Friday, October 07, 2011
Cloud Computing: Terms of Service and Risks
Cloud computing is an increasingly used buzzword among IT departments, businesses, advertisers, and individuals. Without even knowing it, many of us use cloud computing daily. For example, the emails I receive, sent to various addresses, are all forwarded to GMail (www.gmail.com), where I’m allowed a free 7 gigabytes of storage – provided that I allow Google to search and read my email, determine what I’m most likely to buy, and serve up advertisements accordingly. Nearly all of my important documents are stored in DropBox (www.dropbox.com), a cloud computing storage drive. It’s installed on my work computer and laptop, and synchronizes with both. Documents are also accessible via the DropBox website. I can pay for more storage, or refer others to get more storage for free. Wherever I am, I have a copy of my important documents. I don’t have to worry about my hard drive crashing or spilling coffee on my laptop (well that’s still a worry but at least I can still access my materials if it happens).
What is cloud computing? There are many definitions, but generally it is a system where resources are accessed remotely from a dedicated internet-based service. In this respect, cloud computing is not a new concept; it’s core functionality has been around in one form or another since the early days of computing.
Originally, computing was prohibitively expensive and typically performed on large systems called mainframes. People would connect to, share time, and work on these systems via a ‘dumb’ terminal. As IBM, Microsoft, and Apple popularized the personal computer, the bulk of computing moved to individual machines with their own dedicated processing units. With the exponential growth of the Internet and increase in network speeds, we now see the proliferation of low (and high) cost ‘terminals’ that ultimately connect to a central resource for the bulk of computing power and storage needed. Cloud computing differs from mainframe computing in that the resources are typically spread across many datacenters and accessible from anywhere with an Internet connection. Cloud-based services can provide greater redundancy and reliability, while also offering elasticity – the ability to instantly scale as needed.
However, there are risks to moving to a cloud model. The most prominent risk is the possibility of data loss. For example, in April 2011 Amazon’s EC2 service crashed. Amazon quickly worked to restore all of their customer data, but their backups were insufficient and a small percentage of data was lost. The outage affected thousands of companies who had outsourced their web hosting and data storage needs to Amazon. The customers who lost data had little recourse; the Amazon EC2 terms of service, the terms that all users of the service must agree to, states that the customer is ultimately the one responsible for backing up his own data.
The terms of service agreements for cloud computing services, while rarely read or understood, highlight many of the risks involved, such as privacy. Data stored with a cloud vendor may physically reside on multiple servers. Any computer attached to a network is vulnerable to security intrusions. In their terms of service (TOS), companies typically do not guarantee against security intrusions. Generally, vague terms such as “Reasonable and Appropriate Measures” will describe the steps taken to secure your data. Having your files hosted and replicated across several data centers in different states and possibly different countries may also lead to some jurisdictional issues.
Another issue is ‘uptime,’ or the percentage of time that a cloud computing service is up and running. Cloud vendors should guarantee a minimum level of service, embodied in what are called Service Level Agreements (SLAs). This level is usually guaranteed to be in excess of 99.9%, with service credits or refunds offered if it dips below this level. However, there are few mechanisms available to monitor uptime for any service, and it is questionable whether the term covers service that is technically up and available, but the speed is frustratingly slow. Businesses that decide to migrate to cloud computing services should ensure that uptime is included in the agreement and determine means for enforcement.
While cloud computing typically offers redundancy, reliability and elasticity, people should be aware of the risks involved and plan on its use accordingly. Businesses should assess the potential reduction in costs by integrating cloud computing into their environments, and compare it with the loss of control inherent to using a cloud provider. However, for the general public, cloud computing storage and services are likely to be more reliable than the same services on a home PC – though having an extra backup couldn’t hurt.
© Copyright 2010 The Journal of High Technology Law, Suffolk University Law School
Suite 450B | 120 Tremont Street | Boston | MA | 02108-4977 | Legal and Copyright Information