Your SlideShare is downloading. ×
  • Like
  • Save

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Cloud Computing - a legal view from Bird & Bird

  • 1,328 views
Published

 

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,328
On SlideShare
0
From Embeds
0
Number of Embeds
4

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Cloud Computing Barry Jennings 12th March 2013
  • 2. Overview● Striking the right balance – negotiating cloud contracts● Taking a positive approach to data protection in the cloud● Keeping the rights to your data & IP – licensing issues● Staying flexible – the commercial/contractual lock-in issues to avoid● Concluding thoughts
  • 3. Striking the right balance – reviewing cloudcontracts© Bird & Bird LLP 2010
  • 4. Key Legal and Commercial Issues ● Commercial and legal risk analysis – contract and service issues ● Incorporation within or replacement of outsourcing arrangements ● TUPE transfers – is there a continuing activity? ● Jurisdiction & governing law issues ● Content & IP issues – what licences are required? ● Regulatory compliance – data protection, interception & communications regulations, financial services regulations © Bird & Bird LLP 2010
  • 5. Risk Allocation under Contract ● Cloud computing agreements represent an arbitrage of risk, cost and control. ● Change one aspect and the other aspects – usually cost – will need to change in response. ● With most public cloud services, this balance is determined by suppliers as part of their service development and market positioning. ● The process of seeking to negotiate drives up costs so customers and suppliers should be conscious of when this is sensible and when it isn’t. ● Contract review becomes part of the service evaluation rather than a matter for negotiation and it needs to be fed in to the procurement process at an early stage.© Bird & Bird LLP 2010
  • 6. Reviewing Cloud Services Agreements Implementation Service Exit / Transition •Configuration •Availability and •Notice assistance (£) performance provisions and •Acceptance service levels (£) termination Process •Service credits rights •Migration from (£) •Data portability legacy systems •Scaling – •Configuration •Integration with storage, users information other systems (£) •Transition (£) •Support (£) support (£) •Training (£) •Back-up and •Escrow (£) •Migration in - data recovery (£) •Migration out - Data Protection •Data Protection Data Protection Compliance & Security Compliance •Audit rights (£) – service element that may attract additional charges – vary between vendors© Bird & Bird LLP 2010
  • 7. Taking a positive approach to dataprotection in the cloud© Bird & Bird LLP 2010
  • 8. Data Protection, IT Security & Cybercrime● Information assurance is critical in cloud computing and yet the regulatory and standards framework is still catching up with the technology.● Risk-based assessments are again key in this area – see ICO Guidance.● The regulatory regimes are still jurisdictional in nature – making transitions to the cloud incredibly complex.© Bird & Bird LLP 2010
  • 9. Technical Concerns ● Multi-tenancy in cloud environments is enabled by virtualisation. ● There are questions over the security of virtual versus physical segregation. ● Deployment via the cloud means data escapes the corporate firewall. ● Encryption of data passing across the internet is crucial. ● Data migration (in and out) is a difficult undertaking even where open formats are agreed© Bird & Bird LLP 2010
  • 10. Location, Location, Location ● Ability to move data gives vendors flexibility and scalability.● Cloud vendors may wish to move data to maintain physical hardware.● Data protection regulation tends to emphasise location of data and consider data transfer to be processing requiring consent.● Where IT systems are globalised is systemic security and information governance more important than location?● Jurisdiction may have rules that enforce authority access to data or court systems that make it more difficult to enforce judgments to release data.© Bird & Bird LLP 2010
  • 11. Flexibility and Mobility ● Cloud computing enables access outside of the office and on mobile devices. ● This has led to BYOD – where employees want access to corporate systems from their own computers, tablets and smart phones. ● There are questions over the security of some of these devices, particularly where shared with partners and children – increase in two factor authentication. ● Deployment of data and applications outside of the corporate firewall can be more expensive and harder to control. ● However, if enterprises impose too much control, most employees can easily find alternative ways of circumventing controls (e.g. sending documents to personal email).© Bird & Bird LLP 2010
  • 12. People Issues ● Fairly well-recognised that most serious data security breaches result from inadvertent or deliberate acts of employees or contractors. ● Certain cloud deployments (e.g. thin client virtual desktops) increase security by centralising control. ● Disgruntled employees are a key risk area. ● Password management, locking computers when not in use, physical security are governance rather than technical issues.© Bird & Bird LLP 2010
  • 13. Staying flexible – the commercial/contractual lock-in issues to avoid© Bird & Bird LLP 2010
  • 14. Lock-in Issues ● Are minimum terms acceptable? Purist v commercial view. ● Technical barriers to data extracts. ● High charges for data extracts. ● Lack of standards. ● Termination for convenience charges. ● User resistance to change.
  • 15. Concluding thoughts© Bird & Bird LLP 2010
  • 16. Cloud contracts will reflect the fact thatcloud services are multi-tenancy – thecustomer has to accept more risk andless control (not negotiable in manycases)© Bird & Bird LLP 2010
  • 17. Many of the benefits of cloud computing come from the way the services are used – proper risk appraisal and strong demand© Bird & Bird LLP 2010 management
  • 18. Cloud services are like cars – lots of different types that you can configure but building one especially for you could be very expensive (or dangerous)© Bird & Bird LLP 2010
  • 19. Thank youBird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated businesses. www.twobirds.com