• United States



New Survey Highlights Security Risks in Cloud Computing

Jun 14, 20112 mins
Data and Information Security

A new survey by Trend Micro (available at shows that almost half of all respondents had experienced a data security lapse or issue in the last twelve months. The survey focused on large companies of 500 or more employees using cloud services. It highlights the need to conduct strong due diligence of potential cloud vendors, including questions regarding past security breaches and issues, current security practices, employee security training, contingency planning, etc. It also means businesses must be even more careful in choosing to place their data in the cloud and, if they choose to proceed, ensuring their contracts with the cloud provider contain meaningful protections for data security and confidentiality.

Unfortunately, many cloud providers continue to decline even baseline protections for data security or, if they offer those protections, they have so limited their liability that they face little risk in the event of a compromise. The evidence is mounting that real security concerns exist in cloud computing, businesses must be more vigilant in choosing vendors that take those risks seriously. Vendors that step forward and show they are willing to provide appropriate protections are going to have the advantage over their competitors.


Michael R. Overly is a partner and intellectual property lawyer with Foley & Lardner LLP where he focuses on drafting and negotiating technology related agreements, software licenses, hardware acquisition, development, disaster recovery, outsourcing agreements, information security agreements, e-commerce agreements, and technology use policies. He counsels clients in the areas of technology acquisition, information security, electronic commerce, and on-line law.

Mr. Overly is a member of the Technology Transactions & Outsourcing and Privacy, Security & Information Management Practices. Mr. Overly is one of the few practicing lawyers who has satisfied the rigorous requirements necessary to obtain the Certified Information System Auditor (CISA), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Information Systems Security Management Professional (ISSMP), Certified Risk and Information System Controls (CRISC) and Certified Outsourcing Professional (COP) certifications.

The opinions expressed in this blog are those of Michael R. Overly and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author