About Us Alliances News Education Resources
PHTS Logo PHTS Logo PHTS Logo
New Account?  Forgot Password?     
Viewpoint


E-zines


Media Releases
News

Cloud computing not without risks
7/21/2011
 
Businesses may save money by using cloud computing but observers urge caution and vigilance for those contemplating the move, reports Business Insurance.

One real risk is that the cloud computing firm may not be around in the next 12-18 months. Another concern is how secure your data will be. “Every company has to carefully weigh the benefits and risks of cloud computing,” with the latter increasing in proportion to the importance of the data that is handled, Philip C. Gordon, a shareholder with law firm Littler Mendelson P.C. in Denver, commented to Business Insurance.

At the least, organizations interested in cloud computing should involve their risk manager and legal counsel in negotiating the contract. It is important to know up front what limitations of liability the cloud computing company is imposing, and whether or not the company will indemnify the organization, and if so, in what circumstances. Some experts say cyber liability insurance is essential.

Also worth considering is including a provision in the contract that specifies that in the event of a disaster, such as a tornado that destroys the cloud computing provider's facility, the company will provide backup and reproduce data, Business Insurance adds.

Healthcare organizations should make sure their vendor is HIPAA-compliant. Also, it would be prudent for an organization to specify in the contract that their data would be stored in the U.S. That can make a difference in case of a dispute with the cloud provider.

“Investigate cloud providers before going ‘into the cloud,’ Nolan M. Goldberg, senior counsel at Proskauer Rose L.L.P. in New York, commented to Business Insurance. Using a cloud provider for personal e-mail, for instance, is very different from trusting it with the “corporate crown jewels,” he said.

Some experts suggest requesting the cloud provider for an executive summary of a recent third-party audit of its security and privacy practice. Others say it would be smart to conduct extensive interviews, if needed, with senior tech management, with IT and IT security within the vendor companies. A good question to ask is who’s going to control the incident response if there is a data breach?

Finally, Business Insurance notes companies should ensure the safety of data as it is transferred to the cloud computing provider. There have been several situations where the information was sent to the wrong site or wrong person.

Given all the risks, one way might be to experiment with cloud computing on a small scale first, perhaps with non-sensitive data, to see how the company conducts business.