SDN Journal Authors: Elizabeth White, Yeshim Deniz, Liz McMillan, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Microservices Expo, Containers Expo Blog, Agile Computing, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Moving Your Company’s Application or Service into the Cloud?

Beware of what your customers will expect

A number of studies I’ve recently read indicate that more enterprises will use cloud services in 2013 than ever before.  This fact is not lost on many of my software vendor clients, who are transitioning many of their on-premises products into cloud-based offerings.

The problem many of these vendors are facing is the inability to address data privacy and security demands placed upon them by their customers due to the weak contractual protections offered by the vendor’s hosting providers.  As a result, the time and cost savings expected by leveraging the cloud model are lost by extended contract negotiations between the vendor, customer, and hosting provider.

Here is a typical example:

  1. Software vendor wishes to offer its cloud-based service to a financial services company.
  2. The financial services company sends the software vendor its detailed requirements for information security controls, data privacy, breach detection and response, security program details and systems, disaster recovery, encryption, physical security, and data destruction and certification.
  3. Software vendor reviews the contract with its hosting provider to determine whether the financial services company’s security requirements can be met.
  4. Software vendor discovers that its hosting provider only commits to something like “we will implement reasonable and appropriate measures designed to help you secure your content against accidental or unlawful loss, access or disclosure.”  (See, for example, Amazon’s Web Services Agreement, Section 3.1.)
  5. Panic ensues.

Generally, at this point the software vendor is left with a couple of options:  One, attempt to renegotiate its hosting provider contract to incorporate the voluminous information security controls demanded by its financial services company customer, or two, convince the financial services company to drop its demands and accept language similar to Amazon’s above.  You can guess how well each of these options will work out.

So what is a software vendor to do?

Before accepting a hosting provider’s contract, know your target customer base.  Are your customers regulated by laws like Gramm-Leach-Bliley or HIPAA?  Is your service likely going to be storing sensitive information of your customers?  If the answer to these or similar questions is yes, then selecting a hosting provider willing to accommodate and contractually commit to specific data security protocols is paramount.  Many enterprise users are feeling both internal and external pressure to shave costs and move certain services and data into the cloud – even if doing so creates heightened risks and liabilities.  But simply explaining to these users that “our hosting provider doesn’t provide these assurances” usually won’t cut it.

In my next post, I’ll discuss certain tactics software vendors can use with their hosting providers to create more robust and meaningful protections for them, and their customers.

More Stories By Dan Pepper

Dan Pepper is the managing member of Pepper Law Group, LLC, a boutique technology law firm, and has spent nearly 20 years in the information technology law field, including acting as in-house counsel for Oracle Corporation. He presents at conferences worldwide on the legal risks associated with cloud computing.

CloudEXPO Stories
DXWorldEXPO LLC announced today that Big Data Federation to Exhibit at the 22nd International CloudEXPO, colocated with DevOpsSUMMIT and DXWorldEXPO, November 12-13, 2018 in New York City. Big Data Federation, Inc. develops and applies artificial intelligence to predict financial and economic events that matter. The company uncovers patterns and precise drivers of performance and outcomes with the aid of machine-learning algorithms, big data, and fundamental analysis. Their products are deployed by some of the world's largest financial institutions. The company develops and applies innovative machine-learning technologies to big data to predict financial, economic, and world events. The team is a group of passionate technologists, mathematicians, data scientists and programmers in Silicon Valley with over 100 patents to their names. Big Data Federation was incorporated in 2015 and is ...
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
All in Mobile is a place where we continually maximize their impact by fostering understanding, empathy, insights, creativity and joy. They believe that a truly useful and desirable mobile app doesn't need the brightest idea or the most advanced technology. A great product begins with understanding people. It's easy to think that customers will love your app, but can you justify it? They make sure your final app is something that users truly want and need. The only way to do this is by researching target group and involving users in the designing process.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.