You can be sure cloud computing is making real inroads into the enterprise when Gartner weighs in. This week the Gartner Global IT Council, which boasts CIOs from some prominent financial services names like Dow Jones, American Life Insurance and International Finance Corporation as well as those from MIT and Anheuser-Busch, took on the challenge of industry standards for cloud services performance by publishing it’s list of Rights and Responsibilities for Cloud Computing Services.
While most major cloud providers do a very good job of implementing these tenets already, relying on the cloud provider’s good intentions is simply not an option for financial technology. Therefore, developing common practice and industry standards is essential for long term success of cloud computing in the financial services industry. This is a good first step.
Rights and Responsibilities for Cloud Computing Services
- The right to retain ownership, use and control one’s own data
- The right to service-level agreements that address liabilities, remediation and business outcomes
- The right to notification and choice about changes that affect the service consumers’ business processes
- The right to understand the technical limitations or requirements of the service up front
- The right to understand the legal requirements of jurisdictions in which the provider operates
- The right to know what security processes the provider follows
- The responsibility to understand and adhere to software license requirements
I must say though, I’m a little taken aback that there are six rights and only one responsibility on the list, and that one being a little strange. Ostensibly the responsibility requires both cloud consumers and providers to stay honest with respect to licenses for the third party software that they “put on the cloud.” This is clearly important in managing liability and risk of audit and copyright violation, but it is somewhat tangential to the core cloud consumer-provider relationship that the list addresses. Some more appropriate responsibilities might have been to adhere to the terms of signed service agreements and avoid the most common service violations, e.g., not exceeding usage levels by a factor of 100 during testing and whacking your cloud provider and not sharing user credentials under the table to siphon off unlicensed services.
