[#Cloud クラウド速報] クラウドのセキュリティと等しく重要なのは、有事の際の保証制度、いくつか提案が=>

出ており、下記の記事がそれを良くまとめている。 具体的には下記の対策が有用である、と述べている。
  • 法務上の制度:  クラウド事業者としての最低限の要件を法律として定め、俗にFake Cloud事業を取り締まれるようにする。
  • クラウドサービスに対する裁判制度を整備する
既にMicrosoft社に対して、先月起きたDanger社の障害(システム障害でスマートフォンのデータが消失した事件)に対する訴訟が何件か起こされており、事例として今後増加する可能性が高い。   

Does cloud computing need malpractice safeguards?

Recent failures to protect consumer data stored on the Internet (aka “the cloud”) point to an alarming gap between the value of that data and the care with which some vendors treat that data.

Microsoft subsidiary Danger failed to put in even adequate safeguards for its customers’ data. Amazon Web Services failed to discover an obvious problem that kept a loyal customer down for 20 hours. Coghead’s agreement to sell to SAP without any provisions to continue support for existing customers.

(Credit: DB King/Flickr)

The truth is that cloud computing means that now, more than ever, IT operations is a profession that has a very real economic and quality-of-life effect on its consumers–in very many ways much like health care or the law. I think it’s time we hold ourselves as individual and organizations to similar standards that we expect from doctors, lawyers, and law enforcement. Our ethics must reflect an understanding of the responsibility we are being granted by the rest of society.

The instances above are examples of companies failing to follow well-known professional protocols, or putting the needs of the business ahead of the needs of the client. Heck, look at just about any cloud operator’s terms of service, and you see paragraph after paragraph of text that basically states, “If something goes wrong, you can’t blame us.”

I think its time to change this attitude. I see a couple of options, neither of which I love, to achieve this. I’d love to hear from some innovative thinkers on others.

  1. Pass “cloud consumer protection” laws. This was something that was briefly explored after I wrote my “Cloud Computing Bill of Rights” post in August of 2008. However, the folks who got involved at that time weren’t a) vendors or b) policymakers, so we didn’t get far.

    The biggest issue with using the law to enforce professional culpability is that it requires government bureaucracy for enforcement. That bureaucracy doesn’t exist today, and would be expensive to create.

  2. Allow for “cloud malpractice” suits. Oh, I know, I know. Most of you in the IT profession are squirming in your chairs right now, ready to jump down my throat about how medical malpractice has created as many problems as it has solved. Again, I don’t love this option, either.

    However, if Danger had lost arguably hundreds of thousands of dollars worth of data (or more) because it didn’t tangibly fear the reprisals that would come if it lost it, it would be nice to see a big ol’ sledgehammer of justice ready to rain down. I’m sorry, but failure to follow known professional practices is malpractice, and malpractice suits exist to punish those who forget that.

Let me reemphasize that I don’t love either option, but I do know something has to change. The public is placing an extremely high level of trust on “cloud” services, and there has to be more than the simple threat of loss of revenue to reflect this. What do you think? Is it time to wield a big stick with respect to cloud service operations, or will the natural evolution of the market do the job for us?

Posted via email from Ippei’s @CloudNewsCenter info database

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: