SlideShare ist ein Scribd-Unternehmen logo

The Complexities of Cloud Computing: The Rules are New, But is the Game

Janine Anthony Bowen, Esq.
Janine Anthony Bowen, Esq.

Cloud Computing has transformed the technology landscape. The question arises - what's really new here?

1 von 38
Downloaden Sie, um offline zu lesen
The Complexities of Cloud Computing: The Rules are New, But is the Game? Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 June 8, 2012
Seems like the inevitable… Source: http://geekandpoke.typepad.com; The Lighter Side of the Cloud by CloudTweaks – David Fletcher. Used under Creative Commons License 2
The Cloud…in all its Glory! 3
The Hype Then… • “As enterprises seek to consume their IT services in the most cost- effective way, interest is growing in drawing a broad range of services (for example, computational power, storage and business applications) from the "cloud," rather than from on-premises equipment. The levels of hype around cloud computing in the IT industry are deafening, with every vendor expounding its cloud strategy and variations, such as private cloud computing and hybrid approaches, compounding the hype.” • Gartner Press Release, Gartner’s 2009 Hype Cycle Special Report Evaluates Maturity of 1,650 Technologies, August 11, 2009 http://www.gartner.com/it/page.jsp?id=1124212 4
And Now… • According to Forbes… “Interest in Cloud Computing Has Peaked” • But Never Fear…its here to stay (for now anyway) http://www.forbes.com/sites/reuvencohen/2012/05/24/interest-in-cloud-computing-has-peaked/ 5
Agenda •Overview of Cloud Computing •Contractual Considerations •Due Diligence •Business Considerations •Take Aways 6
Cloud Computing Plain English Definition • From the User’s Perspective – Data processing and storage, application development, and software hosting over the Internet instead of on a personal computer or over a business’ network – Available on an ‘on demand’ basis – Location of information stored ‘in the Cloud’ is potentially unknown at any given point in time – Relatively inexpensive 7
National Institute of Standards & Technology’s Definition • Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. • http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 8
NIST Definition (cont) • Essential Characteristics • Deployment Models – On-demand self-service – Private Cloud – Broad network access – Community Cloud – Resource pooling – Public Cloud – Rapid elasticity – Hybrid Cloud – Measured Service 9
Three Service Models SaaS (Software as a Service) The consumer uses the provider’s applications running on a cloud infrastructure. (e.g. Google Apps) PaaS (Platform as a Service) The consumer has control over the deployed applications and possibly application hosting environment configurations. (e.g. Force.com) IaaS (Infrastructure as a Service) The consumer is able to deploy and run arbitrary software. (e.g. Amazon EC3) 10
Virtual Server 11
Multi-Tenancy Makes Public Cloud Computing Possible Single-Tenant Multi-Tenant (On-Premise or Hosted) Dedicated App Stack for Each Application One Single Stack for All Applications Slide used with permission from Salesforce.com - © 2012 Salesforce.com 12
Multi-Tenant ABC Company User ABC Company XYZ Company Purchasing Purchasing XYZ Company Application Application User Acme Atlas Acme Company Company Company User Inventory Inventory Application Application Internet Connection Top-Notch Top-Notch Small Biz Company User Company Company Logistics Payroll Application Application Small Biz Company User Hypervisor Atlas Company Operating System User Virtual Server with Tenants Multiple Tenants 13
Contractual Considerations 14
How’s cloud computing different? • Geography – Data in the cloud can be anywhere; multiple copies can be in multiple locations • In current state of play cloud providers assume as little liability as possible – bulk of contract risk resides with the user • Difficult for a user to know where liability rests, even if it were properly assigned (e.g. Global Payments data breach earlier this year) • The nature of the potential legal issue depends on where a user plugs into the cloud (issues with SaaS may be different than with IaaS) • Virtually complete loss of control by data owner (who holds it and where is it?) • Relatively inexpensive OPEX instead of CAPEX 15
Cloud Contracting: Comparing Cloud to What We Knew Before Cloud Traditional Co- Hosting ASP Computing Software location Licensing Location of unknown known known known known Service/Data Owner of provider/ company/ Company/ Provider/ Provider/ HW/SW provider company Company Company provider (license) (license) (license) Contract Virtually negotiated negotiated negotiated negotiated non- negotiable Contract Risk company shared shared shared shared Scalability yes maybe maybe maybe maybe 16
Understanding the Legal Risk Profile 17
Why not just rely on the contract? Who you are drives what you can expect • Cloud users should clearly understand what they are getting and getting into: – Generally speaking, only the largest implementations get negotiated contract terms (particularly wrt to SaaS) – Minimum negotiation flexibility likely in most cases – risk mitigation analysis should establish ‘business level’ comfort • Where negotiation is possible, risk mitigation should drive negotiation of key provisions – The best bang for the buck is internal process risk mitigation 18
Most Significant Issue with Cloud Computing: Privacy and Security • Gramm-Leach-Bliley Act • Federal Trade Commission (GLBA) Act (FTCA) • Health Insurance Portability • ID Theft Red Flags and Accountability Act • State Privacy Security Laws (HIPAA) (Breach Notification — 46 States • Health Information and Encryption (MA and NV), Technology for Economic and use of SSN’s, etc.) Clinical Health (HITECH) • Industry Standards (PCI) • Fair Credit Reporting • Litigation and enforcement cases Act/FACT Act 19
Case Study - Contract vs. What They Say •Privacy Policy •Terms of Use •Security FAQ •Pricing 20
Due Diligence 21
