Managing risk: 5 ways you can be liable in the cloud

Understand your liability risks when choosing your cloud provider.

risk complexity tightrope
Thinkstock

Pricing, scale and reliability are all important factors when choosing a cloud provider, but they are only the tip of the iceberg. You must also ensure your data and the network are protected, and you want to select a provider with offerings that work for you and your growing company. Furthermore, you need to understand your liability risks in the cloud and how your users, suppliers, subcontractors and providers impact it.

These risks often get overlooked by most CIOs of small- and medium-sized companies, but they are just as important (or more important) as price, scale, and reliability. In other words, they can be the unseen part of the iceberg that actually sinks the ship. Furthermore, having clarity on these risks will be necessary to successfully sell to the large players in regulated industries such banks or the public sector. That is why it is important to read the fine print and ask the tough questions.

Transparency (or lack thereof)

Are you able to clearly identify the suppliers and subcontractors on which you rely to provide a service or build a product and communicate this list to your customers in a transparent manner? Are your own suppliers and subcontractors able to do same? In an increasingly complex world, the inability for a company to be transparent in its business practices is often considered a red flag, especially in a cloud environment. It suggests that the company has something to hide or does not have adequate control of its business. The ability to be transparent about your suppliers and subcontractors and being accountable is one important way to reduce your liability and gain the trust of your customers.

Open source

The cloud has certainly embraced open source applications. It is impossible to describe the infinite software business models operating in the cloud. The range spans from the traditional, tightly controlled proprietary enterprise software to the completely unhindered open source models. This is a boon for cloud users. The vast number of options gives cloud users the flexibility to adopt the software that works best for their business and allows them to nimbly migrate to different models as their companies expand.

While tightly controlled proprietary software certainly has its drawbacks, open source also has its challenges. For example, given the vast number of open source components used in a software application and their different licensing requirements, generating the various notices and attributions the open source licensing world requires can be daunting. An additional factor that complicates this issue is that you not only have to worry about how you use the open source software, you also must ensure you are covered for the open source software your cloud provider incorporates in its services in a way commensurate with your licensing terms. Just presuming your cloud provider is going to assume responsibility for this can lead to trouble because many will not.

Copyright

One of the big advantages of the cloud is the ability to run your applications in a system which scales as your business grows. Unfortunately, your exposure for copyrighted materials you or your users upload to your platform grows in a similar manner. Make sure to implement a process for notice and take down to handle requests from copyright owners alleging that some content infringes their rights.

Patent risk

A wise tech-investor once told me, “You really know when your company has made it the day you get sued by a patent troll.” Patent trolls are companies that don’t actually make or sell anything; they just own a bunch of patents and sue operating companies for infringing them. Patent trolls can wreak havoc on small- and medium-sized businesses, as small-businesses can’t afford to fight a patent troll. Even worse than a patent troll is a large competitor trying use the patent system to wipe you off the map.

Moving to the cloud can present new risks on the patent side. As with any migration to a new technology, patent litigation related to cloud computing is on the rise. You can be liable for patent infringement by your own SaaS application, but also for infringement by your cloud provider service or the open source it uses. Cloud providers handle the patent-risk question in a variety of ways. Some indemnify, or at least partially indemnify, depending on how much of the patent claim is related to the cloud service and how much is related to the cloud customer’s underlying business needs. A few others will also give you access to their patent portfolio so you can countersue (i.e, create leverage) against a competitor who has sued you. How a cloud provider handles these issues can be a “make it or break it” factor for a small business.

Unavailability of a service

There are many reasons why your service may go down. You can suffer a cybersecurity attack which takes down your system, or you can face a regulatory compliance issue which requires you to stop operating the out-of-compliance service. These issues can also impact your cloud provider and prevent you from running your service. In any case, you may face hefty penalties from your customers, as they can’t use your service. Contract terms often try to address these risks by clarifying what’s covered and what’s not.

As you can surmise, the issues above are all interrelated. An “open source” issue can actually come at you as a patent or transparency issue, and service becoming unavailable can actually be triggered by an injunctive relief order from a court for patent infringement or for an open source question. Make no mistake: The cloud is a great platform on which to do business. Besides offering efficiency, limitless scaling, and reliability, it is often safer than trying to run your own network, or worse yet, paying an outside contractor to run a standalone network for you. At the same time, you must know the potential downsides in order to choose the best cloud option for your company’s needs.

This article is published as part of the IDG Contributor Network. Want to Join?

SUBSCRIBE! Get the best of CIO delivered to your email inbox.