The first time a client brought intellectual property lawyer Janine Anthony Bowen a cloud computing contract to look over, her reaction was, essentially, "These people must be nuts."
"I read the clause saying the service provider would bear no liability for anything that went wrong with its service, and even if something did go wrong, my client would still be responsible," recounts Bowen, lead partner at Jack Attorneys & Advisors in Atlanta.
[ Stay on top of the current state of the cloud with InfoWorld's special report, "Cloud computing in 2012." Download it today! | Also check out our "Private Cloud Deep Dive," our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
To recover any losses, her client would have had to bring suit, and the maximum recovery amount equaled no more than the fees paid for 12 months of service. That amount wouldn't even begin to come close to the value of a data loss. Bowen's assessment of the contract was blunt: "The terms were offensive," she says.
Tanya Forsheit, with whom Bowen shared the dais at a Practising Law Institute seminar on cloud computing in San Francisco last summer, says she has similar concerns. "The cloud providers try to convey a take-it-or-leave-it attitude for their contracts, expecting people to click through the 'I accept' options the way people click through the iTunes website," says Forsheit, a founding partner of InfoLawGroup who works out of the firm's Manhattan Beach, Calif., office.
Because of the take-it-or-leave-it approach of cloud providers, IT professionals are running into problems with the legal professionals charged with mitigating the risks that their organizations face. That's the case at the Port of San Diego, where Deborah Finley just began thinking about using a small vendor's cloud-based email archiving service.
"We're a medium-size organization without the leverage a larger organization might enjoy. The vendor's contract had a limitation of liability for the cost of the contract, while our legal department has standard language about indemnification," says Finley, the Port's director of business information and technology services. "To change that language, we would need board approval."
After some back and forth, Finley and the Port lawyers reached a compromise, but she's reluctant to go to the board every time she wants to sign a cloud computing contract.
For Finley and many other IT execs, the bottom line is this: Cloud computing is supposed to make things easier and cheaper for IT, but instead, it's turning lawyers and CIOs -- two groups with more common ground than they realize -- into adversaries, at least temporarily.
The lawyers, whose job is to advise the company on legal, risk and compliance issues, want to limit contracts that ignore or gloss over matters related to data loss, privacy, security and e-discovery. CIOs, whose job is to advise the company on technological issues, want to provide computing capabilities to business units as quickly as possible.
As cloud computing becomes more prevalent, the two groups can find themselves at loggerheads -- though both are striving to serve the business.