With the promise of cost savings, reduced maintenance and improved collaboration, cloud services are transforming the way that businesses approach IT.
The demand for these services is higher than ever; Microsoft’s recent ‘sinking’ of a data centre off the Scottish coast highlights the continued level of research and development being invested into cloud services.
The experiment, known as Project Natik, is to determine whether energy costs can be reduced by cooling the data centres that power cloud services underwater. If the project is successful, it will pave the way for a faster, smoother and more accessible internet experience. More than half of the world’s population lives within roughly 120 miles of the coast. Microsoft have stated that by placing their data centres near coastal cities data would have a shorter distance to travel equating in faster cloud services.
As the demand for the cloud continues to grow, it is important that organisations understand the risks that are associated with it, as well as how they work.
What are cloud services?
Cloud services are essentially a form of IT outsourcing. Traditionally, outsourcing IT involved the actual technology staying on the customer’s premises and the human resource required to manage the process being provided by a third party. With cloud services, this concept is turned on its head with the technology being owned and operated by the supplier.
The cloud therefore enables you to access technology that is not in your building through an internet connection. That technology can be anything from software such as your accounting package, a CRM system or infrastructure such as a server or backup drive. Cloud services come in a wide range of shapes and sizes from public, shared cloud, to private cloud to managed, hosted services.
In the case of Microsoft, their customers are essentially paying to rent the technology from them instead of having to make the investment in it themselves. For example, instead of having a large upfront cost to buy an email server that will eventually age and need to be replaced, they pay a recurring subscription fee for a cloud-based service and have no maintenance or replacement costs.
What are the benefits?
The cloud has the potential to offer multiple benefits to organisations.
One of the benefits is illustrated by Microsoft’s efforts to reduce the heat generated by their data centres. When investing in cloud services you are outsourcing the associated costs as well as the technology. Microsoft is responsible for heating, cooling and powering the technology not their customers.
The cost is also, in some cases, a saving in comparison to traditional outsourcing models. You do not have to invest in hardware or the infrastructure to support it. The capital expenditure of purchasing a new server every five years disappears, making budgets easier to manage through monthly subscription costs.
It’s also important to consider what the actual technology will offer to your business. Depending on the services you choose there are different operating advantages to migrating to the cloud. You may gain more mobility and collaboration from new software features or you may gain better business continuity through innovations like cloud backups.
What are the risks?
The main difference, and risk, between the cloud and traditional IT outsourcing is the loss of control.
With traditional outsourcing, there is a lot more scope for negotiation in terms of the level of service being agreed. The customer can dictate what service levels are needed to support different areas of your business, what subcontractors are involved, when maintenance occurs and the level of security. Your data is always within your physical control.
Where cloud services are a shared infrastructure, you lose much of that control. Public cloud is a standard service with a pre-set specification that you choose to purchase or you don’t. You have little control over the level of service or how the service will evolve. As you move along the shared-to-private scale of cloud services, more control moves back to customers (although often at the expense of some of the benefits).
In both scenarios, your data is physically under the control of a third party, so you could have access denied. It is therefore imperative for any business to conduct a risk assessment before moving to the cloud to understand the impact on its business if data was to be unavailable due to internet failures, breach of contract by the cloud service provider, disaster recovery situations or insolvency.
What is involved with terminating a contract?
It’s important to structure and view your exit from a cloud services contract in the same way you would with traditional outsourcing. You need to make sure that the exit provisions are detailed in the contract and that it is transparent about how you gain access to your data, the service provider’s obligations to transfer service back to you and any costs associated with that. Ensuring these provisions are there is crucial to ensuring you are not locked in and unable to move because you can’t gain access to your data.
What do businesses need to consider when exploring cloud services?
If cloud services are being considered as a step in an organisation’s IT strategy then the benefits and risks need to be carefully examined. In addition to this, it’s important to ensure that the chosen solution is GDPR compliant and that some form of privacy impact assessment has been carried out.
Investing in cloud services is a decision that needs to be made whilst considering all aspects of the service on offer, from purchase to exit. It’s essential that businesses understand the technology and how it will impact heir resources.
Our Insights and Resources are recommended for businesses considering migrating to cloud services. We will update you regularly with information from our legal experts on technology law and data protection, as well as other sectors and services you may be interested in.
About the author(s)
Gowling WLG is an international law firm operating across an array of different sectors and services. Our LoupedIn blog aims to give readers industry insight, technical knowledge and thoughtful observations on the legal landscape and beyond.