SlideShare ist ein Scribd-Unternehmen logo

IS4233 Final Presentation

Als PPTX, PDF herunterladen
J M
J M

We share our findings about legal issues regarding the Service Level Agreements (SLA) of IaaS vendors and how they affect customers. We also propose some solutions to the issues outlined in our study.

TechnologieBusiness
1 von 32
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors Clement Low Jun Xian Loh Soon Bock Kang Jie Min Tan Tze Jun
Introduction IaaS Cloud What is IaaS? 3rd Party Virtualization of Physical Hardware • Reduced Cost of Ownership • Elimination of Hardware Procurement Cloud Customer IaaS Vendor SLA Physical Assets << bound by >> Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 2
Considerations & Concerns about IaaS Geographi c Location Legal Aspects of Contractu al Obligation s all these How can Customer Data be addressed? • Confidentialit y • Integrity • Availability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 3
Presentation Agenda 1. IaaS Service Level Agreements (SLAs) 2. Relevance of IaaS SLA in Legal Context 3. Categories of Legal Issues in IaaS SLA 4. Categorical Elaboration of Legal Issues 5. Court Case Analysis 6. Vendor SLAs: Legal Issues & Solutions 7. Solutions to Unaddressed Legal Issues 8. Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 4
IaaS Service Level Agreements (SLAs) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 5
IaaS Service Level Agreements (SLAs) Binding negotiated document States the minimum level of service to be provided Entitlement to damages Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors www.themegallery.com 6 Company Logo
Relevance of IaaS SLA in Legal Context Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 7
Relevance of IaaS SLA in Legal Context • Legal dispute related to IaaS in the USA • Unavailable hours in ALL IaaS cloud service providers TRIPLED in 2012 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 8
Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 9
Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 10
Categorical Elaboration of Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 11
Categorical Elaboration of Legal Issues Availability • Monitoring of Service Uptime • Service Uptime Percentage Ambiguity • Vendor’s Reluctance to Fix Problems • Delays in Server Maintenance • Availability Calculation Based on Contiguous Blocks of Downtime Periods Reliability • Security Mechanism Put in Place & Mean Time for Recovery (MTR) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 12
Categorical Elaboration of Legal Issues General Liability • Exclusion of Direct Liability • Personnel with Access to Customer Data & Security Of Hardware Containing Customer Data • Secure Erasure of Data from Decommissioned Resource Unit • Availability of Redundant Systems for Storing Customer Data • Involvement of Customer(s) in Investigating Breaches • Location Of Customer Data • Chained Liability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 13
Categorical Elaboration of Legal Issues Expressed Warranties • Reserving the right to Change Agreement Term • Vendor Service Credits as the Sole Remedy for any Contractual Breaches Implied Warranties • Granting of Compensation through Claim Submission • Time Zone for Time-Sensitive or Dependent Terms • Resolution of Software Bugs & Defects • Customer-Defined Security Policies • Notification of Services and Infrastructure Events or Breaches Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 14
Court Case Analysis Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 15
Court Case Analysis (Background) • Gimme The Best, L.L.C (Plaintiff) vs. Sungard Vericenter, INC. (Defendant) • Breach of contract due to numerous breakdown of Defendant systems in 3 separate occasions • Slow Performance • Data Loss • Hardware malfunctions • Worst breach happened in Dec 2006 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 16
Court Case Analysis (Legal Issues) • Material Misrepresentation • Breach of agreement term • Does the 3 breaches constitutes as a single breach or multiple breaches of contract? • Defendant’s Limited Liabilities • Plaintiff’s Remedies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 17
Vendor SLAs: Legal Issues & Solutions Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 18
Vendor SLAs: Legal Issues & Solutions Legal Issue: Monitoring of Percentage Uptime • Amazon and VMware • Measured based on IaaS vendor infrastructure • Uptime vs Availability • Excuse for them to escape liability Solution 1. External audit by certified company 2. Provision of common monitoring tools to customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 19
Vendor SLAs: Legal Issues & Solutions Legal Issue: Exclusion of Direct Liability • Amazon Specific Terms • Failures that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control) • Failures that result from failures of individual instances or volumes not attributable to Region Unavailability. • HP Cloud Compute Specific Terms • Reserve the rights to withhold credit if it cannot verify the downtime or customer cannot show that they were adversely affected in any way as a result of the downtime • Require to contact HP and make a report within 30 days of the end of the month in which availability was not met Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 20
Vendor SLAs: Legal Issues & Solutions … continued … Solution • Difficult to negotiate the SLA terms in the capacity of an individual • Corporate Customers have to negotiate if they feel that exclusions are unreasonable. • IaaS vendor have to weigh their exclusion against Customer’s interest to entice more customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 21
Vendor SLAs: Legal Issues & Solutions Legal Issue: Unilateral change of agreement terms by the IaaS Vendor • Amazon and VMware • Terms in the SLA are subjected to changes in accordance to agreements Solution • Provide clear and sufficient notice to customers • Continue to honour existing contract terms • Provide a chance for customers to repudiate contract • Change warranties (not conditions) and provide compensations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 22
Solutions to Unaddressed Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 23
Solutions to Unaddressed Legal Issues Issue: Vendor’s Reluctance to Fix Problem • Incapable of supporting request which cause downtime • Expensive to rectify • Prefer to pay service credit than to rectify the problem Solution • Treated as a breach of condition • Right to terminate contract • Legal action Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 24
Solutions to Unaddressed Legal Issues Issue: Missing SLA Clause for Service Performance • Critical to customers that process time-sensitive requests. • Monitoring Performance-related metrics • Burden of proof Solution • States the hardware specification clearly and concisely • Includes Performance-related metrics to measure the performance level • Includes the monitoring methods Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 25
Solutions to Unaddressed Legal Issues Issue: Customer-defined Security Policies • Critical to customers to implement their security policies • May clash with the vendor’s security policies Solution • The IaaS vendor can offer tiers of services that has various security profiles • Allow the customer to select their most suited security profile • The IaaS vendor’s policies will not interfere with customer’s security policies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 26
Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 27
Solutions to Unaddressed Legal Issues Issue: Notification of Events/Breaches Related to Services & Infrastructure • Customers should receive notifications of breaches or events even if it is unconfirmed • Allow customers to preempt for any possible impacts or damage Solution • Categorize different type of events that may occur • Allow customers to opt-in for notifications in addition to confirmed breaches or events • IaaS vendor can exclude any claims from customers arising from false notifications Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 28
Conclusion Let’s Re-Cap We Defined IaaS SLA • What it is • Service Level Quality • Why it is gaining traction • Warranties Legal Issues • Liabilities Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 29
Conclusion We found that… Few, if not NONE, offer performancebased SLAs Induce the inherent legal issues in SLAs by setting terms that are skewed to their interests IaaS Vendors Have a reactive approach towards SLA violations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 30
Conclusion Our perspectives… The solutions we proposed work in the interests of IaaS customers and simultaneously assist vendors in resolving their legal dilemmas. We believe that IaaS SLAs can be legally favorable to both customers and vendors alike. Well crafted SLAs help to foster customer-vendor trust & confidence in the IaaS cloud services industry. Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 31
Thank you for your attention! Any questions? Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 32

Empfohlen

IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemIT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemMeyers Nave
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Tapas Shome
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions MetricStream Inc
 
Commercial Insurance Underwriting Business Process As Is Current State Diagra...
Commercial Insurance Underwriting Business Process As Is Current State Diagra...Commercial Insurance Underwriting Business Process As Is Current State Diagra...
Commercial Insurance Underwriting Business Process As Is Current State Diagra...Theresa Leopold
 

Empfohlen

IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemIT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemMeyers Nave
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Managed services rla 2011 a (1)
Managed services rla 2011 a (1)Tapas Shome
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions NAIC MAR Compliance Solutions
NAIC MAR Compliance Solutions MetricStream Inc
 
Commercial Insurance Underwriting Business Process As Is Current State Diagra...
Commercial Insurance Underwriting Business Process As Is Current State Diagra...Commercial Insurance Underwriting Business Process As Is Current State Diagra...
Commercial Insurance Underwriting Business Process As Is Current State Diagra...Theresa Leopold
 
Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Kathryn Wetherell
Kathryn WetherellKathryn Wetherell
Kathryn WetherellArk Group Australia Pty Ltd
 
Newgen Insurance Spectrum
Newgen Insurance SpectrumNewgen Insurance Spectrum
Newgen Insurance SpectrumRahul Bhatia
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
Insurance Vertical Presentation
Insurance Vertical PresentationInsurance Vertical Presentation
Insurance Vertical PresentationMurty NSN
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 
Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotatedwdsnead
 
NCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing VendorsNCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing VendorsWhitmeyerTuffin
 
Oow2014 nk 2
Oow2014 nk 2Oow2014 nk 2
Oow2014 nk 2controllayers
 
Follow the Money_Subcontractor Payment Practices
Follow the Money_Subcontractor Payment PracticesFollow the Money_Subcontractor Payment Practices
Follow the Money_Subcontractor Payment PracticesCheri Hanes, CRIS, LEED AP BD+C
 
Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21ideatoipo
 
Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015Paul Petach
 
Tmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide packTmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide packEversheds Sutherland
 
Protecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2CoalitionProtecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2CoalitionResellerClub
 

Weitere ähnliche Inhalte

Was ist angesagt?

Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset ManagementIskandar Ahmat
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsChristopher Foot
 
Newgen Insurance Spectrum
Newgen Insurance SpectrumNewgen Insurance Spectrum
Newgen Insurance SpectrumRahul Bhatia
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECControlCase
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar finalControlCase
 
Insurance Vertical Presentation
Insurance Vertical PresentationInsurance Vertical Presentation
Insurance Vertical PresentationMurty NSN
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance MonitoringControlCase
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)ControlCase
 

Was ist angesagt? (11)

Benefits of Software Asset Management
Benefits of Software Asset ManagementBenefits of Software Asset Management
Benefits of Software Asset Management
 
Secrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance ProjectsSecrets for Successful Regulatory Compliance Projects
Secrets for Successful Regulatory Compliance Projects
 
Kathryn Wetherell
Kathryn WetherellKathryn Wetherell
Kathryn Wetherell
 
Newgen Insurance Spectrum
Newgen Insurance SpectrumNewgen Insurance Spectrum
Newgen Insurance Spectrum
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIECVendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIECVendor Management for PCI DSS, HIPAA, and FFIEC
Vendor Management for PCI DSS, HIPAA, and FFIEC
 
Docker container webinar final
Docker container webinar finalDocker container webinar final
Docker container webinar final
 
Insurance Vertical Presentation
Insurance Vertical PresentationInsurance Vertical Presentation
Insurance Vertical Presentation
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)PCI DSS Business as Usual (BAU)
PCI DSS Business as Usual (BAU)
 

Ähnlich wie IS4233 Final Presentation

Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxSachin Bhandari
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material ccAnkit Gupta
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotatedwdsnead
 
NCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing VendorsNCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing VendorsWhitmeyerTuffin
 
Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21ideatoipo
 
Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015Paul Petach
 
Tmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide packTmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide packEversheds Sutherland
 
Protecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2CoalitionProtecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2CoalitionResellerClub
 
Managed Service Provider Contracts
Managed Service Provider ContractsManaged Service Provider Contracts
Managed Service Provider ContractsWhitmeyerTuffin
 
ITSM concepts-part 2
ITSM concepts-part 2ITSM concepts-part 2
ITSM concepts-part 2Amir Yazdani
 
Government Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentGovernment Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentRaffa Learning Community
 
Presentation of BTS.pptx
Presentation of BTS.pptxPresentation of BTS.pptx
Presentation of BTS.pptxRakibRahman25
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesPeister
 

Ähnlich wie IS4233 Final Presentation (20)

Qualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
 
Week 3 lecture material cc
Week 3 lecture material ccWeek 3 lecture material cc
Week 3 lecture material cc
 
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
Public Cloud Service Agreements: What to Expect and What to Negotiate V2.0
 
10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated10 07-14 hosting con europe 2014 presentation unannotated
10 07-14 hosting con europe 2014 presentation unannotated
 
NCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing VendorsNCHICA - Contracts with Healthcare Cloud Computing Vendors
NCHICA - Contracts with Healthcare Cloud Computing Vendors
 
Oow2014 nk 2
Oow2014 nk 2Oow2014 nk 2
Oow2014 nk 2
 
Follow the Money_Subcontractor Payment Practices
Follow the Money_Subcontractor Payment PracticesFollow the Money_Subcontractor Payment Practices
Follow the Money_Subcontractor Payment Practices
 
Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21Outsourcing fundamentals 9 21
Outsourcing fundamentals 9 21
 
Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015Outsourcing Fundamentals 9 21 2015
Outsourcing Fundamentals 9 21 2015
 
Tmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide packTmt conference 2013 presentation slide pack
Tmt conference 2013 presentation slide pack
 
Protecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2CoalitionProtecting Your Business Globally - David Snead, i2Coalition
Protecting Your Business Globally - David Snead, i2Coalition
 
Managed Service Provider Contracts
Managed Service Provider ContractsManaged Service Provider Contracts
Managed Service Provider Contracts
 
ITSM concepts-part 2
ITSM concepts-part 2ITSM concepts-part 2
ITSM concepts-part 2
 
Government Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory EnvironmentGovernment Contracting & The DCAA Regulatory Environment
Government Contracting & The DCAA Regulatory Environment
 
4. cloud procurement
4. cloud procurement4. cloud procurement
4. cloud procurement
 
Presentation of BTS.pptx
Presentation of BTS.pptxPresentation of BTS.pptx
Presentation of BTS.pptx
 
Government-Compliant Accounting: Really? What Does it Mean? How Do I Get There?
Government-Compliant Accounting: Really? What Does it Mean? How Do I Get There?Government-Compliant Accounting: Really? What Does it Mean? How Do I Get There?
Government-Compliant Accounting: Really? What Does it Mean? How Do I Get There?
 
Forecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data ExchangeForecast 2014: SaaS Data Exchange
Forecast 2014: SaaS Data Exchange
 
Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology Services
 

Mehr von J M

Shodan
ShodanShodan
ShodanJ M
 
IS3242 Case Presentation
IS3242 Case PresentationIS3242 Case Presentation
IS3242 Case PresentationJ M
 
IS3102 Final Presentation [AY2013/2014 Sem 1]
IS3102 Final Presentation [AY2013/2014 Sem 1]IS3102 Final Presentation [AY2013/2014 Sem 1]
IS3102 Final Presentation [AY2013/2014 Sem 1]J M
 
IS4203 Case Presentation
IS4203 Case PresentationIS4203 Case Presentation
IS4203 Case PresentationJ M
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2J M
 
IS3101 Final Presentation
IS3101 Final PresentationIS3101 Final Presentation
IS3101 Final PresentationJ M
 
IS3220 Mid-Term Presentation
IS3220 Mid-Term PresentationIS3220 Mid-Term Presentation
IS3220 Mid-Term PresentationJ M
 
IS2101 Oral Presentation
IS2101 Oral PresentationIS2101 Oral Presentation
IS2101 Oral PresentationJ M
 
IS3220 Final Presentation
IS3220 Final PresentationIS3220 Final Presentation
IS3220 Final PresentationJ M
 
IS1105 Final Presentation
IS1105 Final PresentationIS1105 Final Presentation
IS1105 Final PresentationJ M
 

Mehr von J M (10)

Shodan
ShodanShodan
Shodan
 
IS3242 Case Presentation
IS3242 Case PresentationIS3242 Case Presentation
IS3242 Case Presentation
 