4 Immutable Laws of Cloud Security • “These are things that will always be, things that will never change, and it is a state of being.” – First is an understanding that if your data is hosted in the cloud, you no longer directly control its privacy and protection. – when your data is burst into the cloud, you no longer directly control where the data resides or is processed. – if your security controls are not contractually committed to, then you may not have any legal standing in terms of the control over your data or your assets. – if you don't extend your current security policies and controls in the cloud computing platform, you're more than likely going to be compromised – Tari Schreider, HP chief architect of HP Technology Consulting and IT Assurance Practice. “Security and the Cloud: The Great Reconciliation”, eCommerce Times, 14 May 2012 http://www.ecommercetimes.com/story/Security-and-the-Cloud-The-Great- Reconciliation-75094.html 22
Quick List of Potential Diligence Considerations Functionality of solution Pricing Uptime Response time Quality of service Data Security/Privacy Backup and disaster recovery Integration with existing systems Data access Customer service/support Insurance coverage Adapted from “Evaluating SaaS Solutions: A Checklist for Small and Mid-sized Enterprises” http://www.saugatech.com/thoughtleadership/TL_October2009_Eval_SAP.pdf 23
Some Areas of Concern •Service quality/SLAs/Availability •Disaster recovery •Provider competence •Provider Viability 24
Diligence Considerations: SLAs • Control-oriented – System availability – System response time – Fail-over for disaster recovery • Operations-oriented – Data retrieval – Data integrity – Transition assistance • Business-oriented – Error resolution time – Timeliness re: professional services around cloud solutions 25
Diligence Considerations: Backup & Disaster Recovery • How are backup systems architected? – Complete redundancy? Multiple redundancies? Duplicate systems? Real- time backup? • Where are backup systems located geographically? • Are third party backup systems utilized (partially/totally)? • How long would a catastrophic event at a data center affect system availability? • Concerns for physical assets based on geography (exactly where is that data center located?) • Ultimately, whose responsibility is it anyway? 26
Diligence Considerations: Competence Issues • Provider track record of success? • Views of commentators/bloggers • Is the pricing right for the breadth of offering? • Perceived level of sophistication of the vendor – Knowledge of industry vertical – Mastery of technology • If vendor is an early stage company, who is supporting it financially? (speaks to both competence and viability) • For SaaS in particular, are there integration partners? 27
Diligence Considerations: Viability of the Cloud Provider • Viability matters. Why? A cloud user makes an investment when choosing cloud provider. For example: – Integrating cloud services into business processes – Migrating data from its environment • Lack of industry standardization makes moving to a new cloud provider difficult • What happens to a cloud user’s data in the event of: – Bankruptcy – M&A – Escrow 28
Business Considerations 29
Benefits of Cloud Computing •Cost Avoidance/Deferral •Improved Organizational Agility •Focus on Core Business rather than IT 30
Cost Avoidance/Deferral – You Decide • Gartner says…IaaS isn’t less expensive, but it increases operational agility (1) • Computerworld says…Prepare for the real costs of cloud computing (2) – Moving and storing data, integrating apps from multiple vendors, testing software, rent & utilities • CIO says…CFOs and cloud computing have a love-hate relationship (3) – Variable pricing messes up cash flow projections – Capex vs. Opex • Booz Allen Hamilton says…savings range from 50% to 75% (4) • CloudU says…savings from 13% to 25% (5) 31
Cost Avoidance/Deferral – You Decide (cites) • (1) Lydia Leong, research VP at Gartner Group – http://www.formtek.com/blog/?p=2696, January 12th, 2012 • (2) “Preparing for the real costs of cloud computing” Computerworld http://www.computerworld.com/s/article/359383/The_Real_Costs_of_Cloud_Com puting • (3) “Why CFOS and Cloud Computing Have a Love-Hate Relationship” CIO Magazine – www.cio.com/article/print/702074 • (4) “The Economics of Cloud Computing” http://www.boozallen.com/media/file/Economics-of-Cloud-Computing.pdf • (5) “Cloudonomics: The Economics of Cloud Computing” http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics- The_Economics_of_Cloud_Computing.pdf
Improved Organizational Agility •Use of Public Clouds or Virtual Private Clouds give organizations the ability to scale up or down when necessary •IT expense can be matched to: – Seasonal or cyclical requirements – Organizational growth or decline •Mobile workforce/workplace solutions may improve organizational productivity •Cloud environments support experimentation and ability to fail with low penalty 33
Focus on Core Business •Organizations can focus on building the business they know •Organizations can leverage the best of breed in IT (and not try to be best of breed themselves) •Potentially better disaster recovery strategies utilizing cloud-based options 34
Insurance Considerations •Cyber Risk •Privacy •E&O •Data Asset Protection •CGL 35
Take Aways • Be thoughtful about which parts of your business are cloud-worthy. All business processes are not suitable. • Have a plan to deal with mistakes that will happen in the cloud (business, technology, legal). What level of risk can you tolerate? • Work with your key internal and external advisors to think through your cloud strategy. A cross- functional strategy is in order. 36
Q&A Contact Me •Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com www.visualcv.com/jdabowen www.linkedin.com/in/jdabowen •678-823-6611 •Twitter - @cloudlawyer •www.jack-law.com JACK Attorneys & Advisors: Technology/IP Law & the Business of Technology - Quite Simply, We Get It. 37
The Complexities of Cloud Computing: The Rules are New, But is the Game

