Protecting Intellectual Property In Cloud Storage

01.06.2013

Handing data over to a third-party, especially critical and sensitive data, is always risky. Cloud storage creates unique concerns regarding the intellectual property stored there.

Budget limitations, combined with exponential data volumes are encouraging many organizations to seek more cost effective storage options. Cloud storage has various advantages over traditional in-house data storage, such as being agile, fast and apparently safe replica storage for quick retrieval of the data when desired. The ability to upload and extract the uploaded data from different locations and the ability to easily merge various sources of information, makes cloud storage a logical storage facility for backup and archival data . The relatively low fees charged by the cloud storage facilities provides a great incentive to use their facilities rather than purchasing expensive additional in-house storage devices.

Nevertheless, commercial cloud storage does not always make a suitable storage solution for confidential information, especially proprietary R&D data. Recently, cloud service customers were shocked to learn that their data was available for viewing by others, thereby jeopardizing their trade secrets and intellectual property that had not yet been protected by the filing of a patent application thereon, and which now may be barred from patent registration as a result of the public availability of the data.

Several factors should be considered before storing proprietary R&D data in commercial cloud platform providers:

  • Public disclosure: Unintended public disclosure of confidential information stored in commercial cloud storage facilities became more prevalent. Such disclosure may result in the loss of current and future intellectual property rights.
  • Privacy – cloud service users should not assume that uploaded proprietary R&D data that includes sensitive information is stored in a secure environment that meets their proclaimed privacy policy. If the cloud service user specified that data be used for one purpose, that assurance should be upheld by the cloud provider.
  • Secondary use of data – most cloud providers have full access to their clients’ data. Full access may sometimes result in the data being mined by the cloud provider or others. Some cloud storage service providers also claim usage rights on any uploaded data, such as pictures and presentations, which may result in public disclosure of the data.
  • Jurisdiction- In case of breach of confidentiality, users should ensure that any services deployed to the cloud are used according to laws and regulations that pertain in their location. So as to ensure specific laws and regulations are followed, the primary location of the data and any backup locations should be known.

Tips to avoid unintended public disclosure of confidential information:

1. Consider the nature of the information when saving data onto a cloud platform. For example, confidential information of research participants that may result in breach of privacy. As the physical location of the servers is unknown in many cases, caution is required if any of the information stored is subject to any restrictions. Such restrictions may be on publication (prior approval or prior review), or imposed by non-disclosure agreements.

2. Contract: Cloud service users should check their contract with the cloud provider before agreeing to the terms. The contract should contain a clause that states the cloud service user exclusively owns his own data and therefore will still have the ability to access the data and transfer it should the cloud provider go bankrupt or the contract terminated. The user should be able to include such a provision in the contract and not accept boiler plate provisions of the cloud service provider, if this aspect is critical.

3. Security measures: The cloud service users should ensure the cloud provider has adequate security measures, including primary and backup locations. The cloud provide controls and procedures should also comply with the local laws of the region where the server is located.. Make sure the provider is in compliance with international standards, such as SSAE16 and SOC2, that determine the security, availability, process integrity, privacy, and confidentially of a data server.

4. Back-ups: Cloud service users should not only rely on the cloud provider back-ups and ensure regular data backups of their own. Such back-ups are extremely important in case the cloud provider goes out of business, or the datacenter become inoperable.

5. Secure the data: The user could consider adding another layer of security by encrypting the data residing in the cloud.

 

News & publications:
More Newsletters: