Document Type
Article
Abstract
Cloud computing is being hailed as the future of information technology (IT) architecture. It is projected that by the year 2018, service-based solutions will be a major medium for delivery of information and other IT functions at both the consumer and corporate ranks. Cloud computing transfers the application software and server-based databases to the centralized large data centers, where the security measures taken by cloud providers to safeguard the data entered into the cloud may not be fully trustworthy. With the explosion of data being entered and managed by electronic means and the increasing prevalence of identity theft cases, data security for consumers and businesses sharing their data in the cloud is paramount.
The young archetype of cloud computing brings about many new legal challenges, given the breadth of data breaches and fluid creation of new laws and regulations in the United States and abroad. While privacy and data security are closely linked, they are slightly different in terms of legal obligations and approach. As such, privacy will not be the focus here. This Article studies the issues that cloud computing providers face in ensuring the integrity and security of data storage in the cloud and how those cloud providers can build trust among potential and existing U.S. company customers.
Due to its brief history, there has not been extensive research published or comprehensive review on cloud computing. The issues created by cloud computing are new and still open for debate among scholars and, more importantly, for the data holders, and the judicial and legislative bodies. Thus, the domain of research available to write this is rather thin. While challenging to find established research on cloud computing, this Article attempts to prompt further discussion on the new legal issues raised by this topic.
Various state and federal laws mandate a wide variety of security requirements for the holders of certain data to ensure privacy and prevent identity theft, among other worries. For U.S. companies to ensure the trust of their customers and avoid litigation, compliance with these laws and regulations is a must. If the subject data is shared with a third party cloud computing provider, the company must ensure that the provider will maintain the company’s data security obligations.
However, this outsourcing of data storage and processing does not relieve the company of its data security obligations. Rather, the company remains liable for potential breaches of the data being exposed to outside persons. Thus, the U.S. companies that employ cloud computing as a method for doing business must perform the due diligence on, and obtain the contractual obligations from, the cloud providers they utilize. U.S. companies are pressed to gain written assurances that they can trust the cloud provider and perhaps relieve themselves if certain liabilities. It is this trust that cloud providers must create and implement for the cloud computing model to be successful. As I will assert herein, there are reasons for needing this trust and solutions for gaining it.
Recommended Citation
Jared A. Harshbarger,
Cloud Computing Providers and Data Security Law: Building Trust with United States Companies,
16 J. Tech. L. & Pol'y
(2011).
Available at: https://scholarship.law.ufl.edu/jtlp/vol16/iss2/2