Empfohlen

Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesWhitmeyerTuffin
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
The Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud ComputingThe Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud Computingjayroy
 
Cloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResCloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResDarren Szukalski
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 

Empfohlen

Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud Legal Project
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesExecutive Briefing: Strategic Issues Surrounding Cloud Services
Executive Briefing: Strategic Issues Surrounding Cloud ServicesWhitmeyerTuffin
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
The Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud ComputingThe Myths And Magic Of Cloud Computing
The Myths And Magic Of Cloud Computingjayroy
 
Cloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResCloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResDarren Szukalski
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksLions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWes Yanaga
 
The Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperThe Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperFaimin Khan
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingMahindra Satyam
 
Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015Tony Godfrey
 
2010 Cloud Computing
2010 Cloud Computing2010 Cloud Computing
2010 Cloud Computingck4eric
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Cloud risk management
Cloud risk managementCloud risk management
Cloud risk managementPrachyanun Nilsook
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCezar Taurion
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computingabbu03oct
 
Cloud provider transparency
Cloud provider transparencyCloud provider transparency
Cloud provider transparencyPrachyanun Nilsook
 
Cloud computing
Cloud computingCloud computing
Cloud computingTarvinder Singh
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Getting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicmGetting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicmDavid Linthicum
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030Chiou-Nan Chen
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud ComputingMatti Neustadt Storie
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and factsArun Ganesh
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Aimi Aizal Nasharuddin
 

Weitere ähnliche Inhalte

Was ist angesagt?

Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWes Yanaga
 
The Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperThe Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperFaimin Khan
 
Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
2010 Cloud Computing
2010 Cloud Computing2010 Cloud Computing
2010 Cloud Computingck4eric
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...ptaglephd
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCezar Taurion
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computingabbu03oct
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloudsallysogeti
 
Getting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicmGetting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicmDavid Linthicum
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computingvishnu varunan
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloudreshmaroberts
 

Was ist angesagt? (19)

Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App Fabric
 
The Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research PaperThe Nist definition of cloud computing cloud computing Research Paper
The Nist definition of cloud computing cloud computing Research Paper
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
htcia-5-2015
htcia-5-2015htcia-5-2015
htcia-5-2015
 
2010 Cloud Computing
2010 Cloud Computing2010 Cloud Computing
2010 Cloud Computing
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud Computing
 
Cloud risk management
Cloud risk managementCloud risk management
Cloud risk management
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendências
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing
 
Cloud provider transparency
Cloud provider transparencyCloud provider transparency
Cloud provider transparency
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
When where why cloud
When where why cloudWhen where why cloud
When where why cloud
 
Getting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicmGetting an open systems cloud strategy right the first time linthicm
Getting an open systems cloud strategy right the first time linthicm
 
Introduction to cloud computing
Introduction to cloud computingIntroduction to cloud computing
Introduction to cloud computing
 
When Where Why Cloud
When Where Why CloudWhen Where Why Cloud
When Where Why Cloud
 
Emc keynote 0945 1030
Emc keynote 0945 1030Emc keynote 0945 1030
Emc keynote 0945 1030
 

Ähnlich wie The Complexities of Cloud Computing: The Rules are New, But is the Game

Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and factsArun Ganesh
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudnooralmousa
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Phil Copperwheat
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing IntroductionCraig Dickson
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An OverviewKannan Subbiah
 
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...lisaabe
 
Cloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResCloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResDavid Chujor
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1charan7575
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
 
The Cloud: Background & Best Practices for Small Law Firms
The Cloud: Background & Best Practices for Small Law FirmsThe Cloud: Background & Best Practices for Small Law Firms
The Cloud: Background & Best Practices for Small Law FirmsNetwork 1 Consulting
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
cloudintroduction.ppt
cloudintroduction.pptcloudintroduction.ppt
cloudintroduction.pptAhmedRebai8
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overviewdaklug
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...IndicThreads
 

Ähnlich wie The Complexities of Cloud Computing: The Rules are New, But is the Game (20)

Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
Cloud Computing in Business and facts
Cloud Computing in Business and factsCloud Computing in Business and facts
Cloud Computing in Business and facts
 
Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013Lets Do the Cloud-CFO Summit 2013
Lets Do the Cloud-CFO Summit 2013
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Taiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloudTaiye Lambo - Auditing the cloud
Taiye Lambo - Auditing the cloud
 
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
Plenary_three_Cloud_computing_-_is_social_housing_ready_for_it_-_Phil_Copperw...
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud Computing Introduction
Cloud Computing IntroductionCloud Computing Introduction
Cloud Computing Introduction
 
lect15_cloud.ppt
lect15_cloud.pptlect15_cloud.ppt
lect15_cloud.ppt
 
Cloud computing – An Overview
Cloud computing – An OverviewCloud computing – An Overview
Cloud computing – An Overview
 
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
Cloud Computing presentation by Lisa Abe at the Canadian IT Lawyers Associat...
 
Cloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowResCloud_Network_Whitepaper_1123_LowRes
Cloud_Network_Whitepaper_1123_LowRes
 
An introduction to the cloud 11 v1
An introduction to the cloud 11 v1An introduction to the cloud 11 v1
An introduction to the cloud 11 v1
 
Iirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environmentIirdem a novel approach for enhancing security in multi cloud environment
Iirdem a novel approach for enhancing security in multi cloud environment
 
The Cloud: Background & Best Practices for Small Law Firms
The Cloud: Background & Best Practices for Small Law FirmsThe Cloud: Background & Best Practices for Small Law Firms
The Cloud: Background & Best Practices for Small Law Firms
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
cloudintroduction.ppt
cloudintroduction.pptcloudintroduction.ppt
cloudintroduction.ppt
 
Cloud computing overview
Cloud computing overviewCloud computing overview
Cloud computing overview
 
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...Cloud lockin and interoperability v2 indic threads cloud computing conferen...
Cloud lockin and interoperability v2 indic threads cloud computing conferen...
 

Mehr von Janine Anthony Bowen, Esq.

The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...Janine Anthony Bowen, Esq.
 
Employers and Social Media: You Love to Love It & Love to Hate It
Employers and Social Media: You Love to Love It & Love to Hate ItEmployers and Social Media: You Love to Love It & Love to Hate It
Employers and Social Media: You Love to Love It & Love to Hate ItJanine Anthony Bowen, Esq.
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingJanine Anthony Bowen, Esq.
 

Mehr von Janine Anthony Bowen, Esq. (7)

Cloud Computing Technology Overview 2012
Cloud Computing Technology Overview 2012Cloud Computing Technology Overview 2012
Cloud Computing Technology Overview 2012
 
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
The Business Case for Cloud: Critical Legal, Business, & Diligence Considerat...
 
Employers and Social Media: You Love to Love It & Love to Hate It
Employers and Social Media: You Love to Love It & Love to Hate ItEmployers and Social Media: You Love to Love It & Love to Hate It
Employers and Social Media: You Love to Love It & Love to Hate It
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 
Is There Sun Behind Those Clouds
Is There Sun Behind Those CloudsIs There Sun Behind Those Clouds
Is There Sun Behind Those Clouds
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
 
Cloud Computing - Public Sector Opportunity
Cloud Computing - Public Sector OpportunityCloud Computing - Public Sector Opportunity
Cloud Computing - Public Sector Opportunity
 

