Cloud Computing is the new buzzword for businesses. While it is not an entirely new concept, its application to businesses in new and unique modes along with the scale of adoption of new techniques have made it a fairly current subject. Consider your regular email and social networking sites; these are all examples of cloud computing in their simplest manner. However, today we see a proliferation of new tools of cloud computing that have made businesses turn around and take notice of the immense advantages that cloud computing has to offer. A range of operations can now be performed on the cloud without the need for capital investments in purchasing, setting up, operating, and managing systems within the business.

Cloud computing covers a gamut of services and can broadly be categorized as Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS) modes. All of these services require storage of information, at times of a sensitive nature, in the ‘cloud’. Businesses have readily embraced these modes of services. As a consequence, an immense quantum of business in innumerable industries and various business operations, from the day-to-day mundane tasks to collaboration and operative tasks, are being performed ‘in the cloud’. In such a scenario, it is imperative that the legal implications of using cloud computing services be understood by a business and that steps be taken to overcome the challenges and mitigate the risks presented by it.

The legal issues arising out of cloud computing can be broadly categorized as operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and those relating to jurisdiction.

Operational legal issues concern legal issues that arise from the use of cloud computing services on a day-to-day basis and include concerns such as access to information of the business and manner of storage of the said information. It is imperative that such issues be addressed prior to availing services of a service provider and be adequately dealt with in the contractual negotiations. Also, included in operational issues are those of upgrade and vendor lock-in. This would imply that the business must consider as to whether, while performing its operations, it would be able to upgrade to newer operating procedures and systems and who, and to what extent, shall be responsible for the process.

Another operational concern that a business must consider is data portability. Would it be possible, in the event of discontinuation of relationship between the vendor and the business or in case of technical, financial or other difficulties, for the business to access its information through other applications or service providers? It is essential for businesses to consider such a scenario, since there have been several instances of data being lost due to technical hitches or due to the vendor closing up shop. Such contingencies, if provided for and dealt with in the contract between the parties can go a long way in eliminating risks and also allocating liability in case of loss.