SlideShare a Scribd company logo

Cloud Computing Webinar: Legal & Regulatory Update for 2012

I
itandlaw

Cloud computing has revolutionized computing, providing organizations with the opportunity to outsource their computing capability to a third party provider of networks, servers, storage, applications or services located in multiple jurisdictions. This webinar explored the global legal and regulatory developments in cloud computing that have occurred during 2012

1 of 24
Download to read offline
Cloud Computing Webinar: Legal & Regulatory Update for 2012 15 November 2012 Michael Bennett Richard Graham Mark Schreiber Partner Partner Partner Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Chicago London Boston +1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585 mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.com © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
♦Introduction: The Cloud ♦Key Developments in 2012: Development 1: Development 2: Demystification The Evolving Customer of the Cloud Cloud Supplier Drivers Drivers Development 3: Regulatory Change ♦Cloud Mitigation Strategies 2
Introduction: Defining the Cloud © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Introduction: Why the Cloud? Approximate Technology Cost of Cost of Cloud Ratio Costs Enterprise Data Center for Data Center Enterprise Network $95 /Mpbs/ $13 / Mpbs / 7.1 Data Center month month with 1K Servers Storage $2.20 / GB / $0.40 / GB / 5.7 vs month month Cloud base Administration 140 servers / 1,000 servers / 7.1 100K Server Admin Admin Center http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/ 4
Introduction: Why the Cloud? ♦ “Switch” Data Center 2,200,000 square fee ♦ (http://www.makeuseof.com/tag/5-worlds-biggest-data-centers-stats-pics/) ♦ Average Cloud Data Center 11.5 X the size of a football field ♦ (http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/) ♦ Acquisitions of Terremark by Verizon for $1.4B ♦ Acquisition of Savvis for 2.5B by Century Link (Qwest) 5
Introduction: Cloud Definition Characteristics Service Models Deployment Models On-demand self- Software as a Private cloud service Service (SaaS) Broad network Platform as a Community cloud access Service (PaaS) Resource pooling Infrastructure as a Public cloud Service (IaaS) Rapid elasticity Cross Platform? Hybrid cloud ♦ http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 6
Introduction: The Problem with the Cloud © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Introduction: The Problem with the Cloud ♦ 1. Service Confusion Software Network Providers Providers Technology Information & Manufacturers Service Providers 8
Introduction: The Problem with the Cloud ♦ 2. Jurisdictional Confusion Contract Regulatory Cloud Data Customer Location? Location? US PATRIOT Breach Act Notification Cloud Data Provider Subject Location? Location? Intellectual Property Data Protection Rights 9
Introduction: The Problem with the Cloud ♦ 3. Security Confusion Phishing / Trojans / Botnets Denial of Accidental Service / Disclosure DDOS Security Cyber Attack / Flaw Terrorism Information Security: Accessibility Integrity Data Confidentiality Certification Damage or Authority Destruction Breach Fraud / Data Loss Theft / ID Theft Poor Data Protection Compliance 10
Introduction: The Problem with the Cloud 4. Expectations Confusion Software vs. Subscription Commodity Service Outsourcing vs. Commodity Leverage Assets Individualized Service Levels Provable Data Security / Privacy Virtualization Control 11
Key Developments in 2012 © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Development 1: Demystification of the Cloud Data & Security Demystifying Ownership & Control Cloud 1. New Privacy Risks? Computing 1. Extraterritorial? 2. More Data Sharing? 2. Local Retention? 3. More Security Risks? 3. Access & Audit? 4. More International? 4. Loss of Control? Political 1. Business Models 2. Employment Protection 3. Risk Allocation 13