The Complexities of Cloud Computing: The Rules are New, But is the Game

  • 1. The Complexities of Cloud Computing: The Rules are New, But is the Game? Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 June 8, 2012
  • 2. Seems like the inevitable… Source: http://geekandpoke.typepad.com; The Lighter Side of the Cloud by CloudTweaks – David Fletcher. Used under Creative Commons License 2
  • 3. The Cloud…in all its Glory! 3
  • 4. The Hype Then… • “As enterprises seek to consume their IT services in the most cost- effective way, interest is growing in drawing a broad range of services (for example, computational power, storage and business applications) from the "cloud," rather than from on-premises equipment. The levels of hype around cloud computing in the IT industry are deafening, with every vendor expounding its cloud strategy and variations, such as private cloud computing and hybrid approaches, compounding the hype.” • Gartner Press Release, Gartner’s 2009 Hype Cycle Special Report Evaluates Maturity of 1,650 Technologies, August 11, 2009 http://www.gartner.com/it/page.jsp?id=1124212 4
  • 5. And Now… • According to Forbes… “Interest in Cloud Computing Has Peaked” • But Never Fear…its here to stay (for now anyway) http://www.forbes.com/sites/reuvencohen/2012/05/24/interest-in-cloud-computing-has-peaked/ 5
  • 6. Agenda •Overview of Cloud Computing •Contractual Considerations •Due Diligence •Business Considerations •Take Aways 6
  • 7. Cloud Computing Plain English Definition • From the User’s Perspective – Data processing and storage, application development, and software hosting over the Internet instead of on a personal computer or over a business’ network – Available on an ‘on demand’ basis – Location of information stored ‘in the Cloud’ is potentially unknown at any given point in time – Relatively inexpensive 7
  • 8. National Institute of Standards & Technology’s Definition • Cloud computing is a model for enabling ubiquitous, convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and is composed of five essential characteristics, three service models, and four deployment models. • http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 8
  • 9. NIST Definition (cont) • Essential Characteristics • Deployment Models – On-demand self-service – Private Cloud – Broad network access – Community Cloud – Resource pooling – Public Cloud – Rapid elasticity – Hybrid Cloud – Measured Service 9
  • 10. Three Service Models SaaS (Software as a Service) The consumer uses the provider’s applications running on a cloud infrastructure. (e.g. Google Apps) PaaS (Platform as a Service) The consumer has control over the deployed applications and possibly application hosting environment configurations. (e.g. Force.com) IaaS (Infrastructure as a Service) The consumer is able to deploy and run arbitrary software. (e.g. Amazon EC3) 10
  • 12. Multi-Tenancy Makes Public Cloud Computing Possible Single-Tenant Multi-Tenant (On-Premise or Hosted) Dedicated App Stack for Each Application One Single Stack for All Applications Slide used with permission from Salesforce.com - © 2012 Salesforce.com 12
  • 13. Multi-Tenant ABC Company User ABC Company XYZ Company Purchasing Purchasing XYZ Company Application Application User Acme Atlas Acme Company Company Company User Inventory Inventory Application Application Internet Connection Top-Notch Top-Notch Small Biz Company User Company Company Logistics Payroll Application Application Small Biz Company User Hypervisor Atlas Company Operating System User Virtual Server with Tenants Multiple Tenants 13
  • 15. How’s cloud computing different? • Geography – Data in the cloud can be anywhere; multiple copies can be in multiple locations • In current state of play cloud providers assume as little liability as possible – bulk of contract risk resides with the user • Difficult for a user to know where liability rests, even if it were properly assigned (e.g. Global Payments data breach earlier this year) • The nature of the potential legal issue depends on where a user plugs into the cloud (issues with SaaS may be different than with IaaS) • Virtually complete loss of control by data owner (who holds it and where is it?) • Relatively inexpensive OPEX instead of CAPEX 15
  • 16. Cloud Contracting: Comparing Cloud to What We Knew Before Cloud Traditional Co- Hosting ASP Computing Software location Licensing Location of unknown known known known known Service/Data Owner of provider/ company/ Company/ Provider/ Provider/ HW/SW provider company Company Company provider (license) (license) (license) Contract Virtually negotiated negotiated negotiated negotiated non- negotiable Contract Risk company shared shared shared shared Scalability yes maybe maybe maybe maybe 16
  • 17. Understanding the Legal Risk Profile 17
  • 18. Why not just rely on the contract? Who you are drives what you can expect • Cloud users should clearly understand what they are getting and getting into: – Generally speaking, only the largest implementations get negotiated contract terms (particularly wrt to SaaS) – Minimum negotiation flexibility likely in most cases – risk mitigation analysis should establish ‘business level’ comfort • Where negotiation is possible, risk mitigation should drive negotiation of key provisions – The best bang for the buck is internal process risk mitigation 18
  • 19. Most Significant Issue with Cloud Computing: Privacy and Security • Gramm-Leach-Bliley Act • Federal Trade Commission (GLBA) Act (FTCA) • Health Insurance Portability • ID Theft Red Flags and Accountability Act • State Privacy Security Laws (HIPAA) (Breach Notification — 46 States • Health Information and Encryption (MA and NV), Technology for Economic and use of SSN’s, etc.) Clinical Health (HITECH) • Industry Standards (PCI) • Fair Credit Reporting • Litigation and enforcement cases Act/FACT Act 19
  • 20. Case Study - Contract vs. What They Say •Privacy Policy •Terms of Use •Security FAQ •Pricing 20
