The Legal Affairs Committee of the European Outsourcing Association France (EOA) published a white paper on Cloud Computing on December the 9th, drafted by a working group made up of legal experts from major companies (Orange, Thalès, Suez Environnement and Atosand Steria) and outside consultants under the supervision of Rémy Bricard, founding member of the EOA and Partner at Baker & McKenzie in Information Technology and Communications. The EOA is an association specializing in sourcing issues (outsourcing in particular) that was founded in 2005. Its mission is to advise corporate heads and operational staff on these issues by informing them specifically about best practices.

The report focuses on the impact the Cloud has had on companies’ decision-making process and offers a series of highly practical tips to help business divisions avoid exposing their companies to new risks. Cloud development has liberated business divisions from IT and legal departments when it comes to setting up their projects. While the Cloud offers a number of advantages such as simplicity, flexibility, efficiency and productivity gains, it also creates new risks like data loss and ends up creating new divides between departments.

Implementing a Cloud project forces businesses to make key technical, organizational and legal choices, especially when it comes to data security, confidentiality, localization and integration. “Business divisions – which can now set up proprietary Cloud projects without anyone’s help – must be made aware of the importance of incorporating the entire company into their thought process. We have built a veritable toolkit with them in mind, so by asking themselves the right questions they can ensure they don’t miss a key facet of the project and create new risks for the company from the outset”, explained Rémy Bricard.

Using an original and pragmatic approach consisting in identifying 51 highly practical questions that business divisions about to roll out a public Cloud project must ask themselves, the EOA’s Legal Affairs Committee has presented companies with 6 major recommendations:

  1. Ask yourself whether the company’s strategy is compatible with the strategy of the Cloud services provider.
  2. Ensure that the Cloud service the company plans to use is clearly understood and meets the need that has been identified.
  3. Think about how the Cloud will be incorporated into the company’s IT system.
  4. Protect the data the company has in the Cloud. Avoid handing over control because the company is responsible for legal obligations, not the service provider.
  5. Make sure the company possesses the rights to do what it wants with the Cloud, i.e., verify it has the rights it needs to use the various software implemented by the service providers.
  6. Ensure the company retains access to its data independent of the technology used by the service provider and make sure they can be migrated to another service provider. This implies implementing clauses covering reversibility, data destruction, audit and interoperability capacity.

In the era of Big Data, where we’ve barely scratched the surface of the value creation potential that could be leveraged by all the data that companies accumulate, EOA is encouraging companies, specifically business departments, not to tackle their Cloud projects alone and skip the rest of the organization.

The White Paper can be downloaded at EOA - Livre Blanc Cloud Computing 2013