The Four Horsemen of the Apocalypse, Class of 2011: The Cloud

Corporate counsel today are beset with new challenges brought on by the technology revolution. It often seems impossible to keep up with the changes, let alone manage the risks. But this impossibility is the new normal. Not only is it here to stay; it will only get worse.

 

This series of columns explore today’s Four Horsemen of the Apocalypse, Class of 2011: The Cloud, data security in the new world of recreational hacking, IP v.6, and the impending adoption of new rules for gTLDs (top level domains, e.g., .com, .org, .net, etc.). This quartet keeps every in-house lawyer awake at night. And while a sweet dream may be what everyone hopes for, in truth, a real nightmare lies ahead.

 

 

Never before in technology has a development offered such financial savings. For some companies, moving their data and applications to the Cloud will save millions. Because the savings are so significant, risk analysis dramatically changes. The CFO and General Counsel are now at odds unlike ever before in the risk/reward debate.

 

For those readers who have been in a cloud of their own, the technology Cloud isn’t really a cloud at all. The euphemism was coined by someone deep in cyberspace. Probably some bored weather forecaster turned geek. In reality, the Cloud is merely a network of computers much like the networks most companies currently maintain within their organizations. Indeed, the Internet itself is a Cloud, i.e., a massive network of computers hosted throughout the world. And as any CFO will attest, maintaining a network – between upkeep, updates and security – is very expensive. The hardware, software, and personnel costs alone can easily run into the millions of dollars annually. Wouldn’t it be nice to simply outsource the problem, particularly to a company that has economy of scale because they handle networks for a multitude of companies? Enter the Cloud – independent companies who will take over all the technology woes of a company, from applications to storage, all for a volume price. Giants like Microsoft, Amazon, Google and others are touting their Clouds every day with compelling ads. These companies are technology savvy and asset rich. How can any numbers cruncher not love it?

 

But with the Cloud come the storms, the four most important of which are:

 

1. Security: Obviously, when data is stored remotely on servers owned and controlled by third parties, it is critical that the Cloud provider have state-of-the-art security systems. But most of them can honestly say they do. So why worry? Wrong. Even the most sophisticated security system can be breached. It takes far less effort than one thinks. Face it, when your data is housed in a Cloud along with data for every other user of that Cloud, the temptation to breach security is compelling. More on that later. Some say it’s a risk that is no greater than if you maintain your own network, ignoring the difference of who is in control. An otherwise innocent breach can cost millions in legal fees and related costs. New insurance products are available and are a must to explore for any company considering the Cloud.

 

Bottom Line: Do not find solace in whatever security system is promised to you.

 

2. Politics: In the past few months, the world has witnessed how governmental regimes are often at odds with communications on the Internet. Egypt, Libya, Syria, Yemen, and a host of other countries have tried to suppress communications by going so far as to temporarily shut down any Internet access in their countries, despite the economic harm it does to their infrastructure. So why should politics matter in the Cloud? The fact is it’s all the same system – whether its Twitter or a company’s data. All the data is stored and shared on a massive network of computers. Wherever any server in the Cloud is maintained, it is under the jurisdiction of that country where it lies. That can create serious risks, not only to security, but also to tried and true spying by regimes intent on finding an edge in competition and influence.

 

Bottom Line: Demand to know where all the servers are located and make sure there is redundancy. A lot of redundancy.

 

3. Continuity: One of the most frustrating events in any executive’s day is loss of service. No email. No Google. No social media. And no Cloud. Malfunctions happen to even the best operators. Technology updates are never without bugs and problems. A contract with a Cloud provider should mandate returns to service within hours, if not less. A properly managed Cloud provider should be asked to demonstrate its record of service, documenting all of its out of service incidents, what it did in response to a loss of service, and how long the interruption lasted.

 

Bottom Line: Don’t trust any hype or contractual promises. Conduct thorough due diligence and make the Cloud provider share its history, service levels, and response plans.

 

4. Corruption: The incidents of documents being corrupted when sent via an e-mail, making it impossible to open, is commonplace. And costly. Think of the Cloud as an enormous e-mail system. Documents are being stored, transmitted, restored, fragmented, and stored yet again in a never-ending cycle. Every time a document is moved, it risks corruption. It may be corrupted by a virus, by a bug[A1] in software, or for reasons no one will ever understand. S**t happens. And while sophisticated Cloud providers take this all very seriously, the reality is the more data you handle, the higher the risk of corruption. More due diligence is required. More verification of system integrity.

 

Bottom Line: Data will be corrupted sooner or later. Get over it. But make sure the Cloud provider has a plan on how to deal with it and keep it as low a risk as possible.

 

It is truly the dawning of a new era for corporate counsel. Whether lawyers like it or not, the geekier they get, the better they’ll be prepared to lead their companies and clients through the technology matrix that lies ahead. And those who are not geeks, are well advised to have a deputy geek by their side.

 

In future installments of this series, we will look at three other challenges facing corporate counsel in the new era of social media: In Part II, we investigate Recreational Hacking; in Part III, we take a look at the implications of IPv6; and in the final installment, we will discuss the issues raised by ICANN’s plans for new gTLDs.