I’ve long believed that Cloud computing will not be taken up by large corporate until much better legal and security assurances are provided. I’d even go as far as to say that we need a brand new security standard and independent assurance process to mitigate the risks to an acceptable level.
The best starting point is to raise awareness of the lack of legal assurances provided by Cloud service providers. Queen Mary University of London have published an excellent analysis of contracts for Cloud services: “Contracts for Clouds: Comparison and Analysis of the Terms and Conditions of Cloud Computing Services“. The contracts examined are full of exclusions for liability, peppered with phrases such as “you bear sole responsibility” or “we have no liability”.
On the positive side, the researchers suggest that if enough service providers respond to consumer concerns, it might trigger a virtuous circle that serves to improve consumer rights. But clearly that won’t happen until we start to demand better conditions. So let’s stop talking up the benefits of Cloud services, and start drawing more attention to the associated risks.