IS3102 Final Presentation [AY2013/2014 Sem 1]
IS3102 Final Presentation [AY2013/2014 Sem 1]IS3102 Final Presentation [AY2013/2014 Sem 1]
IS3102 Final Presentation [AY2013/2014 Sem 1]
 
IS4203 Case Presentation
IS4203 Case PresentationIS4203 Case Presentation
IS4203 Case Presentation
 
IS3101 Tutorial Task 2
IS3101 Tutorial Task 2IS3101 Tutorial Task 2
IS3101 Tutorial Task 2
 
IS3101 Final Presentation
IS3101 Final PresentationIS3101 Final Presentation
IS3101 Final Presentation
 
IS3220 Mid-Term Presentation
IS3220 Mid-Term PresentationIS3220 Mid-Term Presentation
IS3220 Mid-Term Presentation
 
IS2101 Oral Presentation
IS2101 Oral PresentationIS2101 Oral Presentation
IS2101 Oral Presentation
 
IS3220 Final Presentation
IS3220 Final PresentationIS3220 Final Presentation
IS3220 Final Presentation
 
IS1105 Final Presentation
IS1105 Final PresentationIS1105 Final Presentation
IS1105 Final Presentation
 

Kürzlich hochgeladen

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Kürzlich hochgeladen (20)

Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

IS4233 Final Presentation

  • 1. Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors Clement Low Jun Xian Loh Soon Bock Kang Jie Min Tan Tze Jun
  • 2. Introduction IaaS Cloud What is IaaS? 3rd Party Virtualization of Physical Hardware • Reduced Cost of Ownership • Elimination of Hardware Procurement Cloud Customer IaaS Vendor SLA Physical Assets << bound by >> Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 2
  • 3. Considerations & Concerns about IaaS Geographi c Location Legal Aspects of Contractu al Obligation s all these How can Customer Data be addressed? • Confidentialit y • Integrity • Availability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 3
  • 4. Presentation Agenda 1. IaaS Service Level Agreements (SLAs) 2. Relevance of IaaS SLA in Legal Context 3. Categories of Legal Issues in IaaS SLA 4. Categorical Elaboration of Legal Issues 5. Court Case Analysis 6. Vendor SLAs: Legal Issues & Solutions 7. Solutions to Unaddressed Legal Issues 8. Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 4
  • 5. IaaS Service Level Agreements (SLAs) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 5
  • 6. IaaS Service Level Agreements (SLAs) Binding negotiated document States the minimum level of service to be provided Entitlement to damages Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors www.themegallery.com 6 Company Logo
  • 7. Relevance of IaaS SLA in Legal Context Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 7
  • 8. Relevance of IaaS SLA in Legal Context • Legal dispute related to IaaS in the USA • Unavailable hours in ALL IaaS cloud service providers TRIPLED in 2012 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 8
  • 9. Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 9
  • 10. Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 10
  • 11. Categorical Elaboration of Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 11
  • 12. Categorical Elaboration of Legal Issues Availability • Monitoring of Service Uptime • Service Uptime Percentage Ambiguity • Vendor’s Reluctance to Fix Problems • Delays in Server Maintenance • Availability Calculation Based on Contiguous Blocks of Downtime Periods Reliability • Security Mechanism Put in Place & Mean Time for Recovery (MTR) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 12
  • 13. Categorical Elaboration of Legal Issues General Liability • Exclusion of Direct Liability • Personnel with Access to Customer Data & Security Of Hardware Containing Customer Data • Secure Erasure of Data from Decommissioned Resource Unit • Availability of Redundant Systems for Storing Customer Data • Involvement of Customer(s) in Investigating Breaches • Location Of Customer Data • Chained Liability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 13
  • 14. Categorical Elaboration of Legal Issues Expressed Warranties • Reserving the right to Change Agreement Term • Vendor Service Credits as the Sole Remedy for any Contractual Breaches Implied Warranties • Granting of Compensation through Claim Submission • Time Zone for Time-Sensitive or Dependent Terms • Resolution of Software Bugs & Defects • Customer-Defined Security Policies • Notification of Services and Infrastructure Events or Breaches Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 14
  • 15. Court Case Analysis Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 15
  • 16. Court Case Analysis (Background) • Gimme The Best, L.L.C (Plaintiff) vs. Sungard Vericenter, INC. (Defendant) • Breach of contract due to numerous breakdown of Defendant systems in 3 separate occasions • Slow Performance • Data Loss • Hardware malfunctions • Worst breach happened in Dec 2006 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 16
  • 17. Court Case Analysis (Legal Issues) • Material Misrepresentation • Breach of agreement term • Does the 3 breaches constitutes as a single breach or multiple breaches of contract? • Defendant’s Limited Liabilities • Plaintiff’s Remedies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 17
  • 18. Vendor SLAs: Legal Issues & Solutions Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 18
  • 19. Vendor SLAs: Legal Issues & Solutions Legal Issue: Monitoring of Percentage Uptime • Amazon and VMware • Measured based on IaaS vendor infrastructure • Uptime vs Availability • Excuse for them to escape liability Solution 1. External audit by certified company 2. Provision of common monitoring tools to customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 19
