Is a legal challenge to cloud inevitable?

The consensus at the Cloud Connect conference seems to be that cloud will begin to dominate as early as 2013. Looking over the agenda for a seminar discussing the law and cloud computing, I wonder if that's music to your lawyer's ears.

James Urquhart

James Urquhart is a field technologist with almost 20 years of experience in distributed-systems development and deployment, focusing on service-oriented architectures, cloud computing, and virtualization. James is a market strategist for cloud computing at Cisco Systems and an adviser to EnStratus, though the opinions expressed here are strictly his own. He is a member of the CNET Blog Network and is not an employee of CNET.

See full bio

James Urquhart

March 17, 2010 9:30 p.m. PT

3 min read

I've been spending this week at the Cloud Connect conference at the Santa Clara Convention Center, in Santa Clara, Calif., listening closely to the broad range of opinions and concerns raise by both the customers of cloud and it's vendor community. The conference has been an amazing place to get a sense of what those deeply involved in cloud believe will happen in the next few years.

What has surprised me a little bit has been an apparent consensus that more and more applications will leverage public clouds, and that a large number of enterprises will adopt those services for certain classes of applications as early as 2013.

Contrast that with the agenda for a legal seminar being put on in Seattle this May, titled "Cloud Computing New business models and evolving legal issues", at which I will be presenting. Here is just a sample of the topics to be discussed:

Interoperability: Perspectives on Cloud Governance Through Standards Setting Organizations
Legal perspective on the standards setting process: Pros and cons for cloud computing providers in light of Rambus and other recent cases.

Data Maintained In, and Moving Between, Different National Jurisdictions: Differences in the Law and the Resulting Importance of Jurisdictional Issues
Differences in privacy concepts and regulations, and tips for keeping all the regulators happy; the closely related concept of confidentiality, when a duty arises, and how the service provider can control the terms of the commitment.

Security in the Cloud: Better or Worse than the Alternatives? How Do You Avoid Negligence Claims?
Strengths and weaknesses in the cloud compared to desktop and enterprise solutions; determining your standard of care and implementing security protections to avoid negligence claims; certification requirements and processes.

That's just part of the first day. The remaining sessions cover subjects with equally big implications for cloud adoption.

The sense I am getting is that adoption of cloud is beginning to outstrip the ability of legal council to evaluate the liabilities that the cloud introduces to enterprise IT. That's not to say those liabilities are insurmountable, or even as risky as they may seem to a lay person, such as myself.

However, I'm led to ponder a serious question: are we setting ourselves up to see a serious legal challenge to current cloud business models in the next three to five years? Is it possible that the legal implications of the cloud are widely underestimated, and that a lot of investment and effort will be for naught should certain classes of data or processing be deemed impermissible in the cloud by the courts?

I'm not trying to raise a false alarm here. It could also be that any legal issues are handled well before a serious legal challenge can be mounted. However, I'm always shocked that when a room full of IT folks--developer or operations--gets together to discuss cloud, they always fail to discuss what they need to do to mitigate legal risks.

I have no idea what "Rambus" is in the first item above, but it feels to me like I should.