Public Cloud Storage Boom Brings Dangers to Light
Microsoft's SkyDrive and Google's much anticipate Google Drive are offering free cloud storage to entice small and midsize businesses. While anything free can perk up immediate interest, it never comes without a catch. According to InfoWorld, these two public storage providers, along with many others, make it easy to upload files, assign them a specific URL and then send that URL to anyone. Suddenly, the line between storing data in the cloud and file sharing is blurred. Why should a midsize business be concerned? It's legally gray areas just like this one that can potentially put your data at risk.
Guilt By Association
Storing data in a public cloud means that it's essentially comingling with others' data. In a perfect world, no one in your cloud would be doing anything illegal with their electronically stored information (ESI). However, the world isn't perfect, and in the off-chance that the law decides to seize another business's ESI, your data could also be negatively affected.
In the worst-case scenario, your data could become unavailable to you or legally seized purely for being located in the same public cloud. That's exactly what happened to Megaupload users. According to InfoWorld, the storage provider allowed users to upload copyrighted materials, assign them a URL, and then distribute the URL, an action that completely violates US copyright laws. The data of users who were in violation and those who weren't was seized--guilt by association for the technological era. An end result like this could be detrimental to your business, especially if data is lost in the process. Even being unable to access data for a few days could lead to potential financial losses.
Since the legal parameters of the cloud are a new frontier, it's important that you thoroughly research your cloud service provider and read the fine print in your contract. Google Drive is already in trouble for its terms of service. According to ComputerWorld, the search giant's past privacy issues have caused concern about whether or not the Google cloud will be using users' data internally. Though Google claims it will do no such thing, it's still enough of a concern to warrant a business checking the fine print when it comes to terms of service.
To avoid a Megaupload debaucle, check to see if your service provider partitions data. This may prevent your ESI from getting seized, should another user in your public cloud violate the law. If not, you may want to consider using a private cloud or keeping a duplicate of all of your comany's data in physical storage as well.
Before you sign with any public service provider, it is also essential to know what steps your provider will take should your data be subpoenaed. The CIO Update points out that cloud storage shifts total responsibility of ESI off of your enterprise and makes the service provider culpable as well. This means that if your data is subpoenaed, it may be done so through the service provider rather than directly through your company. Fileboard recommends that your service provider guarantee that not only will they contact you if a third party subpoenas your data, but that they contact you prior to any data being accessed. You may even want to see if you can include a clause that says your data can't be accessed by a third party without your knowledge.
It's also essential to nail down whether or not certain laws apply given where your business is physically located or where the data is located. This could make a huge difference, especially for those companies with branches overseas.
Storing data in the public cloud can benefit your business in many ways, but having both IT and legal take a fine-tooth comb over your service provider's contract is going to ensure that your experience goes as smoothly as possible.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.