Not that long ago, companies were concerned about the ramifications of putting all their data in a cloud, including how they would get that data out, so only certain discrete aspects of systems and storage infrastructure were being moved to the cloud. Fast forward a few years and, for cost and other reasons, the current trend is for companies to make wholesale replacements of services and move those services to the cloud. With more software and services being offered in the cloud, it’s important to understand the responsibilities of each party and the risk allocation between them.
Cloud services agreements generally employ a “shared responsibility model,” which is an allocation of responsibilities between the cloud provider and the customer. Issues arise when either cloud services agreements are used for multiple business units and services without a clear understanding of the responsibilities of the customer with respect to the data they’re moving to the cloud, or the customer does not understand that it has its own distinct responsibilities with respect to its data.