• United States



Cloud Computing Literally as a Commodity

Feb 22, 20112 mins
Data and Information Security

We have all heard the common refrain of treating cloud computing as a commodity. Typically when this is said, the speaker is referring to the fact that cloud computing resources are made available by large data centers in more or less a pre-packaged form. Recently, however, this term has taken on a new and far more literal meaning. A market is developing in which third parties buy and sell cloud computing resources just as they would any other tradeable goods. The “market” will essentially set the prices to be charged.

While the creation of a marketplace for cloud computing resources may be an outstanding opportunity to purchase these services at favorable pricing and avoid long term commitments, this new market highlights the fundamental challenges of cloud computing: security and reliability. Treating cloud computing resources as a true commodity will likely result in even less in the way of contractual protections to the consumer of those resources – particularly with respect to key issues like service levels and data security. Sellers will almost certainly approach these transactions with an even greater aversion to risk than in more traditional cloud computing engagements. Likely, “as-is” will be the order of the day, with the service being provided with little in the way of substantive protections. While this may be a reasonable way to proceed in low risk engagements where sensitive data will not be at risk, caution should be exercised when critical services are involved.

Now, more than ever, businesses must carefully review proposed contract terms and, just as important, conduct due diligence on who will be providing the services and where. While the advantages of a cloud marketplace are many, we must not lose sight of the fact that the fundamental risks of cloud computing remain.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author