Using Your Personal Credit Card for Cloud Services? Beware the Risks!

Since cloud providers Amazon, Google, and Microsoft have been providing services, eager development teams have been ready to use said services — which can provide freedom from (what is perceived as) stringent infrastructure services where their applications are typically housed. While the reasons (compliance, security, stability, etc.) behind infrastructure services being so stringent are justified, application teams don't always share the same concerns. In fact, some teams have been so eager that they opted to use a personal credit card (not tied to the corporation) just to keep the ball rolling once the free portion of the evaluation had ended.

In fact, I remember personally hearing a C-level executive tell me, "I will give you my personal credit card so there is no hold up to get things going." The hold up, so to speak, were delays in getting shared corporate services onboard with the idea or waiting for the proper procurement workflows or change control processes to be completed.

However, there are some key things to keep in mind when using your personal credit card for cloud services.

Licensing Terms of Use

From a licensing perspective, when you provide your personal credit card information, you own the cloud environment. Not your corporation, but you personally. As a result, any licensed products you plan to utilize must be licensed to you — personally. This not only applies to any OS-level licensing that may exist, but the application server, database, integration, connectivity, directory services, frameworks, etc.

In the event of an audit, be prepared to face the legal and financial ramifications to being out of compliance.

Liability for Theft

Since you own the cloud environment, you are responsible for all aspects of your published instances, including security. So, if your instance was compromised and the data was exposed unexpectedly, the liability falls completely on you, personally.

Breach of Contract

Along the same lines above, in taking this approach, you may be in violation of regulations noted in your employee agreement — most of the time, you'll find that attached within your employee manual. You know, the paper you signed a long time ago, talking about what you can and cannot do as an employee. You may be in violation of stealing sensitive company information by making it available in a cloud environment that you are paying for with your personal credit card.

Conclusion

Each of these items is likely to cause not only issues with your current level of employment, but also carries heavy financial implications to you on a personal level.

So, before you get too eager to wait and begin punching in your credit card numbers into the account payment screen for your next cloud service, make sure the risks are worth any time you might be saving yourself.

One example I heard is that the person was looking forward to the redemption points he was going to receive by using his card. Not sure getting a free flight down the road even qualifies as a decent example.

Have a really great day!