Cloud computing: The good, the bad, and the ugly

Nov 24, 2010

A survey of 31 Cloud computing contracts from 27 different providers has found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers.

The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London. Funded by a donation from , but academically independent, the project is examining a wide range of legal and regulatory issues arising from Cloud computing.

"The ease and convenience with which Cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud ,” says Professor Christopher Millard, principal researcher on the Cloud Legal Project.

“The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the Terms and Conditions of a Cloud service carefully before signing up to it.”

Many web services are examples of Cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and salesforce.com.

can be very attractive as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications. There may, however, be unforeseen costs and risks hidden in the terms and conditions of such services.

The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all.

Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data.

And Cloud providers often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.

Although in EU countries and various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is in fact based in another continent.

Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.

Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many Cloud providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and to compare them against their own copies of earlier versions to look for changes.

Explore further: US official: Auto safety agency under review

More information: The paper ‘Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services’ by Simon Bradshaw, et al., is available via the Cloud Legal Project web site at: www.cloudlegal.ccls.qmul.ac.uk

Related Stories

Study on the Security of Cloud Computing

Feb 26, 2010

Not only does cloud computing help to save money, it also helps to increase IT security: Small and medium sized companies especially can profit from special cloud security solutions and the knowledge advantage of experienced ...

Sun Microsystems to offer 'public cloud' service

Mar 18, 2009

(AP) -- Taking a cue from Amazon.com, Sun Microsystems Inc. plans to launch its own "public cloud" service, which will let everyone from big-time corporations to dorm-room entrepreneurs run their businesses on Sun's computers ...

Microsoft raises cloud computing concerns

Nov 05, 2009

Packaged software powerhouse Microsoft on Thursday released a paper outlining privacy concerns businesses should consider prior to leaping into the computing "cloud."

Recommended for you

US official: Auto safety agency under review

Oct 24, 2014

Transportation officials are reviewing the "safety culture" of the U.S. agency that oversees auto recalls, a senior Obama administration official said Friday. The National Highway Traffic Safety Administration has been criticized ...

Christian Bale to play Apple's Steve Jobs

Oct 23, 2014

Oscar-winner Christian Bale—best known for his star turn as Batman in the blockbuster "Dark Knight" films—will play Apple co-founder Steve Jobs in an upcoming biopic.

How to find a submarine

Oct 23, 2014

Das Boot, The Hunt for Red October, The Bedford Incident, We Dive At Dawn: films based on submariners' experience reflect the tense and unusual nature of undersea warfare – where it is often not how well ...

Government ups air bag warning to 7.8M vehicles (Update)

Oct 22, 2014

The U.S. government is now urging owners of nearly 8 million cars and trucks to have the air bags repaired because of potential danger to drivers and passengers. But the effort is being complicated by confusing ...

User comments : 9

Adjust slider to filter visible comments by rank

Display comments: newest first

krundoloss
2 / 5 (1) Nov 24, 2010
I will have to admit that Cloud computing and Software-as-a-service sound great, they also take away a persons right to work offline, or to use software permanently. It has its Pro's and Con's, I hope it is handled properly and respects the rights of the user. Its a little too "Big Brother" if you ask me.
Riff
3.3 / 5 (3) Nov 24, 2010
Two huge problems with it. Your computer becomes useless without a internet connection, and just one security breach nets the hacker millions of people personal info and data. In its present model, only a idiot or complete noob would switch to cloud computing. And lets not forget about the disgruntled (or greedy) employee with access to all these database files.
Zed123
3 / 5 (2) Nov 24, 2010
Two huge problems with it. Your computer becomes useless without a internet connection, and just one security breach nets the hacker millions of people personal info and data. In its present model, only a idiot or complete noob would switch to cloud computing. And lets not forget about the disgruntled (or greedy) employee with access to all these database files.


Riff, your comment just shows that you dont understand Cloud and its uses. Having worked with cloud cumputing offerings of various flavours for the past 3 years I can tell you that its not right for every situation. However there are a great many individuals and businesses that derive huge benefits from Cloud services.

I do think its interesting that the main conclusion from this research was that customers should review the T&C's before signing up. Really? They needed a study to determine that I should read and understand a contract before signing it?
Riff
3 / 5 (2) Nov 24, 2010
Hi Zed. I've been writing code since 1985 (assembly, basic, pascal, logo, c, c++, c# and currently php and javascript). Back in the day it was a great thing to get off a terminal and have a cpu on the desktop. Cloud computing takes that power away and puts us back on terminals. Its a step backwards and benefits practicably no one except the companies implementing it. With all due respect Zed, I fully understand that cloud computing turns my computer back into a terminal. Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's...
Riff
3 / 5 (2) Nov 24, 2010
...When that happens people will avoid it like the plague. Its not if.. its when. And hackers are looking very forwards for cloud people to implement it. TCP/IP is too insecure for it (as it is for just about everything), and to trust TCP/IP at this point in time is like putting a bullet to ones own head. The internet is nothing more than a huge insecure kludge, and even its own designers admit that part of it. Use the cloud at your own risk.
T3chWarrior
not rated yet Nov 25, 2010
Cloud is the next p2p
Skeptic_Heretic
1 / 5 (1) Nov 25, 2010
Hi Zed. I've been writing code since 1985 (assembly, basic, pascal, logo, c, c++, c# and currently php and javascript). Back in the day it was a great thing to get off a terminal and have a cpu on the desktop. Cloud computing takes that power away and puts us back on terminals.
No, it doesn't. Cloud computing simply removes processing independence from the equation. Cloud computing doesn't remove you pc and solo functionality. Offline images are key to functionality in most cloud environments. What cloud provides is centralized processing and storage power for individual session based computing. You're not stuck with a dumb terminal unless it is by design.
With all due respect Zed, I fully understand that cloud computing turns my computer back into a terminal.
And that is where your understanding is wrong.
Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's
As opposed to stealing your laptop...
LivaN
not rated yet Nov 25, 2010
What cloud provides is centralized processing and storage power for individual session based computing.


So your pc no longer does the processing or the storing? Sounds like a terminal to me.

You're not stuck with a dumb terminal unless it is by design.


I think you're taking the analogy a little to literally. Once relient on cloud computing, removing it may as well reduce your pc to a terminal, as you will no longer have adequite processing power or storage for your task(s).

As opposed to stealing your laptop...


Yes but you're laptop is only accessible to thieves in you vicinity. Online data is accessible world wide.

Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's...


Cloud computing will never fail, it's potential is simply to great.
Skeptic_Heretic
not rated yet Nov 25, 2010
So your pc no longer does the processing or the storing? Sounds like a terminal to me.
No, there's a difference between availability and limitation. Cloud computing allows use of centralized resources without preclusion of local resources, that is unless it is designed to be done as such. SaaS is such an example, you can have local pull down data and applets or it can be entirely remote. Cloud can't be pigeon holed as terminal-mainframe alone.
Yes but you're laptop is only accessible to thieves in you vicinity. Online data is accessible world wide.
Not so. Download a trojan onto your laptop and the info can be stolen without physical theft. Security becomes easier with a cloud setup as you can prevent the data from ever leaving your datacenter. Far easier to focus security efforts on a gate rather than an open amusement park.
Cloud computing will never fail, it's potential is simply to great.
The industry has a wonderful cycle depending on hard/software limitation