Last month Verizon expanded its Computing as a Service (CaaS) cloud computing offering. The expansion itself is not surprising. The interesting tidbit is that Verizon has Carrier Status and therefore different laws apply to them than any other cloud provider that does not have this status, such as Amazon EC2, Terramark, etc.  Will cloud computing providers be the next internet service provider? If so will they have to petition to not be responsible for the content within their clouds, as did internet service providers  with the battle that ensued over the Communications Decency Act?This really gets to the heart of the question with regards to cloud computing, who is responsible for the data presented from the cloud, and who is responsible for any data stored within the cloud. Will this be the cloud computing providers; the data owners; or some combination thereof?

Will Cloud Computing Providers  (CCPs) be deemed content providers? I hope not as that would make the CCP responsible for each and every bit of data that one of their customers puts on the network. This is where existing Carrier Status companies have an advantage as nothing on their network is considered to be their content, they are carriers for other services such as television networks, websites, etc.

Does this mean that CCPs must also achieve Carrier Status to compete? Perhaps, but this will depend entirely on the body of law that forms around Cloud Computing. CCPs  may be able to draw upon the prior body of law associated with internet service providers who have already gone through this battle.

I am not sure this is a clumsy comparison. While independent Internet Service Providers are few and far between these days  they still exist and benefit from the ruling that they are NOT content providers. CCPs need this ruling as well.

With the security of the cloud just in its infancy and being defined by such organizations as the Cloud Security Alliance, it is important to consider the legal ramifications from the perspective of the CCPs as well as from those hosting data within the cloud.

You hear this at the office quite a bit, You are responsible for security. This is doubly true within the Cloud. Who is ultimately responsible for the security of your companies data within the cloud? Whomever put it there. Until the body of law is created around CCPs, you need to be vigilant and protect your data.

Share this Article:

Share Button
Edward Haletky (376 Posts)

Edward L. Haletky, aka Texiwill, is the author of VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment as well as VMware ESX and ESXi in the Enterprise: Planning Deployment of Virtualization Servers, 2nd Edition. Edward owns AstroArch Consulting, Inc., providing virtualization, security, network consulting and development and The Virtualization Practice where he is also an Analyst. Edward is the Moderator and Host of the Virtualization Security Podcast as well as a guru and moderator for the VMware Communities Forums, providing answers to security and configuration questions. Edward is working on new books on Virtualization.

[All Papers/Publications...]

Connect with Edward Haletky:


Related Posts:

Leave a Reply

Your email address will not be published. Required fields are marked *


seven × 8 =