  • 20. Vendor SLAs: Legal Issues & Solutions Legal Issue: Exclusion of Direct Liability • Amazon Specific Terms • Failures that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control) • Failures that result from failures of individual instances or volumes not attributable to Region Unavailability. • HP Cloud Compute Specific Terms • Reserve the rights to withhold credit if it cannot verify the downtime or customer cannot show that they were adversely affected in any way as a result of the downtime • Require to contact HP and make a report within 30 days of the end of the month in which availability was not met Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 20
  • 21. Vendor SLAs: Legal Issues & Solutions … continued … Solution • Difficult to negotiate the SLA terms in the capacity of an individual • Corporate Customers have to negotiate if they feel that exclusions are unreasonable. • IaaS vendor have to weigh their exclusion against Customer’s interest to entice more customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 21
  • 22. Vendor SLAs: Legal Issues & Solutions Legal Issue: Unilateral change of agreement terms by the IaaS Vendor • Amazon and VMware • Terms in the SLA are subjected to changes in accordance to agreements Solution • Provide clear and sufficient notice to customers • Continue to honour existing contract terms • Provide a chance for customers to repudiate contract • Change warranties (not conditions) and provide compensations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 22
  • 23. Solutions to Unaddressed Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 23
  • 24. Solutions to Unaddressed Legal Issues Issue: Vendor’s Reluctance to Fix Problem • Incapable of supporting request which cause downtime • Expensive to rectify • Prefer to pay service credit than to rectify the problem Solution • Treated as a breach of condition • Right to terminate contract • Legal action Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 24
  • 25. Solutions to Unaddressed Legal Issues Issue: Missing SLA Clause for Service Performance • Critical to customers that process time-sensitive requests. • Monitoring Performance-related metrics • Burden of proof Solution • States the hardware specification clearly and concisely • Includes Performance-related metrics to measure the performance level • Includes the monitoring methods Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 25
  • 26. Solutions to Unaddressed Legal Issues Issue: Customer-defined Security Policies • Critical to customers to implement their security policies • May clash with the vendor’s security policies Solution • The IaaS vendor can offer tiers of services that has various security profiles • Allow the customer to select their most suited security profile • The IaaS vendor’s policies will not interfere with customer’s security policies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 26
  • 27. Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 27
  • 28. Solutions to Unaddressed Legal Issues Issue: Notification of Events/Breaches Related to Services & Infrastructure • Customers should receive notifications of breaches or events even if it is unconfirmed • Allow customers to preempt for any possible impacts or damage Solution • Categorize different type of events that may occur • Allow customers to opt-in for notifications in addition to confirmed breaches or events • IaaS vendor can exclude any claims from customers arising from false notifications Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 28
  • 29. Conclusion Let’s Re-Cap We Defined IaaS SLA • What it is • Service Level Quality • Why it is gaining traction • Warranties Legal Issues • Liabilities Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 29
  • 30. Conclusion We found that… Few, if not NONE, offer performancebased SLAs Induce the inherent legal issues in SLAs by setting terms that are skewed to their interests IaaS Vendors Have a reactive approach towards SLA violations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 30
  • 31. Conclusion Our perspectives… The solutions we proposed work in the interests of IaaS customers and simultaneously assist vendors in resolving their legal dilemmas. We believe that IaaS SLAs can be legally favorable to both customers and vendors alike. Well crafted SLAs help to foster customer-vendor trust & confidence in the IaaS cloud services industry. Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 31
  • 32. Thank you for your attention! Any questions? Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 32

