2017’s lessons for the public cloud – a lawyer’s response

Jon Topper made a strong case for moving to public cloud. “Businesses that are not currently on the public cloud are behind competitors by 3-4 years.” 

We are living through an uncertain era. Brexit is creating uncertainty over the UK economy and the pound is under continued pressure. Banks and other employers are threatening to move employees from the UK to other parts of the EU. President Trump seems to favour the UK and has made encouraging gestures on a trade deal but has been lukewarm towards the EU generally. So surely you’d be mad not to take advantage of the benefits of public cloud and DevOps, especially if your competitor has already.

Topper also says DevOps is key to making the switch to public cloud and security investment will continue to rise. Even the Government Digital Service has finally come off the fence and declared public cloud secure enough for most of the public sector. Even the regulators are comfortable with cloud. The Financial Conduct Authority, Information Commissioner and the Solicitors Regulation Authority have all issued cloud-friendly papers.

As the old adage goes, you should look before you leap and this is true of any leap into public cloud. Some cloud providers I’ve advised have asked for a tough set of terms with their customers. As it’s a commoditized, standardised, low-margin service, they pass the risks to the customer. I also advise potential customers of cloud. By the time they’ve decided to talk to me, they are generally aware of the risks of using public cloud and I know the terms to look at.

Here be dragons

Public cloud with DevOps has many advantages but can catch out the unwary. Let’s face it, only lawyers read terms and conditions. So if you click on the accept button or sign on the dotted line without reading them, you might not even know the risks you’re taking on. Here are a few of the common risks which cloud providers pass to customers:

  • Some public clouds are provided “as is” with no promises over quality or fitness for purpose. The service might suit your needs, but it’s up to you to verify it can do what you need. There will be no comeback against the provider
  • If you’re used to the old style of waterfall IT delivery, are you and your CTO ready for the agile, continuous and, frankly, vague nature of DevOps?
  • If your public cloud fails, the most compensation you can get is often service credits. Even if you suffer a week long outage or even a complete failure of service
  • Your data might be stored in the USA. The law allows for international data transfers so that’s not necessarily bad. But if you’ve promised your customers you won’t transfer their data outside the UK/EU, you might be in breach of your contracts with them
  • You will generally retain ownership of your data, but you might have a limited time to migrate it at the end of the contract. Also, you might have given the cloud provider an unlimited licence to use itBy all means, move to public cloud with DevOps. But make sure it’s fit for your purpose, not just the provider’s.
+ posts

CIF Presents TWF – Professor Sue Black


Related articles

How Businesses Should Tackle Big Data Challenges

In today's data-driven landscape, Big Data plays a pivotal...

UK IP Benefits and How to Get One

There are many reasons why you may get a...

Navigating the Landscape of AI Adoption in Business

In today's rapidly evolving technological landscape, the integration of...

Three Ways to Strengthen API Security

APIs (Application Programming Interfaces) are a critical driver of...

A Comprehensive Guide To The Cloud Native Database [2024]

Databases are crucial for storing and managing important information....

Subscribe to our Newsletter