In this article we provide a brief overview of the cloud computing, explore the benefits it offers and highlight some of the key commercial and legal implications.
What is the cloud?
The cloud is effectively a vast online space that stores data, applications and computing resources that we use every day through the internet in our working and non-working lives. It has revolutionised how we access and use technology and related services, and it touches every part of our lives.
Microsoft has a useful definition of the cloud in technology terms as the “global network of remote servers designed to store and process data for other devices and computers.” Instead of using physical servers or storing everything within a computer and device, it is also held “virtually” in the cloud. However, in reality there are still physical data centres that are managed by providers like Microsoft and Amazon Web Services.
What are the benefits of the cloud?
The history of the internet and the evolution of technology and related services are intertwined with the cloud, so the full impact and benefits of the cloud are profound.
At a high level, the cloud has:
- Significantly reduced IT infrastructure expenditure and other related technology costs relating to both hardware and software.
- Supported flexibility and scalability that organisations need to operate in a fast-moving and unpredictable business climate.
- Hugely lowered the barriers to accessing enterprise-level software and services for medium to smaller businesses.
- Helped drive the use of video and streaming media both in and outside work.
- Supported the ability to collaborate globally and work from anywhere, critical from the largest global enterprises to one-person businesses.
- Driven innovation and a multitude of new products and services.
- Provided the data storage and processing power contributing to the evolution of generative AI, business intelligence and other emerging waves of technology.
- Supported the ongoing management of software, for example with updated releases that do not even involvement from an IT function.
- Reduced risk by providing more support for data prevention and loss by backing up all data in the cloud and supporting business continuity.
- Increasingly provided robust layers of security and access to enterprise-grade monitoring tools, although cyber-security is still a major issue for businesses.
Over the past few years many organisations have instigated digital transformation programmes that involve moving over to the cloud, and away from on-premises infrastructure.
Examples of cloud-based services
Today, almost everyone uses cloud-based services – both for B2B and B2C scenarios. Common examples include:
- Collaboration and productivity suites such as Microsoft 365.
- File storage services such as Dropbox and Microsoft OneDrive.
- Streaming media like Netflix and Spotify.
- B2B information services provided by companies like Thomson Reuters.
- Internet of Things services which provide access to devices such as security cameras and thermostats.
- Core internet services like Google.
- A wide range of highly specialised business apps.
- And many more.
What are the different types of cloud?
Cloud computing has a number of different types or deployment models. The main three are:
- Public cloud: The public cloud is where resources are provided over the internet by a third-party to multiple customers.
- Private cloud: This is essentially a private cloud dedicated to a single organisation, often for data security reasons or for more control. A private cloud might still be hosted by a third-party.
- Hybrid cloud: When an organisation uses a mixture of the public cloud and a private cloud.
Additional cloud types including community cloud, where resources are shared across a number or organisations.
Types of cloud computing services
Cloud computing services can also be grouped into three different types – SaaS, PaaS and IaaS.
Software as a Service (SaaS) is where applications are accessed over the internet and where generally people pay for them on a regular subscription model. Many of the tools and apps that people and businesses use every day are provided on a SaaS-basis.
Platform as a Service (PaaS) allows businesses and software developers to create and build custom applications for customers or employees.
Infrastructure as a Service (IaaS) is where one company such as Microsoft provides the “virtual” infrastructure, including severs, data storage and network connectivity, for another, replacing the need for physical “on-premises” servers.
Google also points out a fourth type called server-less computing or Function-as-a-Service (FaaS) where applications are triggered by events (something that happens such as a person completing a form) which doesn’t require any infrastructure at all. This is a relatively new area.
What are the downsides of the cloud?
When we first wrote this article around a decade ago, we mentioned disadvantages and “grey areas” of the cloud, including:
- Reliability with too many outages.
- Security issues.
- Lack of clarity around data ownership contained in contractual arrangements.
- A distinction between uploaded content versus content created in the service.
- The jurisdiction where the data centre resides which holds your data.
After many years some of these issues remain. Current challenges that in-house legal teams and compliance functions will need to bear in mind include:
- Cyber-security: This is clearly a major concern with risks around data breaches, cyber-attacks, ransomware attacks, fraud and more.
- Data privacy: Employee and customer data will be held in the cloud and there are potential compliance-related issues. This has also taken on an additional dimension with the emergence of generative AI and the use of private data to train Large Language Models (LLMs).
- Contractual arrangements: There can still be ambiguity over data ownership reflected in contracts, for example with social media companies. However, in practice this tends to be more of an issue with consumers rather than for B2B scenarios where ownership of data is usually more clearly defined for a corporate audience.
- Data residency: The location of physical data centres can still be an issue if the jurisdiction where data is held does not align with an organisation’s regulatory and compliance requirements. There can sometimes be confusion if data is transferred across different services as to exactly where data resides. Generally, both Microsoft (Azure) and Amazon Web Services have built more data centres in different jurisdictions to meet more needs, but not all SaaS-based services offer the required choices.
A combination of these factors means that some organisations – particularly in financial services and other regulated sectors – will choose to keep some of their data on-premises.
Other concerns relating to the cloud include:
- The environmental impact of data centres.
- The lack of control and flexibility of SaaS-based services.
- Unpredictable costs.
- A reliance on strong connectivity.
In many ways the risks associated with the cloud are general challenges that every business needs to consider – cyber-security, data compliance and so on.
Conclusion
The cloud has had a huge impact on how both consumers and businesses access services and technology. While there has been a huge number of benefits, there are also associated risks which means that in some sectors there is still a reluctance to fully embrace the cloud. For in-house lawyers, it pays to know as much as possible about the cloud, both generally and how it specifically affects their organisations.