Corporate Law: Cloud Computing
Published 24 August 2020.
When creating a new cloud technology tool, developing a new software application or providing a new service through the cloud it is important to understand the extent of the offering and what type of service that has been developed, what are the risks, rights and obligations connected to it and what type of contracts need to be put in place to cover the variety of legal relationships surrounding the licensing and use of the product, as well as the way the owner’s interest and user rights are protected.
Cloud computing comprises the provision of services, resources or tools remotely via the Internet, servers or through a network. Depending on the nature and level of functionality, the cloud computing services can be categorised within 3 different service types such as Software as a Service (SaaS), Platform as a Service (PaaS) and Infrastructure as a Service (IaaS).
SaaS has the highest level of functionality as it in involves allowing end-users to use software applications without the need to use additional hardware. i.e. acquiring a licence to use a home software package.
PaaS is the next level of sophistication and gives developers more autonomy and allows them access to a platform with tools to create, assess, improve, host applications, etc. The key element of PaaS comprises giving access to tools or software to further develop applications. For example, some social networks could be considered PaaS.
IaaS is the most sophisticated service with the lowest level of functionality. The service provider allows more advanced users to obtain access to hardware, data storage facilities or other technology without the need for investing in expensive servers or storage facilities. It mainly involves outsourcing the service and obtaining access to the equipment remotely based in different locations.
In this fast-evolving sector, a robust set of heads of terms for the provision of cloud services can prevent many disputes and can provide smooth running for your business. Depending on the type of service and its level of functionality, additional requirements or more comprehensive provisions would need to be included, however, all three cloud services agreements should have provisions regulating security, data protection, confidentiality, IP protection, licensing rights, warranties & indemnities and limitation of liability.
It is also important to consider the method in which service levels are going to be addressed, the location of the servers or network and the territorial scope of the services, to allow additional measures to be taken into consideration which comply with different laws and regulations i.e. the mechanism for the transfer of data under GDPR and IP protection. Ancillary contracts can also be useful in order to provide a more customised legal framework to the business and to the transaction, adapting the scope of the services to different types of vendors or customers