Does Adoption of Cloud Computing Shift Cyber Liability Risk?

The rapid adoption of cloud computing has attracted companies that seek to lower their information technology costs. At the same time, it is reported that there has been an increase in data loss and an increase in cyber-liability claims against companies—some of it from an increase in criminal acts like hacking. But the biggest vendors in the cloud computing industry want to push the risk of penetration of their systems onto their customers adopting the technology—those far removed from control of the hardware and network platforms on which cloud computing relies. This shift of cyber liability risk away from the cloud computing platform providers and onto their customer may be a result of competitive pricing in the cloud computing platform service industry. Some in the industry consider the liability risk associated with retail customer data disclosure to be approximately $2,000 per customer data record. This is a large number when one considers that corporate customer databases could easily have 100,000 data records with names, addresses, credit card numbers and other information in them. Therefore cloud computing customers have to consider how to ameliorate the risk of cyber liability despite having outsourced their compute infrastructure to the cloud.

Cloud Computing Has Become Highly Popular. “Cloud computing” is a term that refers to a computer system architecture where users of a software package use their local computers to access a remote server computer operating the software, typically using the World Wide Web that accesses a webpage hosted on that server. Typically, the server operating the software is located outside the confines of the corporate computer network perimeter and beyond its network firewall. The users’ data is stored on the remote server or some remote data repository associated with the remote server. The software architecture is engineered so that users of the software from different corporate customers can use the software (and their data) independently but at the same time. Software made accessible to corporate customers in this manner is called “Software as a Service” (SAAS). The corporate customer is reliant on the software-as-a-service provider (SAAS) to operate and maintain the software and the customer’s database. The SAAS provider is also a customer of the cloud computing platform service for the servers and networking on which their software service relies. While the corporate customer’s data is stored outside the perimeter of the corporate network on a server that neither customer has direct control over, there are advantages to operating corporate information technology infrastructure this way.