Hinweis der Redaktion

  1. ----- Meeting Notes (15/11/13 21:23) -----ded
  2. Thank you Clement. I will now touch on the Solutions to Unaddressed Legal IssuesFirstly, we have the vendor’s Reluctance to Fix ProblemsThis issue arises when the vendors are not willing to fix the problems that may causes downtime or unsatisfactory performance in their services. One of the possible reason is that the problem might be too expensive to rectify or the problem is too remote to justify the reason for fixing it.The vendors will then rather to pay service credits than fixing the problems since the costs outweighs the benefits.In order for the customers to prevent such issue to happen,They have to ensure that there is a condition clause in the SLA that the vendors must ensure that they will do their best in resolving any known issues that is publicly/commercially available. Otherwise, they have the rights to terminate the contracts and sue them for breach of contract. This will ensure that the vendors will try to resolve the issue that is within their capability
  3. Moving on, that is Missing SLA Clause for Service Performance.In most of the SLAs today including the above mentioned SLAs, there is no Performance clauses in the SLA. For time-sensitive requests, performance is critical to the customers to ensure that the response are timely and accurate.Average Response time and Network bandwidth are some of the Performance-related metrics. The questions now lies on how to monitor this metrics by the customers or vendors and who is required to prove the breach?To resolve such issueThe customers have to negotiate with the vendors to add in the performance clause in the SLA. If the customer expects to have certain hardware specification to be provided for the service, it is recommended to put in the SLA or other contract agreement.This is to prevent the same legal issue that happened in the fore mentioned legal case where the hardware provided are not in good working condition.It is best to quantify the performance level that is required for the service clearly and concisely using the specific metrics.Methods of performance measurement tools or software is best to be stated so that there will be no dispute when presenting the proofs.
  4. Following on, Customer-Defined Security PoliciesIt is imperative to have effective security policies and implementation nowadays to protect our information and processes. Likewise, customers will want to have their own security policies rather than the vendors to protect their instances.However, vendors security policies might not complement with the customers security policies.This may caused the customers not able to implement it and worst of all, it might have security loophole due to the incompatibility.To rectify such a problem,IaaS can offer different tiers of services that has various security profiles.At each service level, the customers can choose the most suited security profiles to their needs.Most importantly, the IaaS vendors security policies should not interfere with the customer’s security policies. It should be able to complement with each other and close as much security loopholes as possible.
  5. Lastly, Notification of Events/Breaches Related to Services &amp; InfrastructureIn an event of security breach, vendors can remain silent and try to resolve the issue in their own hands so as to protect their reputation since it is not stated in the SLA that the vendors must notify the customers about such incidentsCustomers data might have been compromised due to the breach and they are left not notified.It could be possible that the customers able to preempt any possible impacts or damage if they are notified early by the vendors even if it is unconfirmed.However, customers may want to just receive specific breaches so that they are not spammed by the notification for every minor breachesTo address this issueThe vendors can firstly classify the different type of event and breaches and allow customers to choose what type of breaches they wish to be notified.This will help the customers to able to get the notification timely and accurately. Thus, this will provide them ample time to put in more strict security measures to protect their information.To protect the IaaS vendor’s interest, they should exclude any claims from customers arising from false alarms as it is very likely to happen. This notification is sent for the benefits of the customers. It is their sole responsibility on how to act in regards to the notification.