The Business Case forCloud: Critical Legal,Business & DiligenceConsiderationsPresented byJanine Anthony Bowen, Esq., CIPP/...
Janine Anthony Bowen, Esq., CIPP/US          Your Presenter                                                       • With 2...
And JACK does what…• Jack Attorneys & Advisors is the technology law boutique of choice  for clients seeking an expert, pr...
What’s the Cloud, really?           http://www.fatcow.com/data-center/photos - You are allowed to copy, distribute, transm...
Agenda       I.           Business Considerations       II.          Evaluation Considerations       III. Privacy & Securi...
Business Benefits of Cloud          Computing          • Cost            Avoidance/Deferral          • Improved           ...
Cost Avoidance/Deferral – You Decide          • Gartner says…IaaS isn’t less expensive, but it increases            operat...
Cost Avoidance/Deferral – You Decide          (cites)           (1)       Lydia Leong, research VP at Gartner Group       ...
Total Cost of Ownership          Cost of Cloud        • Cloud providers give          transparent pricing based on        ...
Total Costs of Ownership          Hidden Cost of On-Premise Technology         • The direct costs that accompany running a...
Improved Organizational Agility       • Use of Public Clouds or Virtual Private Clouds give         organizations the abil...
Focus on Core Business       • Organizations can focus on         building the business they         know       • Organiza...
Evaluating Cloud Options©2012 Jack Attorneys & Advisors. All Rights Reserved   13
Preliminaries       • The onus is on the customer to perform extensive         evaluation of a cloud provider before enter...
Checklist for Cloud Readiness       •Business Drivers                – Do you have staff working remotely?                ...
Checklist for Cloud Readiness      •Technical Drivers               – Is your application workload highly variable?       ...
List of Potential Cloud Provider          Evaluation Criteria       Functionality of solution                       Pricin...
Evaluation Considerations:          Disaster Recovery            • How are backup systems architected?               – Com...
Evaluation Considerations:          Transition Issues – Lock In       • All the typical software         migration issues ...
Privacy and Security©2012 Jack Attorneys & Advisors. All Rights Reserved   20
4 Immutable Laws of Cloud Security      • “These are things that will always be, things that will never change,        and...
Issues with Cloud Computing:          Privacy and Security         • Data location issues         • Location of users acce...
Regulatory Landscape:          Data Privacy Compliance       • State Information Security Laws       • State Data Breach L...
Contractual Requirements:          Gap Analysis©2012 Jack Attorneys & Advisors. All Rights Reserved   24
Customer Needs vs. Vendor Offerings                                Customer                           Public Cloud        ...
Customer Needs vs. Vendor Offerings                                        Customer                 Public Cloud          ...
Liability Considerations – Vendor          Perspective       • For vendor, risk of data security breach is greatest risk  ...
Cloud is here to stay, so…     • Plan for success and       plan for failure.     • Know and mitigate your       business ...
Q&A          Contact Me       • Janine Anthony Bowen, Esq., CIPP/US          jbowen@jack-law.com          www.linkedin.com...
©2012 Jack Attorneys & Advisors. All Rights Reserved   30
Upcoming SlideShare
Loading in...5
×

The Business Case for Cloud: Critical Legal, Business, & Diligence Considerations

591

Published on

An overview of the considerations a business must think through prior to moving to cloud computing.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
591
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
19
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

The Business Case for Cloud: Critical Legal, Business, & Diligence Considerations

