Don’t rush into the cloud . . . or you might not be able to see

Bernard Golden of CIO magazine writes the following re the motivation of developers to adopt open source in the cloud:

The motive for both uses stem from the same desire by developers: to start solving problems quickly. As Javier Soltero (of recently VMware-acquired (VMW) SpringSource) observed, one of the main reasons developers embrace open source is that it’s easily accessible and lets them get on with their job—getting started does not require lengthy discussions with the procurement organization, nor enduring numerous “briefings” by software sale representatives who terminate each discussion with an “investment review” designed to extract contract commitments. Similarly, using public cloud offerings like Amazon Web Services (AMZN) provides compute resources in minutes rather than the weeks common to many companies.

This is nice in theory, but there are a few potential very serious hicups if you allow your business or IT personel to go racing into contracts with cloud service providers. As Christopher Millard pointed out in a recent IAPP conference (you can see some of his work on cloud computing here), here are somethings to be aware of:

  • Many providers are start-ups (What happens to your data when it goes under?)
  • Many offerings are beta (Meaning the service is provided as is and you accept all the liability)
  • Many times your provider is outsourcing critical aspects of the service (Who is doing due diligence on your third party’s third party? What happens when the third party goes belly-up? Do you have line of sight of all your data?)
  • Contracts are written in a draconian manner often with little recourse if something goes wrong; these provisions would not likely pass muster in EU courts (Having worked as inhouse counsel for several years, I can tell you that many US contract provisions of this nature would not be upheld in EU courts)
  • Increases compliance complexity for highly regulated industries

The cloud is here and more is coming. There are tremendous positives -decreased costs, more environmentally friendly- but the industry is immature and due care is needed. The old rules still apply: line of sight for your data, due diligence, regular assurance, thorough contract review, governance- and don’t be afraid to walk if it’s not in your risk appetite.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s