The technical awareness of the legal system with regards to cloud technologies is increasing. The courts are beginning to take a useful, pragmatic and well balanced approach to evaluating the fairness and effectiveness of service provider T&C’s in meeting customer information security requirements and obligations. The concept of what is reasonable is central to this balance. It is also nothing new. This after all is what corporate diligence is all about. However, achieving this reasonableness requires real understanding of well known terms such as: vulnerability, threat, risk and exposure within a new technical landscape.
A common question asked by senior management when faced with a technical issue of security is “well what really is the risk?” Unfortunately the expertise of most security professionals often doesn’t extend to the legal environment where these risks eventually manifest themselves. The difficulty in answering the question arises because a big part of the answer lies with a company’s ability to contract effectively with its customers. For a service provider, poor governance of cloud security issues equates to poor corporate diligence and a tangible risk to business reputation.