  1. 1. The Business Case forCloud: Critical Legal,Business & DiligenceConsiderationsPresented byJanine Anthony Bowen, Esq., CIPP/USjbowen@jack-law.com(678) 823-6611December 7, 2012
  2. 2. Janine Anthony Bowen, Esq., CIPP/US Your Presenter • With 2 degrees in Industrial Engineering from Clemson University and almost a decade working in technology companies, Janine is an engineer- turned-lawyer who knows technology, intellectual property, and the law well. • She specializes in helping her clients negotiate technology deals with Fortune 500 companies.©2012 Jack Attorneys & Advisors. All Rights Reserved 2
  3. 3. And JACK does what…• Jack Attorneys & Advisors is the technology law boutique of choice for clients seeking an expert, pragmatic, high touch experience. We specialize in technology, privacy, cloud computing, mobile, intellectual property, and commercial contracts.
  4. 4. What’s the Cloud, really? http://www.fatcow.com/data-center/photos - You are allowed to copy, distribute, transmit the work and to adapt the work. Attribution is not required. You are prohibited from using this work in a stand alone manner.©2012 Jack Attorneys & Advisors. All Rights Reserved 4
  5. 5. Agenda I. Business Considerations II. Evaluation Considerations III. Privacy & Security Considerations IV. Contractual Considerations V. Concluding Thoughts©2012 Jack Attorneys & Advisors. All Rights Reserved 5
  6. 6. Business Benefits of Cloud Computing • Cost Avoidance/Deferral • Improved Organizational Agility • Focus on Core Business rather than IT©2012 Jack Attorneys & Advisors. All Rights Reserved 6
  7. 7. Cost Avoidance/Deferral – You Decide • Gartner says…IaaS isn’t less expensive, but it increases operational agility (1) • Computerworld says…Prepare for the real costs of cloud computing (2) – Moving and storing data, integrating apps from multiple vendors, testing software, rent & utilities • CIO says…CFOs and cloud computing have a love-hate relationship (3) – Variable pricing messes up cash flow projections – Capex vs. Opex • Booz Allen Hamilton says…savings range from 50% to 75% (4) • CloudU says…savings from 13% to 25% (5)©2012 Jack Attorneys & Advisors. All Rights Reserved 7
  8. 8. Cost Avoidance/Deferral – You Decide (cites) (1) Lydia Leong, research VP at Gartner Group http://www.formtek.com/blog/?p=2696, January 12th, 2012 (2) “Preparing for the real costs of cloud computing” Computerworld http://www.computerworld.com/s/article/359383/The_Real_Costs_of_Cloud_C omputing (3) “Why CFOS and Cloud Computing Have a Love-Hate Relationship” CIO Magazine www.cio.com/article/print/702074 (4) “The Economics of Cloud Computing” http://www.boozallen.com/media/file/Economics-of-Cloud-Computing.pdf (5) “Cloudonomics: The Economics of Cloud Computing” http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics -The_Economics_of_Cloud_Computing.pdf©2012 Jack Attorneys & Advisors. All Rights Reserved 8
  9. 9. Total Cost of Ownership Cost of Cloud • Cloud providers give transparent pricing based on different usage metrics – RAM, storage, bandwidth, among others • Pricing is frequently fixed per unit of time. Customers gain certainty over pricing and are then able to readily calculate costs based on several different usage estimates Source: Cloudonomics: The Economics of Cloud Computing, CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum©2012 Jack Attorneys & Advisors. All Rights Reserved 9
  10. 10. Total Costs of Ownership Hidden Cost of On-Premise Technology • The direct costs that accompany running a server: power, floor space, storage, and IT operations to manage those resources. • The indirect costs of running a server: network and storage infrastructure and IT operations to manage the general infrastructure. • The overhead costs of owning a server: procurement and accounting personnel, not to mention a critical resource in short supply: IT management and its attention. Source: Cloudonomics: The Economics of Cloud Computing, CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum©2012 Jack Attorneys & Advisors. All Rights Reserved 10
  11. 11. Improved Organizational Agility • Use of Public Clouds or Virtual Private Clouds give organizations the ability to scale up or down when necessary • IT expense can be matched to: – Seasonal or cyclical requirements – Organizational growth or decline • Mobile workforce/workplace solutions may improve organizational productivity • Cloud environments support experimentation and ability to fail with low penalty©2012 Jack Attorneys & Advisors. All Rights Reserved 11
  12. 12. Focus on Core Business • Organizations can focus on building the business they know • Organizations can leverage the best of breed in IT (and not try to be best of breed themselves) • Potentially better disaster recovery strategies utilizing cloud-based options©2012 Jack Attorneys & Advisors. All Rights Reserved 12
  13. 13. Evaluating Cloud Options©2012 Jack Attorneys & Advisors. All Rights Reserved 13
  14. 14. Preliminaries • The onus is on the customer to perform extensive evaluation of a cloud provider before entering into the relationship. • The nature of the cloud relationship drives the requirements of evaluation. Considerations include: – The criticality of the cloud implementation – The sensitivity of the data/processes being outsourced to the cloud provider – The scale of the implementation©2012 Jack Attorneys & Advisors. All Rights Reserved 14
  15. 15. Checklist for Cloud Readiness •Business Drivers – Do you have staff working remotely? – Do you have plans to increase your IT infrastructure needs? – Is your infrastructure reaching end of life? – Are you constrained in terms of Capital Expenditure? – Does your organization have a high level of software test/development? – Does your organization struggle to obtain IT talent internally? – Is 24*7 support important for your organization? Source: Appendix in “You Want to Put my Database Where? CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum©2012 Jack Attorneys & Advisors. All Rights Reserved 15
