Monthly Archives: March 2011

The Cloud – Heaven or Hell? – Part 2

Yesterday’s blog opened my contrarian view on the Cloud. To be fair, there are instances where the Cloud makes sense. There are many different ways to participate in the computing continuum of the Cloud and many of them are heavenly. Perhaps you enjoy the freedom from Microsoft-Office via Google Apps or smile from the near effortless on-line backup services provided by the Cloud. But, once you look at the enterprise level and contemplate the full impact of the implications of a full embrace of what is being pitched, you may realize that Cloud nirvana is anything but.

Today, a company’s data is the king or queen of the corporate kingdom. The Cloud may “talk” a good story about corporate data, but the corresponding contractual “walk” is as etheral as the wisps of a cirrus cloud. For all of its prospective luster, there are significant issues that buyers must be aware of to avoid an “eyes wide shut” disaster. These issues condense around two distinct risks. The first relates to litigation, specifically litigation-related preservation (a.k.a the “litigation hold”), and the second to data-breach related issues.

The Litigation Hold

It is ultimately not surprising that the merits-of-the-Cloud discussions do not cover the “arcane” topic of a litigation-hold, i.e. the preservation of potentially case-relevant data. This topic is arcane because a litigation hold is on the mind of very few IT personnel, let alone those C-level folks who should care. Certainly any CIO or IT manager, one who has had a litigation-hold go badly, only wishes in retrospect that they had more foresight into the dangers of a poorly managed litigation hold.
To some, what a “litigation hold” means in a Cloud environment is anyone’s guess. In truth, there is no guessing – the entity providing the Cloud-based service will have no liability in a litigation hold. If you have any doubts, simply review the limits of liability in a Cloud-related contract. Do you think any 3rd party Cloud entity is going to accept the contractual responsibility of a litigation hold and its potential sanctions? You will be in a relative sea of flames in corporate purgatory should your contract reveal its shortcomings in a failed litigation-hold scenario.

The Data Breach

Just like the liability arising from a failed litigation hold, today’s Cloud providers are not in the position to represent or warrant against a data breach, let alone backstop the resulting liability. Let’s say you are a large health-care servicer, an entity handling hundreds of thousands of HIPAA records and these records are hosted by a Cloud provider. Who has ultimate responsibility if a breach occurs? More importantly, who backstops the full range of liabilities that arise from such a breach? I can more or less guarantee you that the Cloud provider will not be liable in such situations and your enterprise will be left holding the proverbial bag. Nothing says “career ending move” like being the signatory on a Cloud contract that costs the organization hundreds of thousands of dollars in data-breach penalties, turning the illusory heavenly Cloud experience into one from Dante’s inferno.
I am sure there will be some interesting case law on these various issues. I admire those who boldly venture into the Cloud, because it will be from their costly mistakes that the rest of us ultimately benefit.

The Cloud – Heaven or Hell? – Part 1

Cloud computing is the HOT topic in IT Webinars, articles, and especially marketing. Most of all that is written and pitched talks to the benefits of going to the Cloud, mostly in terms of reduced costs. These reduced costs take the form of less money for hardware, software and the arms and legs needed to support it. And, looking at it from many angles, these benefits do accrue from using the Cloud. From what is said about the Cloud, one would think that it holds the transcendent features of a heaven on earth, a place where all those using the Cloud are as free from IT-related burdens as some heavenly being, where computing is bliss and systems’ worry is for those mere mortals who have not yet been sufficiently enlightened to embrace the Cloud.

As you might gather, I hold a somewhat contrary view; seeing the collateral damage from a data breach or botched litigation hold instills a bit of paranoia into your professional perspective. Accordingly, the Cloud in some respects is truly HOT, but more in terms of the opposite of heaven. What is HOT, but clearly not marketed let alone discussed, is the liability that arises from embracing the Cloud. Put another way, the Cloud is HOT and you will be burned when your Cloud provider experiences a data breach or fails to start or maintain a litigation hold. Ultimately, you will get as much support from the Cloud in terms of backstopping this type of potentially costly liability as a PII or HIPAA-loaded hard drive gets from the vapor of a real cloud, as it falls through the sky and bursts to bits as it impacts the reality of tera firma.

The devil is always in the details, and with the Cloud this is no different. I will continue this topic in a follow-on blog tomorrow, delving more deeply into its flaws.