Featured Article from Software Licensing

Cloud Services Raise New Legal Issues

September 05, 2013



While the exploding popularity of cloud computing is making the technology more conventional, historically it is still an unconventional service.

As a result, much of the standard language that appears in contracts between a business and the vendors it deals with is not applicable. Protecting the interests of businesses that use cloud services requires a new kind of contract.

According to Foley Hoag LLP, a Waltham, Mass.-based law firm that deals with technology issues, several components of conventional contracts designed to work with ‘real world’ vendors are not pertinent to cloud services and in fact, may have gaping holes that leave companies information unprotected. 


Image via Shutterstock

Many service contracts specify locations when and where products and services are to be delivered. Maintenance and cleaning services, for example, cannot be performed anywhere other than on the business’ premises. Typically their work is done after normal business hours to avoid disrupting employees.

Cloud computing services don’t work that way. Barring occasional downtime, the service is available 24/7. The service originates from the vendor’s facilities and is accessed remotely.

The standard contract often addresses how a vendor’s employees are to operate while working on the customer’s premises. Workman’s comp, vehicle insurance and commercial general liability protection are common issues in such contracts. There are provisions to ensure that there is no misrepresentations that would make it appear that the vendor’s employees were the business’ employees. 

Since the cloud vendor’s employees work at the cloud vendor’s facilities, many of these issues don’t apply. 



Conventional contracts that deal with tangible goods and property are usually silent on the matter of data, which confidentiality agreements are usually insufficient to protect.

A contract better geared towards cloud computing would do the following:

- Clearly describe what the vendor owns and what the customer owns.
- Define parameters for reliability and allow termination of the contract when the cloud system fails to meet them. 
- Allow the customer to verify that the cloud vendor has adopted best practices for protecting data 
- Provide for the customer to receive their data when the contract with the provider ends and ensure that all copies of data on the vendor’s servers are deleted.

One particular case shows how current laws are behind technology in addressing security in the cloud. In 2011 Cloudflare was the hosting site for the LulzSec hacking group, which later became defunct. So far Cloudflare has avoided any government action in spite of many complaints. The San Francisco-based provider made the argument that LulzSec used a free account, which required a minimal amount of credentialing and that the authorities have never asked it to shut any accounts down. This is somewhat shocking, given how Lavabit was easily forced to shut down, allegedly as a result of influence from NSA.

One of the disadvantages of cloud computing is that it became popular so quickly. As a result, the legal system has not caught up enough to address many of its underlying issues. Customers should resist the urge to go the cheap route by using boilerplate contracts designed for conventional vendors and instead use more modern contracts that address the technology better.




Edited by Blaise McNamee
Article comments powered by Disqus


Free Trials

See For Yourself Why So Many Trust Flexera Software Solutions

Featured White Papers / eBooks

eBook: How Can You Monetize the Internet of Things?

eBook: How Can You Monetize the Internet of Things?
This eBook provides 5 tips for leveraging your intelligent devices and apps to gain higher revenues, competitive advantages and lower costs as well as discusses software monetization and licensing use cases and success stories...

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution

eBook: 10 Reasons to Buy a Purpose-built Software Monetization Solution
Read this eBook that arms you with 10 reasons to buy – and not build - that can be used to develop the business case for leveraging a commercial Software Monetization solution...

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?

eBook: How Do I Transform My Hardware Business and Supply Chain Processes to Support a Software Business?
This eBook discusses the hardware to software shift, the changing business requirements for successfully managing a software business and provides guidance on next steps...

Featured Press Release

Featured Webinars

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend

Networking Leader Shares Why Transforming their Business was Key to Leveraging NFV Market Trend
Attend this webinar to hear Richard Jenny, Director of Program Management and DevOps with ADVA Optical Networking discuss why they decided to leverage a Software Monetization platform instead of building their own software licensing, entitlement management and software update solution.

Expert Panel: Software Monetization Trends and Best Practices with IDC and Flexera Software
Join Software Monetization experts as they share predictions and best practices on the topics that are driving transformation in the technology industry. If you are a software vendor looking to adopt new subscription, usage and outcome-based business models or a device manufacturer looking to monetize your software and establish recurring revenue models, this panel discussion will address all these issues as well as the impacts of cloud, virtualization and IoT.

Webinar: Software Monetization Maturity Model - How to Get Your Organization to the Next Level
Application producers are faced with many challenges as they try to grow revenue and streamline back-office processes, and those that are thriving have adopted a strong and well thought out software monetization strategy