Masters Conference 2010 ~ Cloud Computing: Discovery, Compliance, Litigation Risks and Solutions

On day 2 of the Masters Conference there was a very well attended session on Cloud Computing. Carolyn Depko, director of media relations for Edge Legal Marketing attended this session and shared some notes. What is “The Cloud”? What is cloud computing? Many different types, sizes, shapes, etc. of cloud computing but some shared features/characteristics: “Cloud Computing” -Shared Servers -Many Locations -Unspecified Geographical Locations “Dedicated Cloud” -Company Dedicated Servers -Locations May Be Limited -Locations May Be Specified & Known “Hybrid Cloud” A combination of cloud and dedicated cloud. Biggest issue with cloud computing – Giving Up Control Biggest Benefit – Cost Savings and scalability BUT understanding the risks is key. Make sure all “stakeholders” are involved and understand the benefits and risks for them specifically. The risks and questions to ask: 1) Preservation a) How will the data in the cloud environment be preserved? b) What is the method of preservation? c) What is the speed/scalability of the method? d) Is it all or nothing and if it can be limited what are the blind spots? 2) Data Authenticity a) Will you be able to authenticate your data? b) Has the cloud provider developed a procedure for inputting data? c) Has the cloud provider built-in safeguards to ensure accuracy & identify errors? d) Do you know the processes that were applied to the data? 3) Litigation a) Can moving data to the cloud expose you to new litigation? b) Who is liable for data breaches? c) Are we going to see claims alleging negligent protection of data or negligent hiring of a cloud provider? 4) Compliance & Regulatory Issues Additional topics discussed: 1) Many service provider “don’t get” the needs and requirements of companies. 2) MANY questions need to be asked of your service provider on many different levels and angles. 3) VERY IMPORTANT to “test” the security and deliverables that were agreed upon. Quality Assurance testing and auditing are VERY important. Is your service provider producing accurate results? 4) Best Practice Standards – Can we get Best Practice Guidelines developed for this industry?