Your SlideShare is downloading. ×
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Sookman law society_6_min_business_law
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Sookman law society_6_min_business_law

4,208

Published on

Current Issues in Negotiating IT Contracts – Challenges of Cloud Computing

Current Issues in Negotiating IT Contracts – Challenges of Cloud Computing

Published in: Technology, Business
1 Comment
0 Likes
Statistics
Notes
  • thank you for sharing this.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

No Downloads
Views
Total Views
4,208
On Slideshare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
0
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. McCarthy Tétrault Advance™Building Capabilities for GrowthThe Six‐Minute Business Lawyer 2013, The LawSociety of Upper Canada, June 6, 2013Current Issues in Negotiating ITContracts – Challenges of CloudComputingBarry B. SookmanDirect Line: (416) 601-7949E-Mail: bsookman@mccarthy.ca June 6, 2012McCarthy Tétrault LLP / mccarthy.ca / 12519801
  • 2. What is cloud computing?The US National Institute of Standards and Technology (NIST) Definitionof Cloud Computing, http://ow.ly/aRX1M/“Cloud computing is a model forenabling ubiquitous, convenient,on-demand network access to ashared pool of configurable computingresources (e.g., networks, servers,storage, applications, and services)that can be rapidly provisionedand released with minimalmanagement effort or serviceprovider interaction.”McCarthy Tétrault LLP / mccarthy.ca / 125198012
  • 3. Service ModelsNIST Cloud Computing Reference Architecture http://ow.ly/aRYoy¬ SaaS: The capability provided to the consumer is to use the provider‟s applicationsrunning on a cloud infrastructure.¬ PaaS: The capability provided to the consumer is to deploy onto the cloud infrastructureconsumer-created or acquired applications created using programming languages,libraries, services, and tools supported by the provider. The consumer does not manageor control the underlying cloud infrastructure including network, servers, operatingsystems, or storage, but has control over the deployed applications and possiblyconfiguration settings for theapplication-hosting environment.¬ IaaS: The capability provided to the consumer isto provision processing, storage, networks,and other fundamental computing resourceswhere the consumer is able to deploy and runarbitrary software, which can include operatingsystems and applications. The consumer doesnot manage or control the underlying cloudinfrastructure but has control over operatingsystems, storage, and deployed applications; andpossibly limited control of select networking components (e.g., host firewalls).ICS Solutions Azure Advantage http://ow.ly/aRVSBMcCarthy Tétrault LLP / mccarthy.ca / 125198013
  • 4. Deployment ModelsSam Johnston, http://ow.ly/aRWs2Private: cloud infrastructure operated solely for an organization.Community: cloud infrastructure shared by several organizations andsupports specific community with shared concerns.Public: cloud infrastructure madeavailable to general public or largeindustry group.Hybrid: cloud infrastructure comprisedof two or more clouds that remainunique entities but have data orapplication portability.Note: Public clouds are moreproblematic from complianceperspectives.McCarthy Tétrault LLP / mccarthy.ca / 125198014
  • 5. Cloud SuppliersCloud Technology Spectrum, Gravitant, 2012,http://blog.gravitant.com20120727cloud-technology-spectrumMcCarthy Tétrault LLP / mccarthy.ca / 125198015
  • 6. SaaS Ecosystem is ExpandingTop PaaS, SaaS and IaaS Cloud Companies by CloudTimes, Cloud Times, 2011,http://cloudtimes.org/2011/11/30/top-paas-saas-and-iaas-cloud-companies-by-cloudtimes/McCarthy Tétrault LLP / mccarthy.ca / 125198016
  • 7. SaaS Deployment is MainstreamThe Growing Importance of SaaS as an Application Deployment Model, Aberdeen Group, 2013,http://blogs.aberdeen.com/it-infrastructure/the-growing-importance-of-saas-as-an-application-deployment-model/McCarthy Tétrault LLP / mccarthy.ca / 125198017
  • 8. OSFI Feb 29, 2012: New technology-based outsourcing arrangements¬ “Information technology plays a very important role in the financial servicesbusiness and OSFI recognizes the opportunities and benefits that newtechnology-based services such as Cloud Computing can bring; however, FRFIsshould also recognize the unique features of such services and duly consider theassociated risks.¬ As such, and in light of the proliferation of new technology-based outsourcingservices, OSFI is reminding all FRFIs that the expectations contained in GuidelineB-10 remain current and continue to apply in respect of such services. Inparticular, FRFIs should consider their ability to meet the expectations containedin Guideline B-10 in respect of a material arrangement, with an emphasis on i)confidentiality, security and separation of property, ii) contingency planning, iii)location of records, iv) access and audit rights, v) subcontracting, and vi)monitoring the material outsourcing arrangements.¬ OSFI considers the management of outsourcing risks important to ensuring thatFRFIs continue to be managed prudently and OSFI will be monitoring this issueas part of its ongoing supervisory work.” (emphasis added)McCarthy Tétrault LLP / mccarthy.ca / 125198018
