Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Security Newswire

Report: 'One-Size-Fits-All' Cloud Computing is at an End

A report from the Cloud Legal Project at the Centre for Commercial Law Studies at Queen Mary, University of London, has forecast that the era of uniform, one-size-fits-all cloud computing contracts is at an end, according to an article from RedOrbit.com.

The report, "Negotiating Cloud Contracts – Looking at Clouds from Both Sides," identifies the six types of cloud contract terms most negotiated as provider liability, service level agreements, data protection and security, termination rights and lock-in/exit, unilateral amendments to service features and intellectual property rights. 

The researchers identified a need for service packages when it comes to negotiating cloud contracts, noting that many one-size-fits-all terms are actually non-compliant, invalid or unenforceable in certain countries, the article says.

“To remain competitive, providers may have to be more aware of user concerns, more flexible in negotiations, and more willing to demonstrate the security and robustness of their services,” says the Cloud Legal Project's lead academic, Professor Christopher Millard, in the article. “In the middle or low value markets, choice is still limited, and many contract terms are still inadequate or inappropriate for SME users’ needs, as they may lack the bargaining power to force contract changes.”

Cloud services and usage are still in their infancy, Millard commented, and contract terms, usage needs and service plans will develop over time. 

Developing varied cloud packages might dissatisfy users who are used to finding the cheapest services while requesting levels of contract terms and conditions, RedOrbit reports.

It’s as important for the users of cloud services to understand the issues as it is for providers. “Users may need to consider what functions should be migrated to cloud and on what basis, such as starting with pilots only, conducting risk assessments, and implementing internal controls,” the report states. For small businesses and enterprise companies, this means assigning these duties to an IT person or someone who can work with the company’s IT providers to implement procedures and best practices, says the RedOrbit article.
 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

2014 November cover of Security Magazine

2014 November

Don't miss our 2014 Security 500 issue, with rankings, data on sectors, and other security benchmarkings, all contained within this November 2014 edition of Security magazine. Also, (re)learn the basics of lobby security and how to make the highest impact retrofit for your budget.
Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.