Keep Your Legal Feet on the Ground when Migrating to the Cloud

Running a business today is about being better, faster and staying competitive. Companies of all sizes are currently evaluating the prospective efficiencies of moving their business operations to a cloud-based environment to save time, money and resources – as well as leveraging the expertise of specialized information technology companies. In fact, a 2012 study from IDG Enterprise found that 71 percent of U.S. companies expect to increase spending on cloud services in the next 12 months. The technology benefits of migrating to cloud-based operations are considerable, but it is also important to perform proper due diligence around these process and environment changes. It is critical for the stability of your organization to consider how internal policies and controls may need to be adjusted to protect against associated legal risks.

Most companies view the migration to cloud-based operations strictly as a technology initiative without considering the legal implications. As a result, internal IT personnel typically serve as the primary advisors to help executives make critical decisions about moving operations to the cloud. What is essential for companies to consider is that while IT plays a critical role, IT personnel may not consider the non-technical ramifications. Without the value of issue-specific counsel, executive management may be making decisions based on projected technology benefits without a clear understanding of the associated risks and a business plan to mitigate them. The ability to clearly balance the benefits and the risks of a cloud migration requires an interdisciplinary approach across company departments such as HR, accounting and legal.

This is an emerging area of corporate infrastructure that blends IT with legal advisors. The convergence of technology and policy has never been more important. Both groups have many common concerns, such as the security, retrievability and recoverability of company information. But the primary focus of IT is operational functionality and efficiency, not potential legal ramifications. Lawyers are able to advise on how technological changes affect legal, regulatory compliance, workforce and HR issues, and contractual matters in order to minimize risks associated with a cloud migration. Both provide important perspective and communication among all parties – which is crucial to creating a common understanding and collaborative effort. So what are some of the legal pitfalls companies could encounter? For starters, there is the consideration of information security. Companies that have invested heavily to create strong data security protocols within their own walls are now trusting a third party with extremely sensitive data. Data security may actually be enhanced by a transition to the cloud, as studies show on-premise IT infrastructure is more likely to be attacked with greater frequency and variety than cloud-based infrastructures. But, not all cloud companies and technologies are created equal. It is important to involve legal advisers, along with IT experts, to thoroughly investigate the certifications, protocols and controls offered by a potential cloud vendor. Legal counsel can also alert management to the various risk allocation provisions of the service agreement, such as liability limitations, indemnification provisions and choice of law provisions. Entities holding personal, financial or medical data need assistance to ensure they remain in compliance with laws governing the protection of such data as they move to the cloud. Insightful legal counsel can assist with the evaluation of a vendor and ensure service provider contracts and service level agreements provide data security protections to the customer, reasonably allocate risk and include appropriate remedies. Many companies are taking advantage of cloud-based operations to enable a more mobile workforce to stay connected with the office and each other. The cloud can enhance a company’s ability to train and communicate with employees and provide workforce provisioning as a self-service model to access and update work assets (laptops, smart phones, tablets) that help them perform their jobs. This can save the company time, money and resources, as well as enable initiatives like BYOD (bring your own device). But companies are also sacrificing some control over those tools and resources. Current policies and procedures that were effective in a pre-cloud world may cease to protect the company and its information following a transition to the cloud. These are only a few elevated issues for corporate executives to consider when planning their cloud-based operations migration, or as a follow-up to a recently completed migration. Companies must strike the right balance between technical advances and risk exposure. As technologies change, companies need to determine the level of access and control they want to provide to employees and then establish clear, appropriate and enforceable policies. Migrating operations to the cloud is becoming an essential part of competitive business as companies realize the benefits of outsourcing key operational functions because of progressive technology advancements. The cost savings and improved productivity give companies a competitive advantage. But it is imperative that companies keep their legal feet on the ground – so to speak. They need to fully understand the underlying risks, how to take proactive measures and put proper policies in place. The best way to achieve this is by consulting with experienced legal counsel, along with their IT personnel, to avoid threatening the long-term success of the company. It’s just smart business!

Related Articles:

• Is It Time for a BYOD Policy?
• Is Your Cloud Migration Legally Secure?
• Negotiating a Cloud Services Agreement
• The Legal Side of Bring Your Own Device (BYOD)

For more information contact Bryan T. Allen

Return to Data, Security, Privacy & the Cloud Services Page