Articles Posted in Cloud Computing

Cloud-based services give new meaning to the IT holy grail of “cheaper, better, faster” in the right circumstances. You might not even have to settle for just two. But it is important not to let the Cloud fog your thinking when it comes to configuring mission-critical IT-enabled services: adequate failover capabilities, and service levels that will support the operational imperatives of the business, are as important as ever.

It is typical, if not the norm, for Cloud service providers to offer only a single contractual service level – Availability – and then to define it in a way that wouldn’t pass the sniff test in a traditional IT services contract. For example, it is not unusual for a Cloud service’s Availability standard to be exceedingly low by customary data center standards – 98% or even 97% (versus 99.999% or even 99.9999%) – and then to make an already weak standard even weaker by contractual devices such as:

• Excluding downtime during the provider’s weekly maintenance window -which may span 2 days or more during the weekend, with no limit on how long the service can be taken down during that period,

Providers are rushing head-first into the cloud revolution, marketing their latest cloud offerings and promoting the benefits of hosting data externally.

To The Cloud–Start-up–Windows 7 by windows-videos

But as customers analyze whether the cloud is the right fit for their technology and data, they need to carefully review whether the contract terms proposed by cloud providers truly work “in the cloud.” Customers may discover that cloud providers simply have taken their existing standard licensing agreements for software hosted at the customer site (or at least large parts of their existing agreements), slapped the word “cloud” on the document, and voilà! A new cloud contract!

On Friday, April 22, Pillsbury hosted a meeting of the Washington, DC, chapter of the Cloud Security Alliance (CSA-DC). Dr. Ramaswamy Chandramouli, Group Chair of the NIST Cloud Computing Security Working Group addressed members of CSA-DC representing local businesses, government agencies and various consulting and law firms regarding the work NIST is doing to develop a security architecture for cloud services.

Dr. Chandramouli’s presentation focused, among other things, on the various ways the software development life cycle (SDLC) needs to be adapted to address the move to cloud based services, including ways to maximize the ability to move applications from one cloud provider to another. According to Dr. Chandramouli, when moving to the cloud, a number of aspects of the SDLC need to be re-evaluated, from access controls and use of things like OpenID to the use of third party-provided digital libraries and APIs. As Dr. Chandramouli and a number of other participants at the meeting noted, the move to the cloud also requires an examination of your disaster recovery/business continuity planning.

Naturally, the discussion turned to last week’s Amazon EC2 outage, opinions about its cause and a discussion of its effects.

Cloud computing is getting a lot of traction in a time of shrinking budgets. Industry experts speaking at NASSCOM 2011 are expecting cloud based services to be roughly a quarter of the outsourcing industry over the next two years.

So the business team is ready to move everything to the cloud. “But wait,” says the General Counsel, “if someone else has our email what happens if they get served with a subpoena? They won’t protect our information the same way we would.”

While there is no case law directly addressing discovery of corporate email held by cloud providers, there are some instructive analogs found in cases involving third-party email providers under the Stored Communications Act (“SCA”) and in cases addressing the concept of “control” under US Federal regulations that should be considered by large corporations thinking of migrating email to the cloud.