In the world of technology, innovative products are often leaps and bounds ahead of legislation and social acceptance. When a game changing service or product is launched and becomes popular, it takes a while for people to accept it. Only when it has become part of the mainstream does it warrant the attention of legislators.
Cloud technology is no different. The introduction of digital streaming services for movies and music has fundamentally altered the way artists and movie houses are remunerated for content. Similarly the app store/cloud model for delivering software to mobile devices has spread to desktop computing as well. Even as cloud technology goes mainstream, vendors and customers are struggling with issues surrounding data ownership, intellectual property, security, privacy, and accountability.
By now most organizations are aware that there is no such thing as a standard cloud agreement. What a company wants and the features that the vendor is capable of offering need to match before an agreement can be concluded. However while parties on both sides are well-versed in such aspects as negotiating price, SLAs and infrastructure planning, more contentious issues continue to be debated.
The cloud is becoming ubiquitous and pervasive. Nevertheless there are two burning issues that have to be resolved if the cloud is going to become an integral part of doing business.
1. Data ownership and intellectual property
Everyone is agreement that no matter where the data centers are located or who actually maintains them, a vendor’s cloud data belongs to the company that generated it. It seems simple enough but what about the data surrounding the data? Metadata is becoming just as important as the actual data itself and the cloud vendor has access to comprehensive information on the customer’s use of cloud resources.
Normally this is used by the vendor to customize their offerings, streamline features and push updates that need it. However, it also gives rise to the possibility that customer usage data (which is usually aggregated and anonymized) could be sold/stolen/exploited by third parties. Similarly, though cloud technology IP clearly rests with the vendor, the answer is not so definitive and it comes to customizations that the provider may undertake for client organizations.
2. Legislation and accountability
Many nations have, or are in the process of, implementing comprehensive legislation pertaining to digital data holding organizations responsible for security breaches. This brings up the question of who is responsible for a breach that involves an organization that stores consumer data on a third-party cloud. It becomes even more problematic when each party is located in a different country. Also, it is often difficult to pinpoint the exact security hole that was exploited to steal data, outside of determining whether the vendor of client organization is the one at fault.
Concerns about security and data ownership are not impossible to resolve even though it will probably be a long time before legislation catches up with the cloud industry. Unfortunately by that time, there will be some other new technology on the horizon which will stir up a whole new set of concerns.