In the News

Janet Stiven Writes Second in Series of Inside Counsel Articles on Cloud Technology

Latest Installment Outlines Compliance Standards Legal Counsel Should Look for When Evaluating and Choosing a Cloud Services Provider

November 15, 2013

Janet A. Stiven, a Chicago-based business attorney and Dykema Member who advises clients concerning the legal implications related to technology use in business operations and focuses on legal issues related to cloud computing, authored an article—“Technology: Navigating Compliance Standards in the Clouds”—that appeared in the November 8, 2013 online edition of Inside Counsel.

In the article—Stiven’s second in a continuing series that addresses the legal consequences of using cloud computing services—the author points out that cloud security differs from, and often is far more complex than, managing information security in a user-controlled environment. Not surprisingly, lack of security control transparency is a leading inhibitor to businesses and other organizations adopting cloud services.

Stiven observes that while there are a variety of standards used to evaluate cloud service providers (among them, SSAE 16, Service Organization Reports, ISO 270002 and the Cloud Security Alliance’s CAIQ),  there is no single set of standards that is consistently used to assess and/or audit cloud services providers (CSPs). Stiven provides guidance on navigating the confusing array of cloud standards and how cloud standards can be used to assess and manage some of the risks involved in the use of cloud services.

To read this article in its entirety, click here.