6 Sneaky Terms Cloud Services Bury In Their User Agreements

By Author: skyhigh networks
Total Articles: 54
Comment this article

When you sign up for cloud services or applications, do you read the terms and conditions before you accept them? If you are like most humans, you probably skim the T’s & C’s and quickly click “I agree” to move on.

Who’s really going to read all 36,275 words of PayPal’s terms and conditions, which happen to exceed the entire length of Shakespeare’s work “Hamlet” by an additional 6,000 words?

Most cloud services have good-intentioned terms and conditions meant to protect both the company and its users. However, some companies overreach by including clauses granting them ownership of your data or the ability to make private data public in order to drive ad revenue. Some companies even have a bit of fun knowing most people won’t read them.

A beautiful example of an ugly clause

So, knowing that most people won’t read 20 pages of legalese, we did a ton of research and came up six of the sneakiest terms and conditions from popular cloud services that you should know about.

One example is Prezi, a cloud-based presentation service where users can create and collaborate ...
... on presentations and make them available across devices. Did you know their terms of service include this clause?

“With respect to Private User Content, you hereby do and shall grant to Prezi (and its successors, assigns, and third party service providers) a worldwide, non-exclusive, perpetual, irrevocable, royalty-free, fully paid, sublicensable, and transferable license to use, reproduce, modify, create derivative works from, distribute, publicly display, publicly perform, and otherwise exploit the content solely for purposes of providing you with the Service”

Even if Prezi doesn’t routinely do this today, what if they used this clause to change the privacy of your data in the future? Consider a scenario in which a finance executive at a Fortune 500 company creates a confidential presentation with quarterly financial results in Prezi and then uses the service to present while on the road. What she doesn’t realize is that even though the presentation isn’t shared publicly, by uploading it to the site she grants Prezi a wide-reaching and irrevocable usage license for the presentation’s content. That could result in damaging loss of intellectual property and exposure of confidential, regulated financial information.

Check out our slideshow of some of the worst terms and conditions we discovered:

Terms & Conditions You Should Read Before Accepting from Skyhigh Networks Cloud Security Software
Sneaky terms can be serious business

Sneaky terms and conditions can expose companies to risk when employees don’t read and understand the terms before uploading confidential company information. There are multiple areas to look out for:

Jurisdictional location – If legal action must be taken, what jurisdiction will apply?
Data ownership – Some companies claim ownership of your data uploaded to their service and the right to republish it or resell it to third parties.
Data privacy – Services with an expectation of keeping data private should enumerate under what circumstances data can be made public.
Responsibility for data loss – What happens when important data is deleted, lost or stolen?
Data retention after account termination – The omission of this clause in the user agreement is reason to worry.
Keep in mind that terms and conditions can change at any time at the whim of the vendor. Once you understand the T’s & C’s of your preferred cloud services, you can stay up to date on periodic changes by using trackers like Docracy.

Fortunately someone’s paying attention

So, what do you need to do in order to avoid sneaky T’s and C’s and securely enable cloud for your business? We recommend leveraging third-party services, such as a CloudRegistry, to understand risks of these terms and conditions. The registry will:

Read all of the T’s and C’s for every service,
Produce an objective risk rating that incorporates a detailed legal risk assessment based on the T’s and C’s, and
Continually monitor the cloud services for any changes that may affect the risk to the business.
Taking this measure might prevent your coworkers from unwittingly agreeing to release their content, allowing their names and likenesses to be used in ads, or agreeing to cover the vendor’s legal fees if an issue arises.

Skyhigh Networks, the cloud access security company, enables companies to embrace Cloud Analytics Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com or follow us on Twitter @skyhighnetworks.