Development 2: The Evolving Cloud ♦ Traditional Outsourcing –vs– Cloud Computing • Service Driven • Data Controllers / Data Processors Traditional Outsourcing • Standalone Bespoke Services • Agents • Pushed Service Levels • Static Location • Service Scope • Service Levels • Charges • Security Driven • IaaS / PaaS / SaaS • Standardized Environment Cloud • Shared Infrastructure Computing • Self-service • Pulled Service Levels • Dynamic Location 14
Development 2: The Evolving Cloud ♦ The Cloud Contract: The Need for Change The Cloud Contract Regulation & Differences Changers Legal Issues Large Consumer Negotiated Law Deals Access Government Enforceability Shared Industry Validity Commodity Landmark Deals Non-Compliant Structure Insurers Data Breach 15
Development 2: The Evolving Cloud ♦ Cloud Contracting: Non-Cloud versus Cloud IACCM Most Negotiated Cloud Most Negotiated 1. Limitation of Liability 1. Limitation of Liability 2. Indemnities 2. Indemnities 3. Charges 3. Data Integrity 4. Intellectual Property 4. Service/Service Levels 5. Payment 5. Regulatory Compliance 6. Liquidated Damages 6. Confidentiality/Access 7. Service/Service Levels 7. Security/Audit 8. Delivery/Acceptance 8. Lock-in/Exit/Term 9. Applicable Law 9. Service Change 10. Confidentiality/Access 10. Intellectual Property 16
Development 2: The Evolving Cloud ♦ Cloud Contracting: Negotiation Checklist 1. Structure 2. Service 3. Data 4. Regulation •Type (IaaS, •Services •Information •DP/Privacy PaaS, SaaS) Security •Service •Other •Subcontractor Levels •Access •Change •Service •Audit Credits •Breach •Business •Price Continuity/DR 5. IPR 6. Termination 7. Liability 8. Other •Ownership •Term •Warranties •Jurisdiction •Rights of Use •Termination •Indemnities •Change •Exit •Exclusions •Insurance •Portability •Limitations •Certification 17
Development 3: Regulatory Change ♦ HIPAA ♦ PIPEDA ♦ HITECH Act ♦ GLB ♦ FTC ♦ Subpoena/Rule 34 FRCP ♦ FACTA ♦ In re NTL Inc. Sec. Litig., 244 F.R.D. ♦ FCRA 179 (S.D.N.Y. 2007) ♦ Fair Debt Collection Practices ♦ State Regulations Act ♦ SOX ♦ ECPA ♦ FERPA ♦ SCA ♦ COPPA ♦ PCI ♦ ITAR/Export Compliance ♦ FFIEC ♦ Banking Requirements 18
Development 3: Regulatory Change ♦ Transparency EU Article 29 ♦ Control Data Protection ♦ Sharing Working Party ♦ Sub-Contracting Opinion 1 July 2012 ♦ Data Portability ♦ Outside of EEA EC Strategy for ♦ Interoperability "Unleashing the ♦ Data Portability potential of ♦ Reversibility cloud computing ♦ Certification in Europe" 27 ♦ 'Safe and Fair' Contract Terms September 2012 ♦ European cloud market ♦ What data to put into the cloud? UK ICO ♦ Performance monitoring Guidance on ♦ Written contract Cloud ♦ Security assessment Computing 27 ♦ Security measures September 2012 ♦ Using cloud services from outside the UK ♦ Multi-tenancy environment 19
Cloud Mitigation Strategies © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Cloud Mitigation Strategies ♦ Insurance ♦ Does Customer Understand Data? ♦ Robust Dispute Resolution ♦ Self Help ♦ Backup ♦ Migration Plan ♦ Privacy pre-Audit ♦ Data Map ♦ “Leverage” Awareness 21
Cloud Mitigation Strategies ♦ SAS70Type II; SSAE No. 16 Type 2, ISO 27001; TRUSTe; SysTrust; Verisign ♦ Safe Harbor / EU Data Protection Compliance ♦ Be Aware of Chat Boards/Internet Search/News ♦ Transparency of Procedures ♦ Multi/Single Jurisdiction of Data Centers? 22
Cloud Mitigation Strategies ♦ Multi-tenancy ♦ Escrow ♦ Data Map ♦ Audit of Customer Needs Upfront ♦ Contingency Planning ♦ Migration ♦ Return of Data ♦ Termination Services 23
Conclusion & Questions? Michael Bennett Richard Graham Mark Schreiber Partner Partner Partner Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Chicago London Boston +1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585 mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.com www.edwardswildman.com/mbennett www.edwardswildman.com/rgraham www.edwardswildman.com/mschreiber 24

