Last month Verizon expanded its Computing as a Service (CaaS) cloud computing offering. The expansion itself is not surprising. The interesting tidbit is that Verizon has Carrier Status and therefore different laws apply to them than any other cloud provider that does not have this status, such as Amazon EC2, Terramark, etc. Will cloud computing providers be the next internet service provider? If so will they have to petition to not be responsible for the content within their clouds, as did internet service providers with the battle that ensued over the Communications Decency Act?This really gets to the heart of the question with regards to cloud computing, who is responsible for the data presented from the cloud, and who is responsible for any data stored within the cloud. Will this be the cloud computing providers; the data owners; or some combination thereof?
Will Cloud Computing Providers (CCPs) be deemed content providers? I hope not as that would make the CCP responsible for each and every bit of data that one of their customers puts on the network. This is where existing Carrier Status companies have an advantage as nothing on their network is considered to be their content, they are carriers for other services such as television networks, websites, etc.
Does this mean that CCPs must also achieve Carrier Status to compete? Perhaps, but this will depend entirely on the body of law that forms around Cloud Computing. CCPs may be able to draw upon the prior body of law associated with internet service providers who have already gone through this battle.
I am not sure this is a clumsy comparison. While independent Internet Service Providers are few and far between these days they still exist and benefit from the ruling that they are NOT content providers. CCPs need this ruling as well.
With the security of the cloud just in its infancy and being defined by such organizations as the Cloud Security Alliance, it is important to consider the legal ramifications from the perspective of the CCPs as well as from those hosting data within the cloud.
You hear this at the office quite a bit, You are responsible for security. This is doubly true within the Cloud. Who is ultimately responsible for the security of your companies data within the cloud? Whomever put it there. Until the body of law is created around CCPs, you need to be vigilant and protect your data.