Cloud Computing / What is it ?


Technology: Cloud Computing Definition Evolving


May 20, 2011 • Reprints

There’s a lot of buzz about cloud computing. However, what it means to you or your client’s businesses may not be what it means to others. If your business is moving, as many businesses are, into using cloud computing to run business critical applications and host business sensitive data, you will be negotiating and/or drafting a contract to address numerous cloud computing legal, business, and technology issues. Although the parties may not title the agreement “Cloud Computing Contract,” how the parties to these contracts define “cloud computing” deliverables in the context of a specific transaction will impact the risk allocations and liabilities of the parties.

The National Institute of Standards and Technology (NIST), and several court decisions have recently proffered various definitions of cloud computing. As these definitions show, they (like cloud computing concepts) are evolving. This article examines some of the broad outlines of those definitions.

“DRAFT NIST Cloud Computing Definition”, NIST SP 800-145 (January 2011), defines cloud computing, in part, as follows:

Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models.

Essential Characteristics:

On-demand self-service.

Broad network access.

Resource pooling.

Rapid elasticity.

Measured Service.

Service Models:

Cloud Software as a Service (SaaS).

Cloud Platform as a Service (PaaS).

Cloud Infrastructure as a Service (IaaS).

Deployment Models:

Private cloud.

Community cloud.

Public cloud.

Hybrid cloud.

Note: Cloud software takes full advantage of the cloud paradigm by being service-oriented with a focus on statelessness, low coupling, modularity, and semantic interoperability.

In International Business Machines Corporation vs. Visentin, the U.S. District Court for the Southern District of New York examined, and ultimately denied, the request for a preliminary injunction against a former IBM employee (who had signed IBM noncompetition agreements) and joined Hewlett-Packard (HP). In its analysis the court describes “cloud computing,” in part, as follows:

HP and IBM compete in the important emerging market called cloud computing. Cloud computing allows businesses and individuals to use the Internet to access software programs, applications, and data from computer data centers managed by providers such as IBM and HP. Cloud computing services are not a unitary product but rather a continuum of services which businesses are able to access on an as-needed basis. … These services range from “public cloud” services — that is, pre-packaged standard services – to “private cloud” services – that is, highly individualized services designed specifically for a single client. … IBM, HP, and fedex overnight ambien others will compete in the area of cloud computing technology for the next several years. (Emphasis added.)

In Google, Inc., and Onix Networking Corporation vs. The United States & Softchoice Corporation, the U.S. Court of Federal Claims examined, and ultimately granted, a preliminary injunction concerning a bid protest that defendant government, acting through the Department of Interior, had authorized an exclusive procurement for an electronic messaging solution that violated the Competition in Contracting Act, various regulations, and the Administrative Procedure Act. In its analysis the Court stated:

“Cloud Computing” has been defined by the United States Government Accountability Office as “an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, [with] the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks.” … see also AR 122 ([REDACTED] defining “cloud computing” as “a style of computing where scalable and elastic IT-related capabilities are provided ‘as a service’ to customers using Internet technologies”).

… “Private cloud computing can be a major investment. Although issues with security and privacy may be real with public cloud computing services, test your assumptions and fully analyze your requirements before you rule out using public cloud computing services. Private cloud computing requires a focus on process issues (operational, management, funding and service description) and people issues (cultural and political) before investments in technology solutions.” … “[a]s public cloud computer services mature, decisions about developing or expanding private cloud computing architectures will be return-on-investment decisions. Many private cloud computing services will eventually become hybrid services — leveraging enterprise-owned resources and public cloud resources — or will migrate completely to the public cloud. Being proactive by managing this evolution is critical. ….”.

As these evolving definitions show, there is no one “cloud computing” product that a business can purchase and truly know what they are receiving. In order to truly understand cloud computing in any given transaction the parties must pursue a clear and concise definition of the cloud computing deliverables. How parties define these deliverables depends on the details of the transaction. Contract drafters and negotiators must have an understanding and appreciation of the applicable technologies and appropriately convey within the contract the applicable legal issues, rights, and obligations of the respective parties regarding these deliverables. The bottom line is that this understanding is critical to the proper risk allocation in the contract and helping the parties have a successful journey into cloud computing.

About the author: Alan S. Wernick, a partner at FSB FisherBroyles LLP (WWW.FSBLEGAL.COM), is a member of the bars of IL, NY, OH, & DC. Since 1982 Alan’s business law and dispute resolution practice has focused in information technology law, intellectual property law, and data privacy/security law. More information about Alan’s practice, lectures, and publications is available atWWW.WERNICK.COM.