Recommended

AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services
 
Cisco tec surya panditi - service provider
Cisco tec surya panditi - service providerCisco tec surya panditi - service provider
Cisco tec surya panditi - service provider
Cisco Public Relations
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
Cisco Public Relations
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
Cisco Public Relations
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco Public Relations
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
Agora Group
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendências
Cezar Taurion
 

Recommended

AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNetAWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
AWS Summit 2011: Cloud Compliance 101: No PhD required - SafeNet
Amazon Web Services
 
Cisco tec surya panditi - service provider
Cisco tec surya panditi - service providerCisco tec surya panditi - service provider
Cisco tec surya panditi - service provider
Cisco Public Relations
 
Cisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operationsCisco tec chris young - security intelligence operations
Cisco tec chris young - security intelligence operations
Cisco Public Relations
 
Cat6500 Praesentation
Cat6500 PraesentationCat6500 Praesentation
Cat6500 Praesentation
Sophan_Pheng
 
Cisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networkingCisco tec rob soderbery - core enterprise networking
Cisco tec rob soderbery - core enterprise networking
Cisco Public Relations
 
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaborationCisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco tec de beer, andersen, o'sullivan - video & collaboration
Cisco Public Relations
 
Juniper Provision - 13martie2012
Juniper Provision - 13martie2012Juniper Provision - 13martie2012
Juniper Provision - 13martie2012
Agora Group
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendências
Cezar Taurion
 
Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
itforum-roundtable
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
CloudPassage
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
The Lorenzi Group
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
KVH Co. Ltd.
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
Neha Dhawan
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
MetasoftSolutionsPvtLtd
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
Online Tech
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risks
Cloud Legal Project
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
Cloud Legal Project
 
Cloud email demystified
Cloud email demystifiedCloud email demystified
Cloud email demystified
PSD Solutions .....
 
Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012
Mahbubul Alam
 
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Cloud Briefing and Experiences for Cloud Slam 2011Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Collaboration
 
Identity systems
Identity systemsIdentity systems
Identity systems
Jim Fenton
 
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Dropbox
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-us
tewodros13
 
PAETEC SOLUTIONS
PAETEC SOLUTIONSPAETEC SOLUTIONS
PAETEC SOLUTIONS
pmyke01
 
Y3 Specialists L9 - Computing
Y3 Specialists L9 - ComputingY3 Specialists L9 - Computing
Y3 Specialists L9 - Computing
Miles Berry
 
Y1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitionerY1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitioner
Miles Berry
 
Music video sample ideas
Music video sample ideasMusic video sample ideas
Music video sample ideas
Joe Hayes
 
Croydon 121
Croydon 121Croydon 121
Croydon 121
Miles Berry
 

More Related Content

What's hot

HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
Online Tech
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
IntelAPAC
 
Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012
Mahbubul Alam
 
Identity systems
Identity systemsIdentity systems
Identity systems
Jim Fenton
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
HyTrust
 
PAETEC SOLUTIONS
PAETEC SOLUTIONSPAETEC SOLUTIONS
PAETEC SOLUTIONS
pmyke01
 

What's hot (18)

Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)Securing the Human (人を守るセキュリティ)
Securing the Human (人を守るセキュリティ)
 
PCI and the Cloud
PCI and the CloudPCI and the Cloud
PCI and the Cloud
 
Data Breach from the Inside Out
Data Breach from the Inside Out Data Breach from the Inside Out
Data Breach from the Inside Out
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Cloud securityperspectives cmg
Cloud securityperspectives cmgCloud securityperspectives cmg
Cloud securityperspectives cmg
 
Meta soft corporate profile
Meta soft corporate profileMeta soft corporate profile
Meta soft corporate profile
 
HIPAA Compliance in the Cloud
HIPAA Compliance in the CloudHIPAA Compliance in the Cloud
HIPAA Compliance in the Cloud
 
Cloud computing: opportunities and risks
Cloud computing: opportunities and risksCloud computing: opportunities and risks
Cloud computing: opportunities and risks
 
Intel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfeeIntel Cloud Summit: Greg Brown McAfee
Intel Cloud Summit: Greg Brown McAfee
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Cloud email demystified
Cloud email demystifiedCloud email demystified
Cloud email demystified
 
Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012Inter op nyc_mahbubul alam_october 2012
Inter op nyc_mahbubul alam_october 2012
 
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Cloud Briefing and Experiences for Cloud Slam 2011Cisco Cloud Briefing and Experiences for Cloud Slam 2011
Cisco Cloud Briefing and Experiences for Cloud Slam 2011
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
Webinar: eFolder Expert Series: Five Technologies from AppAssure to Boost You...
 
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
Virtualize More in 2012 with HyTrust-Boost Data Center Efficiency and Consoli...
 
B fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-usB fujitsu uk-and_ireland_cs.en-us
B fujitsu uk-and_ireland_cs.en-us
 
PAETEC SOLUTIONS
PAETEC SOLUTIONSPAETEC SOLUTIONS
PAETEC SOLUTIONS
 

Viewers also liked

Y3 Specialists L9 - Computing
Y3 Specialists L9 - ComputingY3 Specialists L9 - Computing
Y3 Specialists L9 - Computing
Miles Berry
 
Y1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitionerY1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitioner
Miles Berry
 
Music video sample ideas
Music video sample ideasMusic video sample ideas
Music video sample ideas
Joe Hayes
 

Viewers also liked (7)

Y3 Specialists L9 - Computing
Y3 Specialists L9 - ComputingY3 Specialists L9 - Computing
Y3 Specialists L9 - Computing
 
Y1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitionerY1 T&L video and the reflective practitioner
Y1 T&L video and the reflective practitioner
 
Music video sample ideas
Music video sample ideasMusic video sample ideas
Music video sample ideas
 
Croydon 121
Croydon 121Croydon 121
Croydon 121
 
Value-Inspired Testing - renovating Risk-Based Testing, & innovating with Eme...
Value-Inspired Testing - renovating Risk-Based Testing, & innovating with Eme...Value-Inspired Testing - renovating Risk-Based Testing, & innovating with Eme...
Value-Inspired Testing - renovating Risk-Based Testing, & innovating with Eme...
 
UDP Programme
UDP ProgrammeUDP Programme
UDP Programme
 
Commerce
CommerceCommerce
Commerce
 

Similar to Cloud Computing Webinar: Legal & Regulatory Update for 2012

Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
avelinakauffman
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
Trend Micro (EMEA) Limited
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
OpenStack Foundation
 
Avner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner algom igt cloud igtdld event
Avner algom igt cloud igtdld event
Avner Algom
 
Kevin jackson cloud service brokerage for datacenter service providers for we...
Kevin jackson cloud service brokerage for datacenter service providers for we...Kevin jackson cloud service brokerage for datacenter service providers for we...
Kevin jackson cloud service brokerage for datacenter service providers for we...
GovCloud Network
 

Similar to Cloud Computing Webinar: Legal & Regulatory Update for 2012 (20)

Cloudy Security
Cloudy SecurityCloudy Security
Cloudy Security
 
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...Becoming the safe choice for the cloud by addressing cloud fraud & security t...
Becoming the safe choice for the cloud by addressing cloud fraud & security t...
 
Cloud security and security architecture
Cloud security and security architectureCloud security and security architecture
Cloud security and security architecture
 
Financial Analyst Day 2013
Financial Analyst Day 2013Financial Analyst Day 2013
Financial Analyst Day 2013
 
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
Integrated Cloud Framework: Security, Governance, Compliance, Content Applica...
 
Cloud security
Cloud securityCloud security
Cloud security
 
Smart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC EraSmart, Data-Centric Security for the Post-PC Era
Smart, Data-Centric Security for the Post-PC Era
 
Integrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdfIntegrating network virtualization security in OpenStack Deployments.pdf
Integrating network virtualization security in OpenStack Deployments.pdf
 
CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN CLUSIR DU 12 JUIN
CLUSIR DU 12 JUIN
 
6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computing6 major cyber security risks to cloud computing
6 major cyber security risks to cloud computing
 
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performanceDeepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
Deepsecurity & VDI beveiliging, maximale beveiliging en optimale performance
 
Mobile Service Edge
Mobile Service EdgeMobile Service Edge
Mobile Service Edge
 
Adding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf codeAdding intelligence to your dcim solution rf code
Adding intelligence to your dcim solution rf code
 
Avner algom igt cloud igtdld event
Avner algom igt cloud igtdld eventAvner algom igt cloud igtdld event
Avner algom igt cloud igtdld event
 
EMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMCEMC's IT's Cloud Transformation, Thomas Becker, EMC
EMC's IT's Cloud Transformation, Thomas Becker, EMC
 
Cloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. RealityCloud Security: Perception Vs. Reality
Cloud Security: Perception Vs. Reality
 
2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary2012 global cloud_security_survey_executive_summary
2012 global cloud_security_survey_executive_summary
 
eFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_PubliceFolder AppAssure Cloud Briefing_Public
eFolder AppAssure Cloud Briefing_Public
 
Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]Are you ready for the private cloud? [WHITEPAPER]
Are you ready for the private cloud? [WHITEPAPER]
 
Kevin jackson cloud service brokerage for datacenter service providers for we...
Kevin jackson cloud service brokerage for datacenter service providers for we...Kevin jackson cloud service brokerage for datacenter service providers for we...
Kevin jackson cloud service brokerage for datacenter service providers for we...
 

