Cloud Computing Due Diligence

Here is a list of questions with sample answers to assist attorneys in meeting the duty of due diligence in choosing a Cloud Computing service.

No national standards have yet been set, but a number of state ethics boards have provided guidance. These questions are drawn from the Committee on Ethics and Practice Guidelines of the Iowa State Bar Association.
Ethics Opinion 11-01 Use of Software as a Service - Cloud Computing [PDF file]

Cloud Legal Ethics Q and A - Egnyte

The Egnyte HybridCloud stores your files online and synchronizes them to your computers and devices.

  1. Will I have unrestricted access to the stored data?
    Yes. You have direct, secure access to files from each computer and device logged into Egnyte.
  2. Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
    Yes. All of your files are synchronized continually to one or more hard drives in your office and optionally to laptops and local offsite location.
  3. Is the company that will be storing my data a solid company with a good operating record?
    Yes. Egnyte, Inc. has over one million users and recently received a major investment from Google Ventures. It is a Better Business Bureau accredited business with an A+ rating.
  4. Is their service recommended by others in the field?
    Yes. Egnyte has received excellent reviews in computer publications. For example, PC Magazine classed Egnyte as "Highly Rated."
  5. In what country and state are they located and do business?
    In Silicon Valley, directly adjacent to Google in Mountain View, California, USA.
  6. Does their end user’s licensing agreement (EULA) contain legal restrictions regarding their responsibility or liability, choice of law or forum, or limitation on damages?
    Yes. The Egnyte Terms of Service state that you are solely responsible "for your activities in using the Egnyte services including the activities of you employees, contractors and all parties that you allow to have access to Egnyte" and "for the contents, modification, management and/or deletion of any and all files and data used by you." They contain disclaimers of liability typical for software EULAs, such as disclaiming consequential damages, etc., except as permitted by state law and limiting liability to the amount received from you.
  7. Does their EULA grant them proprietary or user rights over my data?
    No. Egnyte has no rights to the data and files you store, other than typical rights to use your contact information to bill you and contact you regarding your account.
  8. What is the cost of the service and how is it paid?
    The cost is $24.99/mo. for 150GB and up to 5 users; $44.99/mo. for 1,000GB and up to 10 users; and additional pricing for add-on services and an Enterprise plan.
  9. What happens in the event of nonpayment?
    Egnyte will notify you and allow at least seven days of access to the Egnyte Cloud. Since your data ordinarily is synchronized to a normal folder on a PC hard drive, you are at no risk of losing your data.
  10. In the event of a financial default, will I lose access to the data?
    No, assuming you use the synchronization feature to keep copies on a local hard drive.
  11. Do the data become the property of the company or is the data destroyed?
    No. The data is deleted from the Egnyte servers within seven days if the agreement terminates.
  12. How do I terminate the relationship with the company?
    You notify the company. Contact information is posted on their Website.
  13. What type of notice does the EULA require?
    The EULA does not specify any particular type of notice.
  14. How do I retrieve my data?
    You already have your data synchronized on a PC hard drive, so you need take no action to retrieve it.
  15. Does the company retain copies?
    No. Data are deleted within seven days after termination.
  16. Are passwords required to access the program that contains my data?
    Yes, of course. You may set rules requiring reasonably strong or very strong passwords.
  17. Who has access to the passwords?
    Egnyte has the ability to reset passwords upon request through a standard password reset procedure requiring that you receive and respond to an Email sent to your account's Email address.
  18. Will the public have access to my data?
    No. All data is encrypted at rest on Egnyte's geo-redundant RAID servers.
  19. If I allow non-clients access to a portion of the data will they have access to other data that I want protected?
    No. Egnyte give you a highly secure method of granting and denying access rights on a user-by-user and folder-by-folder basis.
  20. Will I have the ability to encrypt certain data using higher level encryption tools of my choosing?
    All data is encrypted in transmission by 256bit encryption and encrypted at rest on the Egnyte servers by 448bit encryption. These levels far, far exceed the strength of encryption used by the banking system. You may additionally encrypt and decrypte your files with any technology of your choosing.