The Top Dangers Lurking in Your CSP EULA
At Veritas, we hear these questions from customers all the time: What do you mean my files were deleted because they were not in compliance? My cloud service provider (CSP) isn't backing up my data? How can my CSP fine me for violating protocol? How am I supposed to make sense of these protocols?
What customers often don't realize is they, not their CSP, are responsible for data protection and compliance. If they don't take action, the consequences can be financial, reputational, and even legal.
As we discussed in "Cloud EULAs are Complex – Why You Need to Read the Fine Print" post, it's no surprise that many enterprises, like ourselves, quickly agree to the terms of their CSP end-user license agreement (EULA) without carefully reading them. They do not agree with the terms out of stupidity. These are complex and lengthy documents not easily understood by someone without a law degree. So many times, an enterprise cloud administrator will quickly scroll through and click "accept," presuming the CSP had drawn up terms that would offer reasonable protection for customers. But the truth is, they often fall short of expectations.
As cloud adoption grows, the EULA must also become more expansive to mitigate the risk of exposure by the CSP. This makes the situation more difficult for the end-user. Most EULAs are growing longer and more complex as the CSPs take on more work for their enterprise customer and manage more data and applications. As this scenario unfolds, what are the worst potential pitfalls hiding in a typical cloud service provider EULA?
Here are the top three:
Additionally, other hidden potential pitfalls in EULAs include the CSP's ability to throttle users when their servers are being flooded with requests and provisions prohibiting the storage of classified information on the CSP's servers. Some EULA pitfalls may only affect a small number of users compared to others but still have a significant impact.
Always keep in mind that the EULA is an instrument designed to protect the CSP's rights and interests, not the customer needs.
The good news is we at Veritas are working hard to help our customers stay ahead of the game. In so doing, we can help minimize risks and reduce the financial, operational, or reputational "hit" they take when scenarios such as those above and others occur.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.