Posted by: Christian Verstraete | December 21, 2009

Relationships in the Cloud, more on Cloud Supply Chain

I continue working on my paper about data and the cloud. It’s actually a fascinating journey, demonstrating that cloud computing in general, and the public cloud in particular is absolutely not mature. Not being a lawyer, I discover a whole new world. A couple weeks ago I pointed out, in a blog post, titled “Supply Chains in the Cloud”, the lack of transparency about who actually offers you the service.

In an excellent post from last October, David Navetta, addresses the relationships in the cloud from a legal perspective. Many people are looking at the cloud as just another way of doing outsourcing. As it turns out, nothing is farther from the truth. The cloud is not white fluffy and transparent in many situations. The question is really, with whom am I dealing? Who is processing my data? And this is particularly true in the SaaS space. Indeed, if you are buying IaaS services from Amazon for example, you can be reasonably sure you are dealing with Amazon and only with them. But you have to build your application. The more you move up the stack, the more you receive services, the more difficult it becomes to identify who is doing what. You obviously deal only with the service provider whose name is on the portal. But who is behind him?

You are sceptic about what I just wrote. Well, in his post, David gives some examples. The first one is a press release from EnterpriseDB, who provides an OLTP database on Amazon’s cloud, but in doing so, has enlisted Elastra, a company delivering elastic database technology. Zapproved, an online productivity tool, has chosen Mosso’s Cloud sites to host its applications. Mosso’s Cloud Sites in turn are hosted by Rackspace Hosting. And should I remind you of the latest T-Mobile sidekick hick-up about one month ago. Here it turns out the service was provided by a Microsoft subsidiary, called Danger. And I could go on like this. Today some companies even aggregate services from multiple origins (e.g. Jamcracker) with unified provisioning, administration, billing, settlement, support, security and directory services.

The fundamental question is how we ensure “reasonable security” and conformance in such environment. The user may be two or three levels removed from the organization actually processing and storing the cloud user’s data, with no direct relations with them. How do we get all covered by the one agreement we have?  Transparency is critical in the cloud, but today it is not the norm. Cloud Computing will have to adapt itself as legislation and court cases define the legal environment over the next year or so. In the mean time, make sure you think about the implications while putting your head in the cloud. And maybe, you want to involve your lawyer in the decision.

On a different note, Merry Christmas to all. Wish you all the best.

Digg This


  1. Great post, Christian. Very important matters, indeed. Preferably to be figured out and documented before jumping head-over-heels in Cloud Space…
    Happy Holidays!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: