2017’s lessons for the public cloud – a lawyer’s response

Jon Topper made a strong case for moving to public cloud. “Businesses that are not currently on the public cloud are behind competitors by 3-4 years.” 

We are living through an uncertain era. Brexit is creating uncertainty over the UK economy and the pound is under continued pressure. Banks and other employers are threatening to move employees from the UK to other parts of the EU. President Trump seems to favour the UK and has made encouraging gestures on a trade deal but has been lukewarm towards the EU generally. So surely you’d be mad not to take advantage of the benefits of public cloud and DevOps, especially if your competitor has already.

Topper also says DevOps is key to making the switch to public cloud and security investment will continue to rise. Even the Government Digital Service has finally come off the fence and declared public cloud secure enough for most of the public sector. Even the regulators are comfortable with cloud. The Financial Conduct Authority, Information Commissioner and the Solicitors Regulation Authority have all issued cloud-friendly papers.

As the old adage goes, you should look before you leap and this is true of any leap into public cloud. Some cloud providers I’ve advised have asked for a tough set of terms with their customers. As it’s a commoditized, standardised, low-margin service, they pass the risks to the customer. I also advise potential customers of cloud. By the time they’ve decided to talk to me, they are generally aware of the risks of using public cloud and I know the terms to look at.

Here be dragons

Public cloud with DevOps has many advantages but can catch out the unwary. Let’s face it, only lawyers read terms and conditions. So if you click on the accept button or sign on the dotted line without reading them, you might not even know the risks you’re taking on. Here are a few of the common risks which cloud providers pass to customers:

  • Some public clouds are provided “as is” with no promises over quality or fitness for purpose. The service might suit your needs, but it’s up to you to verify it can do what you need. There will be no comeback against the provider
  • If you’re used to the old style of waterfall IT delivery, are you and your CTO ready for the agile, continuous and, frankly, vague nature of DevOps?
  • If your public cloud fails, the most compensation you can get is often service credits. Even if you suffer a week long outage or even a complete failure of service
  • Your data might be stored in the USA. The law allows for international data transfers so that’s not necessarily bad. But if you’ve promised your customers you won’t transfer their data outside the UK/EU, you might be in breach of your contracts with them
  • You will generally retain ownership of your data, but you might have a limited time to migrate it at the end of the contract. Also, you might have given the cloud provider an unlimited licence to use itBy all means, move to public cloud with DevOps. But make sure it’s fit for your purpose, not just the provider’s.
+ posts

Meet Stella


Related articles

Raising talent attraction and retention with IT investment

To be at the centre of talent attraction and retention, businesses should make use of workplace technology that enables them to integrate collaborative, secure and sustainable measures into their operations.

How NIST started the countdown on the long journey to quantum safety

Leading the charge to develop a post-quantum cryptographic standard for organisations is the US government’s National Institute of Standards and Technology (NIST).

Overcoming economic uncertainty with cloud flexibility

Particularly for companies that jumped into the cloud headfirst, taking the time to optimise existing processes is a remarkable way to reduce infrastructure costs and free up OPEX for delivering business value.

“The need for speed” – Finding a way to unlock agility for today’s businesses 

To fully support agility, the solutions chosen will need to enshrine all the latest innovations in areas like artificial intelligence, machine learning or prescriptive analytics.

Preventing data sovereignty from confusing your data strategy

The reason why sovereignty is so important, is that it enables organisations to be innovative with their data and deliver new digital services. Historically, there has been a distinct lack of trust in the cloud, leading to a lack of innovation.

Subscribe to our Newsletter