Cloud Computing. A Practical Introduction to the Legal Issues

Renzo Marchini

Published by

BSI

ISBN

978-0-580-70322-5

RRP

£30

Reviewed by

Peter Wheatcroft FIET FBCS CITP FCMI

Score

10 out of 10

Cloud Computing. A Practical Introduction to the Legal IssuesBSI is best known for its publication of standards and specifications and this interesting book is part of a recent move to provide more guidance on implementing standards and understanding related issues.

Cloud computing is not a new imperative for organisations as it has been around in various guises such as outsourcing, data processing and managed services for some years and so the challenges already exist. However, given that the cloud has assumed the status of an industry umbrella term, it is relevant that the issues associated with its implementation have been brought together in this new book.

The author is a lawyer who has been involved in IT and e-commerce contracts for some years and so has seen the pitfalls that can await hasty implementation and he writes in clear and jargon-free language. Whilst it is billed as an introduction to the legal issues, this book does contain a lot of good general management and service management advice inside its 166 pages that readers will find helpful.

The various definitions of cloud computing are provided in chapter 1 and form a useful backdrop to the numerous industry terms that already litter the popular press.

It covers both sides of the legal contract - provider and recipient - but will be of more interest to customers than to cloud providers who will already have had to consider the terms of supply when forming a service offering. However, sector-specific cloud services and their underpinning regulatory frameworks are explained and a number of recent legal judgements on unfair contract terms are provided throughout the book, making interesting reading.

There is advice provided on the Data Protection Act (DPA), which is included in related BSI, but this is important in the context of cloud services as the data most often ends up overseas.

Issues of who is the data controller and data processor are clearly laid out and serve to illustrate how complex the agreements surrounding third-party services can become. Issues such as supplier lock-in, where taking a cloud service can mean it is very difficult - or even impossible - to move that service elsewhere, are clearly covered and there is a very good section on service level agreements and service outages.

If you are not already convinced about whether cloud services are relevant to your organisation, then read this book before making a decision. It covers the practical issues, both management and legal, that are important considerations when entering an agreement and so will appeal to any type of reader.

Further Information: BSI

This book is also available from the BSI as BIP 0117.

March 2011