  16. 16. Checklist for Cloud Readiness •Technical Drivers – Is your application workload highly variable? – Do you need automatic infrastructure scaling and provisioning? – Do you have a need for complex IT redundancy and resiliency that you struggle to obtain internally? – Have you faced issues around IT security? Source: Appendix in “You Want to Put my Database Where? CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum©2012 Jack Attorneys & Advisors. All Rights Reserved 16
  17. 17. List of Potential Cloud Provider Evaluation Criteria Functionality of solution Pricing Uptime Response time Quality of service Data Security/Privacy Backup and disaster recovery Customization capability Ability to personalize Integration with existing systems Data access Customer service/support Adapted from “Evaluating SaaS Solutions: A Checklist for Small and Mid-sized Enterprises” http://www.saugatech.com/thoughtleadership/TL_October2009_Eval_SAP.pdf©2012 Jack Attorneys & Advisors. All Rights Reserved 17
  18. 18. Evaluation Considerations: Disaster Recovery • How are backup systems architected? – Complete redundancy? Multiple redundancies? Duplicate systems? Real-time backup? • Where are backup systems located geographically? • Are third party backup systems utilized (partially/totally)? • How long would a catastrophic event at a data center affect system availability? • Concerns for physical assets based on geography • Ultimately, whose responsibility is it anyway?©2012 Jack Attorneys & Advisors. All Rights Reserved 18
  19. 19. Evaluation Considerations: Transition Issues – Lock In • All the typical software migration issues • Plus: – Data ownership •Raw data •Resultant information – Professional services to migrate to new provider©2012 Jack Attorneys & Advisors. All Rights Reserved 19
  20. 20. Privacy and Security©2012 Jack Attorneys & Advisors. All Rights Reserved 20
  21. 21. 4 Immutable Laws of Cloud Security • “These are things that will always be, things that will never change, and it is a state of being.” – First is an understanding that if your data is hosted in the cloud, you no longer directly control its privacy and protection. – when your data is burst into the cloud, you no longer directly control where the data resides or is processed. – if your security controls are not contractually committed to, then you may not have any legal standing in terms of the control over your data or your assets. – if you dont extend your current security policies and controls in the cloud computing platform, youre more than likely going to be compromised – Tari Schreider, HP chief architect of HP Technology Consulting and IT Assurance Practice. “Security and the Cloud: The Great Reconciliation”, eCommerce Times, 14 May 2012 http://www.ecommercetimes.com/story/Security-and-the-Cloud-The-Great- Reconciliation-75094.html©2012 Jack Attorneys & Advisors. All Rights Reserved 21
  22. 22. Issues with Cloud Computing: Privacy and Security • Data location issues • Location of users accessing data • Movement and storage of data • Use of subcontractors • Use of multiple platforms • Lack of transparency and control • Data breach issues • Data destruction issues • Ability to impose security and privacy requirements©2012 Jack Attorneys & Advisors. All Rights Reserved 22
  23. 23. Regulatory Landscape: Data Privacy Compliance • State Information Security Laws • State Data Breach Laws • Gramm Leach Bliley • HIPAA/HITECH Act • Electronic Communications Privacy Act (Gov’t Access to Data) • USA PATRIOT Act (Gov’t Access to Data)©2012 Jack Attorneys & Advisors. All Rights Reserved 23
  24. 24. Contractual Requirements: Gap Analysis©2012 Jack Attorneys & Advisors. All Rights Reserved 24
  25. 25. Customer Needs vs. Vendor Offerings Customer Public Cloud Requirement Response to data Standardized offering, use of sub- security incidents processors and other limits may delay discovery of breaches, and ability to provide information regarding extent of breach Audit rights Typically not available, especially not for sub-processors Proper disposal No guarantee all data will be found and and destruction of erased or returned data Change Control Provider may make changes without notice or consent©2012 Jack Attorneys & Advisors. All Rights Reserved 25
  26. 26. Customer Needs vs. Vendor Offerings Customer Public Cloud Requirement Established Incorporation of additional Contract Terms online terms, subject to change by provider Provider has Extremely limited liability some liability exposure for breaches and non-compliance Controls on Standardized offering with use data and of cloud provider controls security standards©2012 Jack Attorneys & Advisors. All Rights Reserved 26
  27. 27. Liability Considerations – Vendor Perspective • For vendor, risk of data security breach is greatest risk • Multi-tenancy enables single breach incident to affect thousands of customers • Vendors must think through worst-case scenarios, and reevaluate as company grows and evolves – Types of harm – Damages available – Settlement values – Insurance coverage©2012 Jack Attorneys & Advisors. All Rights Reserved 27
  28. 28. Cloud is here to stay, so… • Plan for success and plan for failure. • Know and mitigate your business and technology risk. • There are no silver bullets, shortcuts, or easy answers.©2012 Jack Attorneys & Advisors. All Rights Reserved 28
  29. 29. Q&A Contact Me • Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com www.linkedin.com/in/jdabowen • 678-823-6611 • Twitter - @cloudlawyer • www.jack-law.com • Facebook – www.facebook.com/JackAttorneys JACK Attorneys & Advisors: Technology/IP Law & the Business of Technology - Quite Simply, We Get It.©2012 Jack Attorneys & Advisors. All Rights Reserved 29
  30. 30. ©2012 Jack Attorneys & Advisors. All Rights Reserved 30
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×