More and more companies are using “cloud computing” for the offsite storage and use of their proprietary data and information. To date, no court has yet addressed whether a company’s storage of trade secrets in the cloud compromises those trade secrets’ status. However, as the argument will inevitably be made in litigation, there are a number of steps a business can take to defuse any argument that its information is not adequately protected within the cloud.
Cloud computing presents a different paradigm for the storage, use and delivery of computer resources. Unlike traditional desktop computing, data is not stored or used with purchased software products installed on a local computer, but rather through a service kept in the cloud that is accessed and billed as needed. The data is stored remotely on third party servers accessed via the Internet, as opposed to a private computer or network. The cloud may be reached through traditional computers and mobile devices, such as cell phones and tablets.
Storage costs tend to be lower within the cloud, as large upfront capital expenditures for computing infrastructure and software are reduced to routine operating costs as the specific services are used. In addition, data in the cloud may be accessed regardless of the user’s location or device. Cloud computing solutions are also readily scalable as a company’s needs change.
As a result, everyone seems to be embracing the cloud. The research firm Forester has estimated that the global market for cloud computing will grow from $41 billion in 2010 to $240 billion in 2020. Apple has introduced iCloud which will sync remotely-stored data between devices. Amazon’s Cloud Player allows music to be stored online and then played on different devices. And Microsoft is adding more and more cloud-based services to its products like Windows and Office.
Trade secrets are frequently stored within the cloud. They may be passively stored as data or actively used with a service hosted in the cloud. A trade secret may even be stored locally on its owner’s private network, transmitted to the cloud to be manipulated by a service, and then brought back to the owner’s network where the results are saved. A trade secret owner may not fully appreciate every time a trade secret makes its way into the cloud. Online backup services place data, including trade secrets, on servers in the cloud. And a trade secret sent as an attachment to web-based e-mail is passing through the services’ servers.
What can a business do to protect its trade secrets in the cloud? While there is no court decision to serve as a guide, there are some common sense steps that can followed. The first step is obviously to ensure that the cloud computing service provider’s security policies, practices and infrastructure adequately safeguard the confidentiality of the information. The service provider’s encryption arrangements should be examined and verified. It is important to remember that because your senstive data is being pooled with the sensitive data of others, your cloud provider is a “target-rich” environment for hackers and cybercriminals. Make sure that your IT staff has completely satisified itself that the cloud provider is capable of protecting your trade secrets.
Second, a company should consider adding a second layer of encryption to data containing a trade secret. Two layers of encryption are more difficult to infiltrate than just one, especially since the client’s encryption would be independent of the service provider’s encryption.
Third, terms of service for any cloud computing service should be reviewed thoroughly. Terms outlining ownership, the right to conduct audits, and continued confidentiality and deletion of data once the relationship ends should be included. The service provider should be liable for its subcontractors or other parties it uses and should be required to maintain data-protection or cyber-liability insurance coverage that adequately protects the trade secrets that it may store or use. Additional ideas for contractual terms are included in a fine recent post on the TechNewsWorld Blog.
Cloud computing will continue to grow in popularity because of its cost and access advantages. As trade secret owners may face challenges to their use of the cloud to store their trade secrets, adopting some of the practices suggested above will hopefully reduce arguments that they have failed to protect those secrets in the cloud and provide an added level of security. (I’d like to thank my colleague John Molnar for his help with this post).