by: Sarah Joson
Thursday, February 9, 2012 | Outsourcing News |
The demand for cloud services grew at a fast rate and there’s a huge chance that cloud providers are acquiring the services of subcontractors. This may lead to additional security issues as more and more parties gain access to the business’ sensitive corporate data. These organizations may come from different locations worldwide, and they may have varying laws and level of enforcement regarding intellectual property (IP) policies - again, another factor to consider.
Even though there are precautionary measures in cloud computing contracts, IT experts saw a trend amongst customers; they saw retractions due to intellectual property security, and as the cloud rapidly matured, it accrued various intellectual property challenges. Aside from keeping the physical assets such as data centers, network cables, and servers secure, business owners now have to worry about the virtual properties in a cloud operation.
At CIO.com, Stephanie Overby shares helpful insights and experiences of information technology experts regarding these issues, as well as nine tips on how customers can properly protect their data and intellectual property in the cloud.
Tit for tat. Companies that want to join the cloud bandwagon should do an intensive research about various providers. Factors should not solely be based on costs but industry risks and threats as well. Credible providers are easy to identify as these are usually the ones that offer solutions for possible threats and require higher security standards. So if business owners do a botched job in choosing the provider, then naturally, they will get less than impressive results.
Start small. Business owners shouldn’t get too excited about having one of their processes upgraded to the cloud, to the point where they sign off one of their major IT functions in a heartbeat. They should at least start with the basic services to get a better understanding of the entire IT process.
The Jekyll and Hyde syndrome. Contracts that are initially presented by providers should be properly analyzed. Some vendors often dupe clients in to becoming liable for illegal acts, plus put their information at risk. Like in any marketing agenda, what is initially presented to clients in ads, emails and etc., may be the opposite of what will actually be given to them. Some providers will purposely mislead the customers in hopes of making a sale.
Prepare for the unexpected. For complex cloud services, iron cladding the contract is essential. Go for measurable, unexpected clauses that can be considered as added precautionary measures. Some of these are regular check-ups, performance and progress reports, right to disclose the locations where data and applications will be processed and stored, right to approve subcontractors, a change control process that provides for advance notice and opportunities to work around or mitigate pending changes, and reasonable liability for non-performance by the provider.
Stingy people are not welcome. Cloud computing services are often inexpensive, unless customers want a customized system for their business - which is usually the case. This will definitely incur costs due to constant upgrades.
Intellectual property may come along the way. There are instances when the initial cloud services that are being rendered do not contain sensitive data about the company but later on, additional processes may be added and security from the provider should be looked into as information can be transmitted and obtained quickly. Also, providers and clients should look into the coverage of the IP laws in their respective locations.
Impose security measures manually. If a business owner wants to guard additional IP like Alcatraz in its heyday, then they would have to design the encryption themselves rather than wait on the providers. The type of protection where all the activities done whilst in the cloud is tracked and the owner will be alerted when something’s out of the ordinary.
Have equal control. Clients and providers should have equal control over the operation/service. If in case the client fails to meet the standards of the provider or does something completely against the contract, providers give clients the time to properly extract their files and data. But that usually isn’t the case, which is why clients should have access to their IP anytime.
Always be on guard. Since technology is always on the move, there’s no question that new threats can always come knocking at your datacentre’s doorstep. This can be in virtual (malware, viruses, etc.) or in physical (spy from the competitor, tech support guy makes a mistake and short circuits one of the servers) form.
Cloud may not be the solution. In some cases, moving operations to the cloud is just not the answer. They should be able to back away from a deal instead of losing money and precious time.