacts of the PATRIOT Act on cloud computing. Like it or not, proactively or reactively, sooner or later, legal clarification will come to the cloud. Now comes word, however, that the Federal Government is accelerating their own cloud adoption and that cloud solutions become the first option. Via The Washington Post:
Jeffrey Zients, the federal government's first chief performance officer, announced last week that the Office of Management and Budget will now require federal agencies to default to cloud-based solutions "whenever a secure, reliable, cost-effective cloud option exists."Not that the government has a stellar track record of fixing problems before they get out of hand, but it is disappointing to see them move forward so quickly without thoughtfully and carefully addressing the one industry “elephant in the room” that only they have the power to change.