To date, cloud service providers haven't focused much in this area and it's reasonable to expect they may be reluctant to address this topic, but it's crucial to understand the process of returning data to the customer. In some cases, it may be possible to move data from Vendor A to Vendor B directly. In both cases, there are cost and timeframe considerations as well as potential risks that require attention and legal advice.
Not all cloud service providers are equal, and some may be more willing to negotiate on these areas of concern. It's advisable to avoid boilerplate contracts that don't permit customisation or modification. Clearly, the bigger the customer, the more power is brought to the negotiating table. Still, even smaller organisations should exercise caution before moving mission-critical data to the cloud as they too can be impacted severely.
Dig deep in mitigating cloud-related risks
Because of potential reputation-damaging publicity, expect service providers to focus first and foremost on minimising widespread service outages while adopting policies and procedures for reducing privacy and security risks. What's less likely to grab headlines are the isolated instances when a cloud customer can't retrieve its data and is forced to deal with a sanction that costs hundreds of thousands of dollars.
For that reason and all the others described here, it's imperative for IT organisations to begin vetting the less-publicised yet equally impactful risks posed by moving data to the cloud. In the meantime, both large and small enterprises share responsibility for making sure all areas of concern are addressed to ensure a move to the cloud increases business benefits, not liabilities.
Since everyone knows that the best defence is a strong offence, companies seeking to reduce their cloud-related risks need to look and listen to legal advice before they leap. Bringing an organisation's IT and legal forces together for a meeting of the minds is a good first step. Together, this cross-functional team can take a holistic view of the company's data before creating a detailed strategy that ensures any move to the cloud increases corporate efficiencies and processes without creating bottlenecks or risks.
Negotiating service level agreements
Establishing service level agreements (SLAs) should be a critical part of any negotiations with a cloud service provider. Establish clear rules regarding the following for your data in the cloud:
- Physical location
- Degree of acceptable co-mingling
- Recovery time
Do not leave anything to be discussed later. The best time to negotiate is during the "courtship".
Shannon Smith is an experienced attorney who has assisted numerous organisations in developing strategies for record retention, litigation readiness and archiving. Prior to Commvault, she worked as general counsel for an IT firm specialising in data archiving and e-discovery.
Sign up for CIO Asia eNewsletters.