Cloud computing: The good, the bad, and the ugly

Nov 24, 2010

A survey of 31 Cloud computing contracts from 27 different providers has found that many include clauses that could have a significant impact, often negative, on the rights and interests of customers.

The survey formed part of the Cloud Legal Project at the Centre for Commercial Law Studies (CCLS), within the School of Law at Queen Mary, University of London. Funded by a donation from , but academically independent, the project is examining a wide range of legal and regulatory issues arising from Cloud computing.

"The ease and convenience with which Cloud computing arrangements can be set up may lull customers into overlooking the significant issues that can arise when key data and processes are entrusted to cloud ,” says Professor Christopher Millard, principal researcher on the Cloud Legal Project.

“The main lesson to be drawn from the Cloud Legal Project’s survey is that customers should review the Terms and Conditions of a Cloud service carefully before signing up to it.”

Many web services are examples of Cloud computing, from storage and backup sites such as Flickr and Dropbox to online business productivity services such as Google Docs and salesforce.com.

can be very attractive as a means of achieving financial savings, productivity improvements and the wider flexibility that accompanies Internet-hosting of data and applications. There may, however, be unforeseen costs and risks hidden in the terms and conditions of such services.

The survey found that some contracts, for instance, have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use (potentially important if they are used for occasional backup or disaster recovery purposes), for violation of the provider’s Acceptable Use Policy, or indeed for any or no reason at all.

Furthermore, whilst some providers promise only to hand over customer data if served with a court order, others state that they will do so on much wider grounds, including it simply being in their own business interests to disclose the data.

And Cloud providers often exclude liability for loss of data, or strictly limit the damages that can be claimed against them – damages that might otherwise be substantial if a failure brought down an e-commerce web site.

Although in EU countries and various other jurisdictions the validity of such terms may be challenged under consumer protection laws, users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is in fact based in another continent.

Indeed, service providers usually claim that their contracts are subject to the laws of the place where they have their main place of business. In many cases this is a US state, with a stipulation that any dispute must be heard in the provider’s local courts, regardless of the customer’s location.

Perhaps the most disconcerting discovery of the Cloud Legal Project’s survey was that many Cloud providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. In effect, customers are put on notice to download lengthy and complex contracts, on a regular basis, and to compare them against their own copies of earlier versions to look for changes.

Explore further: UN study: Cellphones can improve literacy

More information: The paper ‘Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services’ by Simon Bradshaw, et al., is available via the Cloud Legal Project web site at: www.cloudlegal.ccls.qmul.ac.uk

Related Stories

Study on the Security of Cloud Computing

Feb 26, 2010

Not only does cloud computing help to save money, it also helps to increase IT security: Small and medium sized companies especially can profit from special cloud security solutions and the knowledge advantage of experienced ...

Sun Microsystems to offer 'public cloud' service

Mar 18, 2009

(AP) -- Taking a cue from Amazon.com, Sun Microsystems Inc. plans to launch its own "public cloud" service, which will let everyone from big-time corporations to dorm-room entrepreneurs run their businesses on Sun's computers ...

Microsoft raises cloud computing concerns

Nov 05, 2009

Packaged software powerhouse Microsoft on Thursday released a paper outlining privacy concerns businesses should consider prior to leaping into the computing "cloud."

Recommended for you

UN study: Cellphones can improve literacy

6 hours ago

A study by the U.N. education agency says cellphones are getting more and more people to read in countries where books are rare and illiteracy is high.

Gates-funded student data group to shut down

Apr 21, 2014

The head of a student data processing organization says it will shut down in the coming months following criticism that led to the recent loss of its last active client—New York state.

Four questions about missing Malaysian plane answered

Apr 19, 2014

Travelers at Asian airports have asked questions about the March 8 disappearance of Malaysia Airlines Flight 370 while en route from Kuala Lumpur to Beijing. Here are some of them, followed by answers.

User comments : 9

Adjust slider to filter visible comments by rank

Display comments: newest first

krundoloss
2 / 5 (1) Nov 24, 2010
I will have to admit that Cloud computing and Software-as-a-service sound great, they also take away a persons right to work offline, or to use software permanently. It has its Pro's and Con's, I hope it is handled properly and respects the rights of the user. Its a little too "Big Brother" if you ask me.
Riff
3.3 / 5 (3) Nov 24, 2010
Two huge problems with it. Your computer becomes useless without a internet connection, and just one security breach nets the hacker millions of people personal info and data. In its present model, only a idiot or complete noob would switch to cloud computing. And lets not forget about the disgruntled (or greedy) employee with access to all these database files.
Zed123
3 / 5 (2) Nov 24, 2010
Two huge problems with it. Your computer becomes useless without a internet connection, and just one security breach nets the hacker millions of people personal info and data. In its present model, only a idiot or complete noob would switch to cloud computing. And lets not forget about the disgruntled (or greedy) employee with access to all these database files.


