This article appeared in Cybersecurity Law & Strategyan ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.

As data volumes continue to experience exponential growth, businesses of all sizes — even those that traditionally resisted the change — are embracing cloud models. From a business perspective, the transition to the cloud allows businesses to manage data, reduce costs, and take advantage of the efficiencies and analytics offered by third-party cloud providers. From a legal perspective, the cloud introduces a unique shared responsibility model that many businesses are only now coming to appreciate; specifically, although the cloud provider may house the data and provide functionality for access and data security controls, the legal obligations remain the responsibility of the business procuring these services. In fact, with the two most important controls — access and data — responsibility rests wholly with the business procuring the service.

Comparison to Traditional Models