For years, cloud services have been growing in popularity due to their agility and “supposed” cost effectiveness. While most companies only have portions of their infrastructure in the cloud, the number using cloud services for mission-critical applications is growing. Today’s IT ecosystems therefore consist of a mix of in-house software and systems and cloud services, all layered with various degrees of complexity.
“A lot has been done to simplify how companies use and implement cloud services, and security has been a big focus for cloud providers and customers alike. This has helped cloud become as popular as it is. However, despite the fact that most cloud providers are complaint with regulatory requirements such as GDPR, ownership of data is still a challenge,” says Richard Firth, CEO of MIP Holdings.
He says it is vital for companies who have outsourced any portion of their operations to know who is responsible for the data, where it should sit, and who actually owns it. “Organisations need to manage a number of resources, including storage, data, systems, network and so on, with many of these sitting in the cloud. In fact, cloud is just a different variation of outsourcing, and there are still elements of the ecosystem that are being managed through traditional outsourcing models. The end result is that companies have their data spread across a number of platforms and providers.”
This has led to complicated data environments, and in some cases, has resulted in companies losing ownership of their data without realising it. Firth says that because cloud involves the automation of a process rather than just shifting the process to an outsourcer, many companies don’t realise what data – or how much – is being stored in the cloud. They also often don’t understand where their responsibilities with regards to data lie.
Managing outsourcing and cloud agreements
“Every application and system uses data, and many collect sensitive customer data. Companies should therefore take extra care when entering into and managing outsourcing or cloud agreements. Too many companies don’t understand what data they must own, and too many companies don’t have an effective understanding of exactly what data they collect,” Firth says.
“Clients’ cell numbers, company and customer e-mail addresses, contact centre numbers, sms numbers, short codes, web site or domain names, name and registration keys for apps and software – these are just a few examples of the data companies generate and store. Unfortunately, it’s only when a business wants to cancel a service or reposition a service that it finds out it doesn’t own the primary access method to this data, or at least some of it.”
He adds that this applies to cloud use in our personal lives as well. Social media sites, image sharing platforms, and so on, all own the data a person uploads to them. Most use the same wording in their End User Licence Agreement: “To the extent necessary to provide the Services to you and others, to protect you and the Services, and to improve products and services, you grant a worldwide and royalty-free intellectual property license to use Your Content, for example, to make copies of, retain, transmit, reformat, display, and distribute via communication tools Your Content on the Services. If you publish Your Content in areas of the Service where it is available broadly online without restrictions, Your Content may appear in demonstrations or materials that promote the Service. Some of the Services are supported by advertising.”
Firth says that companies should pay particular attention to the contracts they sign. “The contract should stipulate who owns the data. Amazon Web Services (AWS), for instance, states within its Terms and Conditions that ‘you reserve all right, title and interest (including all intellectual property and proprietary rights) in and to your content’. Other vendors try to keep ownership of data as a way to lock-in clients, preventing them from moving their data elsewhere. Signing a contract that doesn’t specify data ownership provisions is opening a company up for trouble further down the line.”