The switch from wholly-owned infrastructure to internet-based services for IT is saving time and money, but brings a new set of risks for business, especially data security. How does business protect itself amid issues of data protection and privacy as well as ensuring business benefits and service levels? It’s all in the contract?
Text Version
Times are changing in the way that organisations procure their technology. Large scale in-house implementations are frankly a thing of the past. Organisations are looking much more at things like cloud computing and infrastructure as a service, as the service delivery model for their technology needs. Cloud computing, using the internet in order to obtain technology services that traditionally would be provided in-house, and to obtaining their IT requirements as a service, that is providing infrastructure as a service. Data centres are being set up, outside of a client’s organisation, by a third party that can be rented by a client. No need to acquire hardware and technology and communications lines and all those sorts of things anymore when they are being provided on a rental type basis by a vendor.
Some of the key issues that arise from a legal perspective though: the whole area of data and data privacy and data protection, if I’m minding some of my critical systems utilising a service of a third party who is providing both the hardware and the software, off site, outside of my office, how do I know that the data that I am utilising on that system is being protected? Protected against unauthorised use or access; protected against some third party being able to utilise it for their benefit. How do I know that it’s not being left lying around? What sort of security measures are being put in place to protect my data? How do I ensure that as a result of using this service I’m preserving my market differentiation is what it really means. We also need to ensure that these contractual arrangements that are being put in place are very outcome focused. We want to see the results; the delivery of the services being very clearly specified in contractual arrangements. And we want to see a very strong governance model being put in place. A governance model that acts as an early warning system to determine when things – if things go wrong, we can determine how to deal with them very, very quickly and not leave the problems to manifest themselves for much later in the piece.
A strong contractual arrangement, where your lawyers understand the key requirements, is a key. Must have a strong governance arrangement; must be able to identify the outputs and the deliverables very clearly; and must incorporate the key efficiency gains that the clients want to see in these sort of contractual arrangements. The clients are very keen to see how the value is being passed on. Well, let’s talk about that value. Let’s talk about the efficiencies. Let’s incorporate them finally into the contract between the parties.
