Telcos make best cloud providers: lawyer


Cloud computing a “general counsel’s nightmare”.

Networking and telecommunications companies were most likely to succeed as cloud computing providers, according to Gilbert & Tobin partner Peter Leonard.

Speaking to the International Association of Privacy Professionals (iaapANZ) in Sydney yesterday, Leonard addressed contractual concerns in establishing cloud service agreements.

Enterprise-grade cloud services called for more control, customisation, data integrity, data portability and accountability than typical consumer services, he said.

And while flexible, scalable cloud services may be "a CIO's dream", they were also a "general counsel's nightmare".

Cloud arrangements typically involved various components, including a vendor's terms of service, terms and conditions, service level agreements, privacy and acceptable use policies.

Leonard highlighted several risks of enterprise cloud computing, including platform complexity, jurisdictional borders, infrastructure, third-party data access, and the potential insolvency of a cloud provider.

The most secure cloud service providers were those that were highly invested in protecting their reputation and customer trust, he said.

He highlighted Cisco as one such vendor for whom controlling network vulnerabilities was central to its business.

"The reputational damage they [Cisco] will suffer in the event of data losses and vulnerabilities are a very, very powerful influence on their behaviour," he said.

"You can have the best contract in the world; If you've got it with a straw man, it's not worth lighting a fire with."

Telecommunications companies were also likely to succeed in the market, he said, since they had greatest control over the service delivery mechanism.

Optus in October launched its cloud solutions suite that offered customers "slices" of computing power and storage from a data centre in Sydney.

Telstra's upcoming 'Silver Lining' service also was expected to offer server and storage infrastructure as a service to Australian enterprise and government customers.

Both offerings were underpinned by VMware, EMC and Cisco technology.

"Telecommunications carriers have particular advantages by managing all the parts of the infrastructure," Leonard mused.

"I think what we will increasingly see is telecommunications companies becoming either the primary cloud providers or entering into joint ventures with providers like ... in order to support the delivery of service."

New age outsourcers

Leonard described cloud computing arrangements as "nothing more than an outsourcing contract" - with the added complexity of data that could be offshored and moved across international borders.

David Pegrem, Head of IT Risk at the Australian Prudential Regulatory Authority, agreed.

"Concerning clouds ... we don't consider that the rules of the game have changed," he said, noting that APRA enforced the same obligations for cloud services as for outsourcing.

Financial institutions were bound by APRA's 2006-7 outsourcing standards and are required to consult with the authority prior to offshoring data.

APRA also encouraged institutions to implement appropriate risk and governance processes, ensuring their abilities to meet core obligations in the face of service provider failures.

So far, APRA observed limited adoption of cloud services by Australian financial institutions in areas like customer relationship management, messaging and collaboration, and "private clouds".

But "the profile is changing", he said, highlighting targeted offerings from Microsoft, IBM, Amazon, Google,, Fujitsu, HP/EDS, CSC, Oracle and Cisco.

Copyright © . All rights reserved.

Telcos make best cloud providers: lawyer
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
Sign up to receive iTnews email bulletins
Latest Comments
In which area is your IT shop hiring the most staff?

   |   View results
IT security and risk
Sourcing and strategy
IT infrastructure (servers, storage, networking)
End user computing (desktops, mobiles, apps)
Software development

Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results