Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud Computing and Outsourcing: Is Data Lost in the Fog?

Cloud computing is here.  And if it isn't at your company yet, it soon will be.  Cloud computing is simply the latest version of the historical use of technology to increase flexibility and reduce costs.  By providing a bundled and scalable solution of software, infrastructure, data storage and communication, cloud computing providers allow companies to reserve cash, avoid expensive IT commitments, efficiently scale usage based on need, and launch new services quickly.  However, there is truly no free lunch - at this point in its development, outsourced cloud computing fails to address important questions of legal risk associated with knowing where data is stored and transmitted.  This article discusses several of these issues, which must be considered by companies turning to third-party cloud computing solutions.

First, of course, we need to define what we are talking about, because there are many definitions of "cloud computing."  Recently, a CIO we know defined it as a computing utility of virtual servers that are controlled by an organization and accessible to end-users via the Internet.  We define cloud computing as the provision of business applications that are accessible via the Internet using software and data stored on virtual servers.  Cloud computing offers a commoditization of business technologies:  infrastructure as a service, software as a service, and platform as a service, all online and in a Web 2.0 framework.  When a third party controls any aspect of the "cloud," issues are created regarding data security, privacy and legal compliance.  In a way, this has been the case ever since fixed data lines were replaced by communication solutions that bundled data from several companies.  The third party tries to fully exploit the efficiencies of virtualization and commoditization of several traditionally proprietary functions (infrastructure, platform and software), but creates substantial legal risk at the same time.

The benefits of third party solutions to commercial applications are well established.  From third-party software solution providers who leveraged the requirements of multiple customers, to outsourced infrastructure providers who invest in faster and better technology solutions than is possible for any single customer, third parties have always been able to use efficiencies of scale and commoditization to drive down the costs of providing a function.  However, with these benefits come risks, some of which are highlighted below.

Data Storage and Transfer

In a conventional outsourcing arrangement, the customer can negotiate control over the location of its data, including where backup operations will be conducted.  This knowledge allows the customer and provider to know which regulatory schemes apply and to comply with the relevant data transfer laws.  Outsourced cloud computing, however, can be delivered at a cost-effective price because the provider can move data around the world, perhaps splitting it up and sending it to different locations, depending on capacity, use and bandwidth.  This freedom may result in non-compliance with the myriad worldwide regulations pertaining to storage and transfer of data.

  • 1