Cloud Computing Blog

How to Protect Trade Secrets in the Cloud

Although cloud computing often delivers reduced costs and increased flexibility, cloud customers now find themselves storing potentially sensitive data via someone else’s applications, on someone else’s databases, located at someone else’s facilities. What used to be locked up in a filing cabinet in the basement is now…well…who knows where? And this loss of logistical control over company information can be troubling—especially for that most tenuous form of intellectual property: the trade secret.

Cloud Agreements Will Be Affected by Developments in Privacy Law

It appears that Congress is taking seriously the mandate from the Obama Administration regarding Internet privacy issues. In February, Senate Judiciary Committee Chairman Patrick Leahy announced the creation of a new subcommittee called Privacy, Technology and the Law, which will oversee laws and policies that govern the “collection, protection, use and dissemination of commercial information by the private sector.” In March, Senators John McCain and John Kerry introduced proposed legislation that would create an “online bill of rights.” The McCain-Kerry law is poised to become the first comprehensive federal privacy law governing data collection, storage, and transfer. While these actions are aimed at addressing privacy issues as they implicate individual consumer rights, there is no limit to how impactful these laws could be in creating additional administrative and procedural requirements for the majority of cloud computing providers.

SIIA Calls for More Flexibility in Cloud Security Requirements

The Obama Administration announced last week that it is considering expediting cloud computing certification for federal agencies by relaxing some of the security requirements issued by the General Services Administration (GSA) in November of 2010. This apparently is a response to comments issued by, among others, the Software and Information Industry Association (SIIA), which argued that the one-size-fits-all approach to cloud security requirements issued by the GSA in November was impractical and outdated. “The SIIA’s point is that the nature of services offered by some cloud platforms is such that they do not require the highest level of security measures, and I tend to agree with them,” says Andrew Martin, technology and new media attorney with Scott & Scott, LLP. “Different sets of requirements for different categories of web-based solutions likely will help to avoid forcing vendors to integrate inefficient and unnecessary functionality into their products. Private-sector organizations should consider a similar service category-based technique when evaluating cloud vendors in order to promote efficiency during negotiations for the service.” For more information, please contact Mr. Martin at 800-596-6176 or amartin@scottandscottllp.com.

Amazon’s Dropping of WikiLeaks Raises Cloud Concerns

With the intense scrutiny and speculation swirling around WikiLeaks’ most recent posting of confidential U.S. State Department documents, it should not come as a surprise that Amazon, WikiLeaks’ hosting provider, found itself under informal investigation by Congress. Facing this type of inquiry, it did not take long for Amazon to terminate its cloud agreement with WikiLeaks, leaving the whistle-blowing site temporarily without an online presence as it searched for a new cloud provider to host its materials.

Many Cloud Contracts are Missing a Critical Term

Cloud computing contracts vary widely depending on the type of service being provided and the market to which that service is targeted. Cloud services that are inexpensive or free generally present the contract in the familiar “click-wrap” format that we all, at one point or another, have “agreed to” (but that we almost never actually read). Those agreements often are wholly in favor of the cloud service provider. On the other hand, larger cloud implementations representing considerable, strategic business decisions on the part of the customer (and considerable sales on the part of the cloud service providers) usually are accompanied by agreements that should be read, understood and negotiated to meet the right balance of risk and incentive for both parties. However, many of these large-scale implementation cloud contracts nevertheless are missing a critical term: the cyber risk insurance requirement.

Legal Pitfalls in the Cloud: Windows Azure License Agreements

Microsoft’s cloud offering, Windows Azure, is a cloud services platform designed for software development, hosting and web service management. The platform includes a cloud-based operating system with pre-configured developer tools and other options available. The license agreements are available online here and here. So, how does the Microsoft cloud licensing model stack up to our legal concerns regarding cloud computing?

Microsoft v. Salesforce.com – Taking the Fight to the Cloud

On June 24, 2010, Salesforce.com filed suit against Microsoft in a Delaware Federal court claiming Microsoft willfully infringed five Salesforce.com cloud computing-related patents. This is an apparent counter to a May 18th suit filed by Microsoft accusing Salesforce.com of patent infringement. Though Salesforce.com and Microsoft promote slightly different cloud computing models, each company claimed the patents infringed were significant components to their platforms, signifying that the fight over cloud market controls is ramping up.

Scott Technology Attorneys