Know the Risks of Cloud Computing

Apple recently announced that it would launch iCloud, the latest innovation in “cloud computing.” In reality, most people should be familiar with the meaning of this because most people have used this particular service. If you have a Gmail or Yahoo! e-mail account, or use facebook or other social networking sites, then you have been cloud computing.

Most computer users have certain files, data and software right in their computer. Cloud computing takes those files, data and software and places them in a “cloud” where they can be accessed anywhere. Thus, you would not have to go to your physical computer to access your files; you could access them anywhere you have Internet access. (Similar to your Gmail and Yahoo! email accounts.)

Business leaders are increasingly moving organizations to cloud computing to cut costs by outsourcing the management of IT infrastructure. However, companies need to be aware of the inherent risks associated with cloud computing. Whether your IT department has made a choice to contract cloud services or not, your employees may unknowingly be subjecting internal documents to risk by using software or storing documents in cloud-based platforms.

Threats to data security include the ability of hackers to infiltrate cloud computing platforms such as iCloud and use cloud infrastructure to attack other machines, as well as insecure application programming interfaces (APIs) that can leave holes that lead to data leakage.

For companies engaged in cloud computing (iCloud), the legal risks associated with it can be daunting. Just a few of the many legal issues associated with cloud computing are:

• Compliance with a plethora of state and federal privacy laws, such as ITAR, the Patriot Act, Stored Communications Act, HIPPA, Attorney-Client Communications, EAR and Trade Secret Protections;
• Ambiguity as to which law governs the retention of information or which law governs a dispute between you and your client;
• Implications of a client with information that is highly sensitive and regulated by ITAR, EAR or other Federal privacy laws;
• Privacy and data security risks;
• Data and network back-up risks;
• Adequate insurance coverage for the risks of any breach of data, loss of data, and regulatory compliance;
• Ambiguity in determining who has the burden of preserving discovery, emails and information when a client of a cloud computing provider gets sued;
• Disaster recovery implications;
• Compliance with subpoenas, search warrants and possible seizures.

A survey of more than 1,800 U.S.-based IT professionals found that 48% say the risks of cloud computing and software-as-a-service (SaaS) outweigh the benefits. The survey was conducted by Rolling Meadows, Ill.-based Information Systems Audit and Control Association (ISACA), the IT security governance organization that administers security certifications. (TechTarget, April 2010).

For more information on how to protect your company from the potential risks associated with cloud computing, contact Peter Gojcaj.

Written by Peter Gojcaj

T: 248-282-1063

E: pgojcaj@bhlaw.us.com