January 17, 2022

Volume XII, Number 17

Advertisement
Advertisement

January 15, 2022

Subscribe to Latest Legal News and Analysis

January 14, 2022

Subscribe to Latest Legal News and Analysis

National Institute of Standards and Technology (NIST) issues “US Government Cloud Computing Technology Roadmap”

The National Institute of Standards and Technology (NIST) recently released a three volume work in progress relating to U.S. government adoption of cloud computing technologies. In the preliminary discussion, the security requirement is noted as “not considered to be fully met at present.” Cloud Providers, and cloud users, should be aware of the development of federal guidelines, as a new federal standard may have a significant effect on cloud computing standards of care. The full three volumes, and related information, may be found at the NIST cloud computing center, and the deadline for comments is December 2, 2011.

While NIST is working on developing federal contracting standards for security, non-governmental entities must also be concerned about security for compliance with data breach laws, in some particular industries for regulatory compliance, and generally for marketing considerations. Despite there being a variety of types of cloud computing customers, “as-a-service” providers often take a one-size-fits-all approach to security. Each such cloud provider generally has a security policy, and that is all it will agree to, regardless of whether it satisfies the individual customer’s particular security needs, in order to keep costs down, and such cloud providers seem hesitant to provide customers with unique services. A more cooperative discussion regarding security of data may be needed, both from a contractual agreement standpoint and a risk management standpoint, and the results of the discussion should be documented with appropriate contractual language.

Typically, outsourcing providers resist granting broad audit rights to its customers, and cloud computing “as-a-service” providers are even more reluctant. To protect the interests in the security of data, cloud users may demand a quality audit of an “as-a-service” provider which would require a significantly more in-depth look into the Cloud Computing Provider’s computer systems and propriety methods. As a customer is relinquishing even more control of its data than under a more traditional service contract, the desire/need for an audit should be greater. These concerns are also compounded if that “as-a-service” provider utilizes a third party hosting company to host the data and process the “as-a-service” provider’s application. In such an instance, customers should consider requiring the right to audit such third party host’s data centers and security systems.

© 2022 BARNES & THORNBURG LLPNational Law Review, Volume I, Number 316
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Barnes & Thornburg LLP’s Intellectual Property Department, with more than 100 attorneys and professionals, is one of the largest intellectual property practice groups found in a full-service law firm. Our practice covers a broad spectrum of services, including strategic IP portfolio services, prosecuting and litigating patents, trademarks and copyrights, enforcement of patents and trademarks and defense of IP enforcement actions. 

Our IP practice advises and helps a diverse and multinational roster of clients. From electrical and mechanical engineering, to chemistry and...

312-214-8329
Advertisement
Advertisement
Advertisement