  • 22. 4 Immutable Laws of Cloud Security • “These are things that will always be, things that will never change, and it is a state of being.” – First is an understanding that if your data is hosted in the cloud, you no longer directly control its privacy and protection. – when your data is burst into the cloud, you no longer directly control where the data resides or is processed. – if your security controls are not contractually committed to, then you may not have any legal standing in terms of the control over your data or your assets. – if you don't extend your current security policies and controls in the cloud computing platform, you're more than likely going to be compromised – Tari Schreider, HP chief architect of HP Technology Consulting and IT Assurance Practice. “Security and the Cloud: The Great Reconciliation”, eCommerce Times, 14 May 2012 http://www.ecommercetimes.com/story/Security-and-the-Cloud-The-Great- Reconciliation-75094.html 22
  • 23. Quick List of Potential Diligence Considerations Functionality of solution Pricing Uptime Response time Quality of service Data Security/Privacy Backup and disaster recovery Integration with existing systems Data access Customer service/support Insurance coverage Adapted from “Evaluating SaaS Solutions: A Checklist for Small and Mid-sized Enterprises” http://www.saugatech.com/thoughtleadership/TL_October2009_Eval_SAP.pdf 23
  • 24. Some Areas of Concern •Service quality/SLAs/Availability •Disaster recovery •Provider competence •Provider Viability 24
  • 25. Diligence Considerations: SLAs • Control-oriented – System availability – System response time – Fail-over for disaster recovery • Operations-oriented – Data retrieval – Data integrity – Transition assistance • Business-oriented – Error resolution time – Timeliness re: professional services around cloud solutions 25
  • 26. Diligence Considerations: Backup & Disaster Recovery • How are backup systems architected? – Complete redundancy? Multiple redundancies? Duplicate systems? Real- time backup? • Where are backup systems located geographically? • Are third party backup systems utilized (partially/totally)? • How long would a catastrophic event at a data center affect system availability? • Concerns for physical assets based on geography (exactly where is that data center located?) • Ultimately, whose responsibility is it anyway? 26
  • 27. Diligence Considerations: Competence Issues • Provider track record of success? • Views of commentators/bloggers • Is the pricing right for the breadth of offering? • Perceived level of sophistication of the vendor – Knowledge of industry vertical – Mastery of technology • If vendor is an early stage company, who is supporting it financially? (speaks to both competence and viability) • For SaaS in particular, are there integration partners? 27
  • 28. Diligence Considerations: Viability of the Cloud Provider • Viability matters. Why? A cloud user makes an investment when choosing cloud provider. For example: – Integrating cloud services into business processes – Migrating data from its environment • Lack of industry standardization makes moving to a new cloud provider difficult • What happens to a cloud user’s data in the event of: – Bankruptcy – M&A – Escrow 28
  • 30. Benefits of Cloud Computing •Cost Avoidance/Deferral •Improved Organizational Agility •Focus on Core Business rather than IT 30
  • 31. Cost Avoidance/Deferral – You Decide • Gartner says…IaaS isn’t less expensive, but it increases operational agility (1) • Computerworld says…Prepare for the real costs of cloud computing (2) – Moving and storing data, integrating apps from multiple vendors, testing software, rent & utilities • CIO says…CFOs and cloud computing have a love-hate relationship (3) – Variable pricing messes up cash flow projections – Capex vs. Opex • Booz Allen Hamilton says…savings range from 50% to 75% (4) • CloudU says…savings from 13% to 25% (5) 31
  • 32. Cost Avoidance/Deferral – You Decide (cites) • (1) Lydia Leong, research VP at Gartner Group – http://www.formtek.com/blog/?p=2696, January 12th, 2012 • (2) “Preparing for the real costs of cloud computing” Computerworld http://www.computerworld.com/s/article/359383/The_Real_Costs_of_Cloud_Com puting • (3) “Why CFOS and Cloud Computing Have a Love-Hate Relationship” CIO Magazine – www.cio.com/article/print/702074 • (4) “The Economics of Cloud Computing” http://www.boozallen.com/media/file/Economics-of-Cloud-Computing.pdf • (5) “Cloudonomics: The Economics of Cloud Computing” http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics- The_Economics_of_Cloud_Computing.pdf
  • 33. Improved Organizational Agility •Use of Public Clouds or Virtual Private Clouds give organizations the ability to scale up or down when necessary •IT expense can be matched to: – Seasonal or cyclical requirements – Organizational growth or decline •Mobile workforce/workplace solutions may improve organizational productivity •Cloud environments support experimentation and ability to fail with low penalty 33
  • 34. Focus on Core Business •Organizations can focus on building the business they know •Organizations can leverage the best of breed in IT (and not try to be best of breed themselves) •Potentially better disaster recovery strategies utilizing cloud-based options 34
  • 35. Insurance Considerations •Cyber Risk •Privacy •E&O •Data Asset Protection •CGL 35
  • 36. Take Aways • Be thoughtful about which parts of your business are cloud-worthy. All business processes are not suitable. • Have a plan to deal with mistakes that will happen in the cloud (business, technology, legal). What level of risk can you tolerate? • Work with your key internal and external advisors to think through your cloud strategy. A cross- functional strategy is in order. 36
  • 37. Q&A Contact Me •Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com www.visualcv.com/jdabowen www.linkedin.com/in/jdabowen •678-823-6611 •Twitter - @cloudlawyer •www.jack-law.com JACK Attorneys & Advisors: Technology/IP Law & the Business of Technology - Quite Simply, We Get It. 37