If data is sitting in three jurisdictions, what laws apply to it?
Dubai: Tighter budgets, less capital investment and fewer IT staff in the corporate world are expected to boost cloud computing storage demands past $1 billion (Dh3.67 billion) per year in the Middle East in a third-party global storage market worth $68 billion annually.
As the global number grows to $150 billion a year by 2014, some observers warn the amount of money saved through offsite data storage solutions may not be worth the cost-cutting measures if costly legal disputes arise between corporate customers and the cloud storage providers.
Especially when storage facilities containing sensitive corporate data are located in one or more data centres in countries other than that from which the complainant company exports in-house data to external servers.
Paul Allen, Senior Legal Consultant with the Intellectual Property and Technical Group at law firm of DLA Piper, said companies need to weigh possible downsides of contracting out to a cloud storage providers.
In instances where a large corporation commissions a third-party firm to construct a cloud data centre on its behalf, Allen said there is more latitude for the company to protect itself with a relatively iron-clad business contract outlining the conditions of the build-to-operate relationship.
As part of the contract negotiations, the “parties can agree where disputes can be resolved,” Allen told Gulf News.
Protection
However, other flexible cloud computing services offered and hosted by cloud storage firms with servers in multiple countries may not have the same protection.
Allen said that “in a cloud computing context it is likely that [resolution conditions] will be decided by the provider and not the customer.”
He didn’t rule out that there will come a time when a large-scale dispute will draw attention to the issue of storing sensitive information on remote cloud storage servers.
“It’s likely we will have some high-profile cases that consider issues arising from cloud computing,” Allen said. “It will take one high-profile problem to precipitate a legal battle.”
Retrieving data or seeking compensation in cross-border data storage disputes may be extremely difficult given that data protection laws may only apply in the jurisdiction in which the data is stored.
A UAE company, for example, that hires a cloud storage firm to store its information on external servers could soon find itself subject to laws of other countries where computer servers containing the data are housed.
“As a customer, you don’t know exactly where that service is being provided from,” Allen said, adding that services are “probably being provided from a variety of different locations around the globe.”
Portions of the same data bundle from one company could be sitting on cloud services servers simultaneously in the UK, India and the United States and subject to three varying degrees of data protection laws.
Jurisdictions and laws
“You won’t know, because the servers won’t give you that level of detail. If your data is sitting in three different jurisdictions, what laws apply to that data?” Allen said.
In March of this year, technology research firm Gartner Inc, warned companies to be careful when moving to cloud computing services.
The company said in a statement: “Through 2012, 60 per cent of virtualised servers will be less secure than the physical servers they replace. Although Gartner expects this figure to fall to 30 per cent by the end of 2015…many virtualisation deployment projects are being undertaken without involving the information security team in the initial architecture and planning stages.”
Neil MacDonald, Vice-President and Gartner fellow said that, “Virtualisation is not inherently insecure. However, most virtualised workloads are being deployed insecurely. The latter is a result of the immaturity of tools and processes and the limited training of staff, resellers and consultants.”
Dr Joseph Reger, Chief Technology Officer at Fujitsu Technology Solutions, said cloud computing has suffered a hit following the latest WikiLeaks controversy surrounding the release of 500,000 confidential government cables around the home.
Bad news
“Amazon’s reaction in particular presents a big risk for the development of the IT market. The provider simply cut off cloud services for WikiLeaks — that is, its server capacity, which made WikiLeaks available on the internet. Amazon’s reason: WikiLeaks violated its terms and conditions. This is bad news for the new IT paradigm of cloud computing.
“If a provider can terminate its service that easily, based only on allegations of a contractual breach, then it is doing exactly what sceptics expect: putting the security and availability of cloud services into question,” Reger said in a statement.
He is also the inventor of the patented meshDETECT, Secure Prison Cell Phone Solutions.
LinkedIn Profile
- The Customer Edge Drives the Need for NaaS - June 25, 2023
- Blockchain Evolves And Secures - January 13, 2019
- Bessemer Ventures’ 2018 Cloud Computing Trends - February 25, 2018