Cloud Computing Webinar: Legal & Regulatory Update for 2012

  • 1. Cloud Computing Webinar: Legal & Regulatory Update for 2012 15 November 2012 Michael Bennett Richard Graham Mark Schreiber Partner Partner Partner Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Chicago London Boston +1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585 mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.com © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  • 2. ♦Introduction: The Cloud ♦Key Developments in 2012: Development 1: Development 2: Demystification The Evolving Customer of the Cloud Cloud Supplier Drivers Drivers Development 3: Regulatory Change ♦Cloud Mitigation Strategies 2
  • 3. Introduction: Defining the Cloud © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  • 4. Introduction: Why the Cloud? Approximate Technology Cost of Cost of Cloud Ratio Costs Enterprise Data Center for Data Center Enterprise Network $95 /Mpbs/ $13 / Mpbs / 7.1 Data Center month month with 1K Servers Storage $2.20 / GB / $0.40 / GB / 5.7 vs month month Cloud base Administration 140 servers / 1,000 servers / 7.1 100K Server Admin Admin Center http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/ 4
  • 5. Introduction: Why the Cloud? ♦ “Switch” Data Center 2,200,000 square fee ♦ (http://www.makeuseof.com/tag/5-worlds-biggest-data-centers-stats-pics/) ♦ Average Cloud Data Center 11.5 X the size of a football field ♦ (http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/) ♦ Acquisitions of Terremark by Verizon for $1.4B ♦ Acquisition of Savvis for 2.5B by Century Link (Qwest) 5
  • 6. Introduction: Cloud Definition Characteristics Service Models Deployment Models On-demand self- Software as a Private cloud service Service (SaaS) Broad network Platform as a Community cloud access Service (PaaS) Resource pooling Infrastructure as a Public cloud Service (IaaS) Rapid elasticity Cross Platform? Hybrid cloud ♦ http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 6
  • 7. Introduction: The Problem with the Cloud © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  • 8. Introduction: The Problem with the Cloud ♦ 1. Service Confusion Software Network Providers Providers Technology Information & Manufacturers Service Providers 8
  • 9. Introduction: The Problem with the Cloud ♦ 2. Jurisdictional Confusion Contract Regulatory Cloud Data Customer Location? Location? US PATRIOT Breach Act Notification Cloud Data Provider Subject Location? Location? Intellectual Property Data Protection Rights 9
  • 10. Introduction: The Problem with the Cloud ♦ 3. Security Confusion Phishing / Trojans / Botnets Denial of Accidental Service / Disclosure DDOS Security Cyber Attack / Flaw Terrorism Information Security: Accessibility Integrity Data Confidentiality Certification Damage or Authority Destruction Breach Fraud / Data Loss Theft / ID Theft Poor Data Protection Compliance 10
  • 11. Introduction: The Problem with the Cloud 4. Expectations Confusion Software vs. Subscription Commodity Service Outsourcing vs. Commodity Leverage Assets Individualized Service Levels Provable Data Security / Privacy Virtualization Control 11
  • 12. Key Developments in 2012 © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  • 13. Development 1: Demystification of the Cloud Data & Security Demystifying Ownership & Control Cloud 1. New Privacy Risks? Computing 1. Extraterritorial? 2. More Data Sharing? 2. Local Retention? 3. More Security Risks? 3. Access & Audit? 4. More International? 4. Loss of Control? Political 1. Business Models 2. Employment Protection 3. Risk Allocation 13
