Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Prepare carefully before moving to the cloud

Guy Betar | June 19, 2015
In the first of a two part series, Guy Betar explains why organisations need to take a long, hard look at the cloud providers they do business with.

Servers operated by Carpathia, an affiliate company of Kim Dotcom's Megaupload, became evidence in a criminal case and innocent parties were not allowed to access legitimate data stored on these systems.
Servers operated by Carpathia, an affiliate company of Kim Dotcom's Megaupload, became evidence in a criminal case and innocent parties were not allowed to access legitimate data stored on these systems.

Most companies are moving applications and systems to the cloud. But despite the attractions of this ever growing infrastructure model, the legal risks are neither widely nor well understood.

Your business needs to be as prepared as possible for the cloud and the officers who may be held responsible if things go wrong, or need to fix the problem, need to be properly briefed. They need to understand not just the potential benefits, but the downsides and risks, and what courses of action are available when they eventuate.

Take the following high profile example as a warning of what can go wrong. Many of us will recall German internet entrepreneur, Kim Dotcom (Kim Schmitz), and his adventures with New Zealand authorities.

What you may not be aware of is what took place in 2012 in the United States prior to his arrival in New Zealand.

Mr Dotcom and his company, Megaupload, were indicted on a variety of criminal offences related to copyright infringement. As part of this case, the FBI seized a number of domain names and over 1,000 servers operated by an affiliate company of Megaupload called Carpathia, intending that they be used in evidence against Megaupload.

The servers operated by Carpathia not only contained the data of Megaupload, but also that of many innocent and unrelated parties. Once the servers became evidence in a criminal case, the innocent parties who had data legitimately stored on those servers were not allowed to recover it, despite some showing their business relied on that data.

Consider how this incident would affect your business if you were one of those unlucky customers. Criminals and even terrorists are using the digital realm to aid their activities, meaning that the likelihood of a Megaupload-style incident being repeated is quite feasible, if not likely.

It would be an understatement to say there was a growing global focus on the security and integrity of IT systems, particularly relating to personal information.

Breaches of security can cause significant direct loss, but in the minds of senior executives, the biggest loss may well be indirect -- loss of reputation is a good example so clearly there is a lot at stake.

So what does it do to your corporate IT risk profile if you take part or all of your IT operations out from behind your security facilities, and place them under someone else's control? I am confident the answer is obvious.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.