  • 9. PIPEDA¬ Organizations are accountable for personal information under theircontrol.¬ PIPEDA Sch., Principle 4.1.3 requires organizations to use contractualor other means to provide a “comparable level of protection” while theinformation is being processed.¬ OPC Guidelines “Comparable level of protection‟ means that the thirdparty processor must provide protection that can be compared to thelevel of protection the personal information would receive if it had notbeen transferred. It does not mean that the protection must be thesame across the board but it does mean that they should be generallyequivalent, p.4.McCarthy Tétrault LLP / mccarthy.ca / 125198019
  • 10. Can Data be Transferred Outside ofCanada for Cloud ComputingOPC, Report on the 2010 OPC’s Consultations on Online Tracking, Profiling andTargeting, and Cloud Computing¬ PIPEDA is largely modeled on the principles outlined in the OECD Guidelines,and is intended to balance an individuals right to privacy with the need of anorganization to collect, use or disclose that information for an appropriatepurpose. We have long stated that we believe that privacy does not hinderinnovation and economic progress. The organization-to-organization approachthat underscores PIPEDA supports transborder flows and data protection byholding organizations to account for their personal information protectionpractices. Information is accessible to authorities regardless of where it resides.As noted in our Guidelines, we do, however, maintain our view that acareful risk assessment needs to be undertaken prior to any arrangementthat involves the outsourcing of personal data to other organizations thatoperate globally, and that this assessment should consider the legalrequirements of the jurisdiction in which the third-party processor operates, aswell as some of the political, economic and social conditions, and any additionalrisk factors, in that jurisdiction.McCarthy Tétrault LLP / mccarthy.ca / 1251980110
  • 11. Potential ProblemsMajor areas of focus:¬ Privacy and data protection/location of data/cross border issues¬ Information security/data integrity issues¬ Compliance e.g. OSFI B-10, audit¬ Dependence on service provider in increasingly complexenvironments, e.g., serviceinterruptions, SLA/availability, controls, change management¬ Access to data/lock-in¬ One sided provider friendly T&Cs including limits of liability¬ Ownership and protection of IP and trade secrets¬ Electronic discovery obligationsMcCarthy Tétrault LLP / mccarthy.ca / 1251980111
  • 12. Contract for services¬ W Kwon Hon et al Negotiating Cloud Contracts – Looking at Clouds from Both Sides Now, QueenMary School of Law, http://ow.ly/aSGS0¬ “Despite any perception that providers standard terms are non-negotiable, cloud contracts can be,and have been, negotiated by customers such as financial institutions… This paper concludes thatthere are indeed signs of change.¬ Based on our research, users consider that providers‟ standard contract terms or offerings do notsufficiently accommodate customer needs in various respects. The top six types of terms mostnegotiated, according to our sources, were as follows, with the third and fourth issues rankingroughly equally in importance (depending on type of user/service):¬ 1. exclusion or limitation of liability and remedies, particularly regarding data integrity anddisaster recovery;¬ 2. service levels, including availability;¬ 3. security and privacy, particularly regulatory issues under the EU Data Protection Directive(„DPD‟);¬ 4. lock-in and exit, including term, termination rights and return of data on exit;¬ 5. providers ability to change service features unilaterally and¬ 6. intellectual property rights (IPRs).”¬ Contracts frequently permit service providers to unilaterally amend terms.McCarthy Tétrault LLP / mccarthy.ca / 1251980112
  • 13. QUESTIONS?McCarthy Tétrault LLP / mccarthy.ca / 1251980113
  • 14. VANCOUVERSuite 1300, 777 Dunsmuir StreetP.O. Box 10424, Pacific CentreVancouver BC V7Y 1K2Tel: 604-643-7100Fax: 604-643-7900Toll-Free: 1-877-244-7711CALGARYSuite 3300, 421 7th Avenue SWCalgary AB T2P 4K9Tel: 403-260-3500Fax: 403-260-3501Toll-Free: 1-877-244-7711TORONTOBox 48, Suite 5300Toronto Dominion Bank TowerToronto ON M5K 1E6Tel: 416-362-1812Fax: 416-868-0673Toll-Free: 1-877-244-7711MONTRÉALSuite 25001000 De La Gauchetière Street WestMontréal QC H3B 0A2Tel: 514-397-4100Fax: 514-875-6246Toll-Free: 1-877-244-7711QUÉBECLe Complexe St-Amable1150, rue de Claire-Fontaine, 7e étageQuébec QC G1R 5G4Tel: 418-521-3000Fax: 418-521-3099Toll-Free: 1-877-244-7711UNITED KINGDOM & EUROPE125 Old Broad Street, 26th FloorLondon EC2N 1ARUNITED KINGDOMTel: +44 (0)20 7489 5700Fax: +44 (0)20 7489 5777McCarthy Tétrault LLP / mccarthy.ca / 1251980114

×