January 30, 2012 | Written by: Joydipto Banergee
Share this post:
Okay, so here’s something different to reflect upon. By now we all know the benefits that cloud computing brings and how it promises to be a game-changer in the days ahead. However despite all the buzz surrounding cloud computing, a nagging concern remains – who will ultimately be held responsible if the cloud flounders for whatever reasons? The accountability word hangs like the proverbial Damocles sword on any potential cloud customer.
Could this be one of the prime reasons why a mass adoption of cloud services for critical IT systems is still not on the horizon, although organizations are increasingly looking to engage the services of external cloud providers?
Let’s take the bull by its horns instead of beating around the bush. The inherent risk associated with giving up your responsibilities to a cloud provider is what if the latter falls short on its commitment to deliver? The results of such a catastrophe can lead to business breakdown such as loss of sensitive data, system downtime leading to loss of revenue, financial penalties, and even loss of current and potential customers. If the particular cloud provider services large companies, governments, and others, then we are talking of an even greater loss or potential disruption in economy, if anything goes wrong on the part of the service provider. The question here is who is accountable in case of such a mishap? Is it solely the cloud provider or is it a shared responsibility between the cloud service provider and the service user? There is no definite and single solution!
One might argue that because the disaster happened at the cloud service provider’s end, the provider is the one who should compensate. However, the drawback of such a scenario is that it would threaten the viability of the cloud business model, because it would be difficult to find a provider who assumes the sole responsibility of a failure, without raising the prices dramatically.
The problem is compounded if multiple cloud service providers are involved – a scenario where one cloud provider acts as a customer front end, and in-turn “outsources” the cloud services to other service providers. In such a chained service environment, the question of liability becomes all the more complicated because there is no clear indication of who will bear the financial burden.
Then again, there could be scenarios where the customer enters into a business agreement with one cloud provider, negotiating a specific service level agreement (SLA) and risk clause; in due course, the cloud provider might be taken over (acquired or merged) by a different provider. In this new business environment, there is no guarantee that the new cloud provider would honor the existing SLAs and agreements.
One way to overcome the problem is of course to acquire adequate insurance that covers various IT-related disasters, security breaches, and disruptions. However, remember that risk insurance is costly. The high premiums might offset the price advantage that cloud computing brings, thus defeating the very purpose for going to cloud! This is especially true for small and medium businesses that are thinking of adopting cloud services.
And if all this is giving you jitters and making you have second thoughts about going to cloud, think of the alternative – maintaining everything in your own in-house data center with prohibitive costs. But this scenario also does not guarantee that there will be no chance of smoke here also!
So how does one deal with the issue? To start with, potential cloud users should read the fine print before signing up with a cloud service provider. They should be aware of the risks associated and what exactly is covered in case of unforeseen disruptions in the IT services. They should also have a proper contingency plan of their own to deal with such eventualities.
The cloud service providers should clearly spell out the limit to their obligations and not leave anything to assumptions and interpretations. There is no point in pretending that they have nothing to lose and promising to be the panacea for all the customers’ problems. Also, if the providers are using the services of other service providers and operating in a nested environment, it is important to clearly state the boundaries of accountability for each stakeholder in the chain.
Remember, the last thing you want is to get yourself entangled in cyber-related “legalese” – and that holds true for both the cloud service provider and consumer.