Cloud computing has its many benefits, but as with all products delivered by service providers, there are risks involved for companies who choose to place their data in the hands of a third party. For CFOs, the possibility of an entire database of financial data disappearing overnight is truly the stuff of nightmares.
Erik Laykin, Managing Director of
Duff & Phelps LLC, a U.S-based international consulting firm serving Fortune 100 customers, sat down with Carol Ko from
Asia Cloud Forum (CFO Innovation’s sister publication, owned by Questex Media) to discuss the potential problems of data retrieval from a cloud computing facility, if a service provider unfortunately goes bankrupt or gets acquired.
What are the problems of data recovery if a cloud computing vendor goes bankrupt or gets acquired by another company?
In an ordinary bankruptcy or in a Reorganization Bankruptcy under Chapter 11 of the United States Bankruptcy Code, the cloud computing provider that is going out of business would be reorganized and would be able to continue to function as a business. There would be ample notice given to the owners of the data, so that they would be able to transition the data to a new system through which the data may be preserved. Or, as a result of the reorganization, the cloud computing provider may continue to operate it’s systems in a normal fashion and under the supervision of the administer or trustee of the bankruptcy.
But in more severe cases where the business ceases to function and goes into liquidation, one faces several interesting questions. For example, how will a company be able to provide assurances that the data that they are hosting will not be deleted, erased, destroyed, moved, transferred, or otherwise made inaccessible? Will the system that is housing the data become entangled in litigation, seized, locked down or made inaccessible because there are no employees to maintain the system? The data may still be there, but there is nobody there to access the system. There is a wide variety of scenarios where the owner of the data may all of a sudden lose access to his or her data.
In that case, one must question the adequacy of backups and ask whether or not there is a secondary, off-site location where a mirrored copy of the data is kept. This is part of disaster recovery (DR) contingency planning.
Today, DR must involve the company as well as third party providers that are providing infrastructure to run the business—and today that infrastructure often involves cloud computing.
A business that is leveraging cloud computing infrastructure to support that business should have a contingency policy. This policy allows another “alternative” provider to step in and handle cloud computing systems, should the original provider go out of business.
Insurance companies will start to write policies to cover these types of failures. In this case, if there is a third-party cloud computing provider that goes out of business, insurance coverage may include “cyber coverage” that allows the company to maintain another third party system. Hopefully your Contingency Policy will have already identified whom the new providers will be and they will have been endorsed by your insurance carrier.
What are the legal rights of companies in recovering their data from hosted data centers?
Legal rights are determined based on the terms in the service level agreement (SLA) entered into with the service provider. A company can give away all of its rights, or it can retain all of its rights. Always read the fine print in the agreement carefully and be prepared to negotiate with the service provider.
As a buyer of services, don't be intimidated by the contract that the seller of the services presents to you. Read it in its entirety. If you don't agree with it, consult legal counsel to make sure the agreement protects your rights and your reasonable and defensible ability to collect the data.
2012, Feb 09 
0 comments
Print
Digg