In a
However, there is a vast business opportunity in cloud computing for the industry, one that will play a vital role in building confidence in this emerging computing model.
Drew Bartkiewicz, who carries the very cool-sounding title of “vice president of cyber risk and new media markets,” at The Hartford, recently spoke on these issues at the recent Cloud Summit, and his talk was covered by
It may sound like Bartkiewicz has a fun job, but his task is deadly serious. Many companies aren’t fully aware yet of the risks in the cloud and Web 2.0 models, where data is exchanged between sites and users that may be beyond the control of cloud providers and their clients. Bartkiewicz runs the business line that insures cloud operators, and eventually cloud consumers. (Their Web site is
As Bob Evans put it, Bartkiewicz put things into perspective, maintaining a “sharp focus not so much the technical sides of cloud computing's security challenges, nor the over dramatized hand-wringing of Google being down for a few hours, but rather the huge legal exposure that exists and the glaring lack of awareness about those laws …”
Bartkiewicz spoke of the need for businesses to protect themselves against "information malpractice." Cloud computing advances are “outpacing CIOs, acquisition directors, lawyers and legislators ability to interpret, protect against and regulate the associated risks.”
For example, if one customer creates problems, and causes issues for other tenants, the cloud operator can be held responsible. Of course, this could wreak havoc on the financial viability of the cloud vendor. There are other numerous privacy and data security laws and regulations that play into the equation as well.
“Many companies have such glaring holes in what they know about the large and growing body of law and regulations around privacy and information-retention and archiving and FRCP at all levels of government and across more and more industries, we often hear clients who are being sued say things like, 'I had no idea there was a rogue employee working in the cloud' or 'I had no idea we had to inform people in 48 states every time we do this or that' or 'I didn't know you couldn't do contextual advertising in Germany' —right, and that's because over there they call it 'surveillance," Bartkiewicz said.
Don’t turn to traditional errors & omissions policies to cover liability issues among cloud providers either, Bartkiewicz cautioned. These policies don’t always cover E&O by third-party providers, such as cloud operators, or impacts on non-clients. “For example, if your mistake damages multi-tenant cloud, you've created an error for people you don't have any relationship with.
"Traditional insurance was created for a world that no longer exists," Bartkiewicz said.
For more details about the risks of the cloud and Web 2.0 model, check out this
Joe McKendrick is an author, consultant, blogger and frequent
The comments made by bloggers on