Legalities of the Cloud

I finally finished “Cloud Application Architectures” (the Tour de France has been a real distraction of late – go Lance!), which is a great overview of cloud computing in general and utilizing AWS specifically.

One issue the author George Reese raises in the book concerns potential legal issues/concerns when your bits are cloud-based. For example, your virtual host is running on the same physical machine as another company. That company turns out to be under investigation for some shady dealings. Law enforcement officials in turn confiscate the physical hardware to prosecute the offenders, thereby taking your site down, along with your bits, including customer data. There are a number of other examples in the book, along with suggested ways to keep your data safe (encrypted file systems, etc)

When reading the book, I thought some of these ideas might be a bit outlandish. Until I read an article on CNet today, entitled “Lawyers shine light on real cloud concerns”. James Urquhart covers some of the same ground as George Reese, while adding in some additional topics/questions like this post from an employment law attorney:

From an employment law perspective, I have not seen much, if anything on the subject. For example, Connecticut's wage and hour laws require employers to keep track of various records of the employee including hours worked, etc. The catch? Such records need to be kept at the employer's place of business for three years. Does storing the information in "the cloud" satisfy that?

Good food for thought; obviously the legal system won’t catch up to the realities of the cloud for quite some time so it pays to delve into something you might not look into normally when deploying a physical production instance at a data center.