Riff, your comment just shows that you dont understand Cloud and its uses. Having worked with cloud cumputing offerings of various flavours for the past 3 years I can tell you that its not right for every situation. However there are a great many individuals and businesses that derive huge benefits from Cloud services.

I do think its interesting that the main conclusion from this research was that customers should review the T&C's before signing up. Really? They needed a study to determine that I should read and understand a contract before signing it?
Riff
3 / 5 (2) Nov 24, 2010
Hi Zed. I've been writing code since 1985 (assembly, basic, pascal, logo, c, c++, c# and currently php and javascript). Back in the day it was a great thing to get off a terminal and have a cpu on the desktop. Cloud computing takes that power away and puts us back on terminals. Its a step backwards and benefits practicably no one except the companies implementing it. With all due respect Zed, I fully understand that cloud computing turns my computer back into a terminal. Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's...
Riff
3 / 5 (2) Nov 24, 2010
...When that happens people will avoid it like the plague. Its not if.. its when. And hackers are looking very forwards for cloud people to implement it. TCP/IP is too insecure for it (as it is for just about everything), and to trust TCP/IP at this point in time is like putting a bullet to ones own head. The internet is nothing more than a huge insecure kludge, and even its own designers admit that part of it. Use the cloud at your own risk.
T3chWarrior
not rated yet Nov 25, 2010
Cloud is the next p2p
Skeptic_Heretic
1 / 5 (1) Nov 25, 2010
Hi Zed. I've been writing code since 1985 (assembly, basic, pascal, logo, c, c++, c# and currently php and javascript). Back in the day it was a great thing to get off a terminal and have a cpu on the desktop. Cloud computing takes that power away and puts us back on terminals.
No, it doesn't. Cloud computing simply removes processing independence from the equation. Cloud computing doesn't remove you pc and solo functionality. Offline images are key to functionality in most cloud environments. What cloud provides is centralized processing and storage power for individual session based computing. You're not stuck with a dumb terminal unless it is by design.
With all due respect Zed, I fully understand that cloud computing turns my computer back into a terminal.
And that is where your understanding is wrong.
Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's
As opposed to stealing your laptop...
LivaN
not rated yet Nov 25, 2010
What cloud provides is centralized processing and storage power for individual session based computing.


So your pc no longer does the processing or the storing? Sounds like a terminal to me.

You're not stuck with a dumb terminal unless it is by design.


I think you're taking the analogy a little to literally. Once relient on cloud computing, removing it may as well reduce your pc to a terminal, as you will no longer have adequite processing power or storage for your task(s).

As opposed to stealing your laptop...


Yes but you're laptop is only accessible to thieves in you vicinity. Online data is accessible world wide.

Cloud computing for the most part WILL fail as soon as someone hacks a huge system and steals millions of ID's...


Cloud computing will never fail, it's potential is simply to great.
Skeptic_Heretic
not rated yet Nov 25, 2010
So your pc no longer does the processing or the storing? Sounds like a terminal to me.
No, there's a difference between availability and limitation. Cloud computing allows use of centralized resources without preclusion of local resources, that is unless it is designed to be done as such. SaaS is such an example, you can have local pull down data and applets or it can be entirely remote. Cloud can't be pigeon holed as terminal-mainframe alone.
Yes but you're laptop is only accessible to thieves in you vicinity. Online data is accessible world wide.
Not so. Download a trojan onto your laptop and the info can be stolen without physical theft. Security becomes easier with a cloud setup as you can prevent the data from ever leaving your datacenter. Far easier to focus security efforts on a gate rather than an open amusement park.
Cloud computing will never fail, it's potential is simply to great.
The industry has a wonderful cycle depending on hard/software limitation

More news stories

Amazon Prime wins streaming deal with HBO

Amazon scored a deal Wednesday to distribute old shows from premium cable TV channel HBO to its monthly Prime subscribers, landing a blow on rival Netflix in the streaming video battle.

Is nuclear power the only way to avoid geoengineering?

"I think one can argue that if we were to follow a strong nuclear energy pathway—as well as doing everything else that we can—then we can solve the climate problem without doing geoengineering." So says Tom Wigley, one ...

Robot scouts rooms people can't enter

(Phys.org) —Firefighters, police officers and military personnel are often required to enter rooms with little information about what dangers might lie behind the door. A group of engineering students at ...

Cyber buddy is better than 'no buddy'

A Michigan State University researcher is looking to give exercise enthusiasts the extra nudge they need during a workout, and her latest research shows that a cyber buddy can help.