"Cloud computing" has become a very hot topic. For the uninitiated, "cloud computing" generally refers to providing access to computer software through an Internet browser, with the software and data stored at a remote location at a "data center" or "server farm," instead of on the computer's hard drive or on a server located on the user's premises. This is also referred to "software as a service."
Proponents of this approach claim many benefits, including lower costs, less need for on-site support and "scalability." "Scalability" means that the number of licenses and available resources can easily be adjusted as the need increases. Access can typically be provided to any computer with a browser and an Internet connection, but can be controlled through password protection and other measures. Proponents also argue that the cloud makes it easier to manage and push down software upgrades. Software as a service is usually provided on a fee for service approach that may result in cost savings compared to the traditional local area network. Think of it as somewhat like renting as opposed to owning.
Cloud computing is not a technology of the future, but is here today. Google, for example, uses this approach to provide its suite of business applications intended to compete with Microsoft Office. Google applications are provided free or at very little cost. Salesforce.com is one of the best known providers, providing customer relationship management ("CRM") software to a growing list of companies. IBM and Microsoft are also entering the playing field.
There appears to be little doubt that cloud computing is here to stay, and that it may indeed represent the future of information technology. There are many advantages and potential advantages to the cloud computing model.
That said, from a legal perspective, cloud computing raises a host of issues. Having spoken recently to several cloud computing vendors, there are some rather obvious questions. Perhaps the most obvious question is, "What happens if you lose my data?" The answers I was provided focused on technical and not legal issues, such as the back-up procedures provided.
Technical issues are important, and there are certainly technical issues that a potential customer may want to consider, such as maintaining a back-up on site, or a back-up through a separate vendor. These approaches might provide some real practical protection in the event of a catastrophic failure or bankruptcy at the primary provider. Other technical issues might focus on what happens when the relationship ends, whether happily or not. Is there another vendor that can provide the software and host the data? Will data have to be converted to a different format? If the customer decides to switch back to a local area network, will the terminals that have been used for cloud computing (which, I am told, can be very basic "low powered" machines) be of any use, or will a completely new network need to be installed?
Although technical solutions are a good thing, over twenty-five years of litigation experience have taught me that disasters do happen, even with fail-safe plans in place, and even with parties acting in complete good faith. And, I suppose, it is natural for a lawyer to focus on legal rights and remedies rather than technical solutions.
From a legal standpoint, cloud computing appears to raise a host of essentially contractual issues to be addressed by the parties' contract or licensing arrangements. There are also potential regulatory issues (ranging from privacy to export control issues), potential e-discovery issues, and certainly other issues that have not yet crossed my mind.
As businesses and their lawyers become more experienced with cloud computing issues, it is likely that a consensus will emerge as to how cloud computing issues will be addressed. Hopefully, purveyors of cloud computing services will be flexible and reasonable in addressing legitimate business concerns. However, given the prevalence of "standard" licensing in the software field (often on a shrinkwrap or clickwrap basis) and efforts to limit liability under any circumstances, there is some cause for pessimism.
All that said, here is a list of issues that one might wish to consider asking a vendor or otherwise considering in entering into a possible cloud computing arrangement:
* What contractual obligation will you assume to protect my data? This could include reference to particular steps and procedures, including back-up obligations. The contract or license may specify a standard of care that the provider must meet.
* What contractual obligation will you assume regarding uptime, if any? Will you provide any type of uptime warranty? Even if such a warranty is subject to a limited remedy, it probably would provide considerable incentive for the provider to limit downtime.
* Most providers seem savvy enough to disclaim any interest in your data and will freely say -- in a sales setting anyway -- that "your data is your data." Well, that's good, but how do I physically get my data back at the end of the contract or if you go bankrupt?
* What remedy limitations, if any, are in your terms? Are consequential damages excluded? Are total damages capped (such as to a return of fees paid)? Even if contractual obligations are assumed, if remedies are severely limited, the provider may be shielded from liability.
* Where is my data going to be stored? Are you willing to agree that all my data will be kept in this location under specified conditions and at agreed security levels? This could be important for regulatory reasons, but also for reasons associated with meeting general customer confidentiality obligations or complying with privacy policies.
* Have you inserted a forum selection clause into the terms? Many providers want to insist on litigating on their home turf (which often, it seems, is California), but that is rarely a happy instance for a customer.
* How do I get out of this arrangement if you do not perform and what is my exit strategy? What rights do I have upon termination? What obligations do you have to assist in transitioning to a new vendor or back to a self-managed platform?
If you are considering going to the cloud, you should consider involving your business and technology lawyer early in the process. As stated, there are probably many other legal issues that have not even occurred to me. It is clear, however, that lawyers need to begin considering these issues, because cloud computing is clearly not going away.
John L. Watkins is a Shareholder of Chorey, Taylor & Feil, a Professional Corporation, a business litigation and business law firm in Atlanta. John has been a commercial litigator for over 25 years, and has handled a wide variety of cases. Currently, John's litigation practices concentrates on trade secret (including computer data misappropration), insurance coverage, corporate, shareholder, and commercial contract matters. Joh also negotiates and drafts sales contracts, non-disclosure agreements, and other business documents. John represents domestic and international companies or their U.S. subsidiaries. He has spoken frequently at public and private domestic and international seminars on various legal topics.
John graduated first in his class at the University of Georgia law school in 1982. He was named to the list of Georgia Super Lawyers in Business Litigation by Atlanta Magazine and the Journal of Law and Politicis. John is rated AV by the Martindale-Hubbell Law Directory, its highest rating, and 10.0 by the AVVO website, its highest rating. More information can be found at the firm's website, http://ctflegal.com, or its podcast page, http://ctflegal.blip.tv
Article Source: http://EzineArticles.com/?expert=John_L._Watkins
No comments:
Post a Comment
I thank for the comment!