  • 14. Development 2: The Evolving Cloud ♦ Traditional Outsourcing –vs– Cloud Computing • Service Driven • Data Controllers / Data Processors Traditional Outsourcing • Standalone Bespoke Services • Agents • Pushed Service Levels • Static Location • Service Scope • Service Levels • Charges • Security Driven • IaaS / PaaS / SaaS • Standardized Environment Cloud • Shared Infrastructure Computing • Self-service • Pulled Service Levels • Dynamic Location 14
  • 15. Development 2: The Evolving Cloud ♦ The Cloud Contract: The Need for Change The Cloud Contract Regulation & Differences Changers Legal Issues Large Consumer Negotiated Law Deals Access Government Enforceability Shared Industry Validity Commodity Landmark Deals Non-Compliant Structure Insurers Data Breach 15
  • 16. Development 2: The Evolving Cloud ♦ Cloud Contracting: Non-Cloud versus Cloud IACCM Most Negotiated Cloud Most Negotiated 1. Limitation of Liability 1. Limitation of Liability 2. Indemnities 2. Indemnities 3. Charges 3. Data Integrity 4. Intellectual Property 4. Service/Service Levels 5. Payment 5. Regulatory Compliance 6. Liquidated Damages 6. Confidentiality/Access 7. Service/Service Levels 7. Security/Audit 8. Delivery/Acceptance 8. Lock-in/Exit/Term 9. Applicable Law 9. Service Change 10. Confidentiality/Access 10. Intellectual Property 16
  • 17. Development 2: The Evolving Cloud ♦ Cloud Contracting: Negotiation Checklist 1. Structure 2. Service 3. Data 4. Regulation •Type (IaaS, •Services •Information •DP/Privacy PaaS, SaaS) Security •Service •Other •Subcontractor Levels •Access •Change •Service •Audit Credits •Breach •Business •Price Continuity/DR 5. IPR 6. Termination 7. Liability 8. Other •Ownership •Term •Warranties •Jurisdiction •Rights of Use •Termination •Indemnities •Change •Exit •Exclusions •Insurance •Portability •Limitations •Certification 17
  • 18. Development 3: Regulatory Change ♦ HIPAA ♦ PIPEDA ♦ HITECH Act ♦ GLB ♦ FTC ♦ Subpoena/Rule 34 FRCP ♦ FACTA ♦ In re NTL Inc. Sec. Litig., 244 F.R.D. ♦ FCRA 179 (S.D.N.Y. 2007) ♦ Fair Debt Collection Practices ♦ State Regulations Act ♦ SOX ♦ ECPA ♦ FERPA ♦ SCA ♦ COPPA ♦ PCI ♦ ITAR/Export Compliance ♦ FFIEC ♦ Banking Requirements 18
  • 19. Development 3: Regulatory Change ♦ Transparency EU Article 29 ♦ Control Data Protection ♦ Sharing Working Party ♦ Sub-Contracting Opinion 1 July 2012 ♦ Data Portability ♦ Outside of EEA EC Strategy for ♦ Interoperability "Unleashing the ♦ Data Portability potential of ♦ Reversibility cloud computing ♦ Certification in Europe" 27 ♦ 'Safe and Fair' Contract Terms September 2012 ♦ European cloud market ♦ What data to put into the cloud? UK ICO ♦ Performance monitoring Guidance on ♦ Written contract Cloud ♦ Security assessment Computing 27 ♦ Security measures September 2012 ♦ Using cloud services from outside the UK ♦ Multi-tenancy environment 19
  • 20. Cloud Mitigation Strategies © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  • 21. Cloud Mitigation Strategies ♦ Insurance ♦ Does Customer Understand Data? ♦ Robust Dispute Resolution ♦ Self Help ♦ Backup ♦ Migration Plan ♦ Privacy pre-Audit ♦ Data Map ♦ “Leverage” Awareness 21
  • 22. Cloud Mitigation Strategies ♦ SAS70Type II; SSAE No. 16 Type 2, ISO 27001; TRUSTe; SysTrust; Verisign ♦ Safe Harbor / EU Data Protection Compliance ♦ Be Aware of Chat Boards/Internet Search/News ♦ Transparency of Procedures ♦ Multi/Single Jurisdiction of Data Centers? 22
  • 23. Cloud Mitigation Strategies ♦ Multi-tenancy ♦ Escrow ♦ Data Map ♦ Audit of Customer Needs Upfront ♦ Contingency Planning ♦ Migration ♦ Return of Data ♦ Termination Services 23
  • 24. Conclusion & Questions? Michael Bennett Richard Graham Mark Schreiber Partner Partner Partner Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLP Chicago London Boston +1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585 mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.com www.edwardswildman.com/mbennett www.edwardswildman.com/rgraham www.edwardswildman.com/mschreiber 24