Let's talk a little more about privacy, security and cloud computing.

I began my last blog entry by announcing that cloud computing is not a threat to privacy or security.  (Nothing has changed in the past few weeks—it's still not a threat to privacy or security).  I also argued that issues of privacy and security in the cloud computing arena (i) are directly connected to the quality of the contracts that govern the cloud-based transaction, and (2) will not necessarily be impacted by the size of the company hosting the data. 

Let's talk about a few more attacks that have been launched against cloud computing's ability to provide a secure and private environment for your data—and how those attacks are (mostly) baseless.

Attack #3 (a/k/a the "I Don't Know Who's Looking At My Stuff" attack).  You part with your data when you send it through, or store it in, the cloud.  Once you divest yourself of your data, how do you know that it's free from prying eyes?

Defense: You don't.  But then again, when you give your credit card to a waiter, or you hand a personal check over to a vendor, or you order something online, how do you know your privacy is protected?  (Answer:  again, you don't).   Use reputable companies.  Make sure your data is encrypted.   Read your cloud vendor’s privacy policy and service agreement, and make sure that your vendor offers you adequate privacy and security policies.   And then get on with the business of doing business. 

Want to see a pretty good explanation of how one cloud vendor keeps hosted data safe?  Check out Google’s privacy policy HERE.  

Attack #4 (a/k/a the “I Can’t Get My Data Back If I Stop Paying” attack).  Some cloud vendors say that if you fall behind in your payments, they will cut off your access to your data until you bring your account up to date. 

Defense:  If you signed an agreement that says that a delinquency in payment terminates your access to your own data, then follow this simple plan: (1) Log in to your cloud account; (2) Download all of your data onto a secure local drive or server; (3) Terminate your contract with your cloud vendor, and be sure to tell them that their payment policy stinks; (4) Call me and I’ll find you a vendor that has reasonable, rational terms of service. 

Attack #5 (a/k/a the “You Never Know What Law Applies” attack).  If you’re located in Fort Lauderdale, Florida, but your cloud vendor is in Las Vegas, Nevada, and stores your data in Colorado Springs, Colorado, then what data protection and privacy laws apply?  And if you don’t know what laws apply, how can you trust the cloud vendor’s assurances of security and privacy?

Defense:  Read your agreement.  Every state in the U.S. enforces “governing law and venue” clauses in contracts.  If your vendor has decent legal counsel, then its service agreement will specifically state which laws apply.  If the agreement says something like, “The parties agree that any and all claims or causes of action arising from or related to this Agreement shall be governed under [FILL IN YOUR FAVORITE STATE HERE] law,” then that’s the law that applies.  Bear in mind, certain state or federal laws may apply regardless of what your contract says—-email me for details on that issue.

Ok, I'm done defending cloud computing.   In truth, the cloud doesn't need me to defend it.  The future lies in the cloud, and you can either accept that fact and work with it, or ignore it and it will happen anyway. 

(Disclaimer: I represent some of the largest cloud computing vendors in the industry—but you don't need to be a cloud computing advocate to see the logic of my arguments.)

Stay tuned for the first Business Technology Law Blog video coming up shortly.....The video will discuss three provisions that MUST be in your cloud computing service agreement.