Janine’s practice focuses on strategic commercial transactions involving technology and intellectual property. Such transactions include licensing and acquisition of technology; issues surrounding the protection and exploitation of Internet-based assets; privacy and information security; and technology export compliance.
McKenna Long & Aldridge LLP
525 Attorneys and Public Policy advisors
A national, general practice firm focused on transactional, litigation, and government/regulatory matters
9 US-based offices, 1 international office (Brussels, Belgium)
II. Understanding the Various Cloud Contracting Models
License Agreements vs. Services Agreements
Click wrap Agreements vs. Standard Contracts
The Importance of Privacy Policies and Terms and Conditions
III. Minimimizing and Mitigating Risk - Commercial and Business Considerations
Methods to Minimize Risk
Viability of the Cloud Provider
Other Factors to Consider When Selecting a Vendor
IV. The Impact, if any, of Industry Standards
V. Take Away Messages
Service Model Relationships Gerard Briscoe, London School of Economics and Political Science, Alexandros Marinos, Faculty of Engineering & Physical Sciences, University of Surrey, “Digital Ecosystems in the Clouds: Towards Community Cloud Computing” March 2009
Cloud vs. Outsourcing vs. ASP Cloud Computing Outsourcing ASP Location of Service/Data unknown known known Owner of Technology provider company provider Contract non-negotiable highly negotiated negotiated Contract Risk company provider shared Scalability Yes No Maybe
Cloud Contracting Models: License vs. Service Agreement License Agreement Service Agreement Necessary in Cloud License Grant Yes. No. No. No physical transfer of SW. IP Infringement Protection Yes. No. No. No physical transfer of SW. Ownership Protection for Provider? Yes. Yes. Yes. Use of cloud does not translate into ownership transfer.
Cloud Contracting Models: Click Wrap vs. Standard Contract Click Wrap Standard Contract Negotiable No. Yes, generally. Limits Placed on Provider ’ s Liability Yes. Very little or no liability to provider. Yes. Risk shared by provider and user. Risk in the Event of Problems Born by user. Born by party responsible.
User grants content license – Google can modify the content to deliver the service
User’s use of services is ‘as is’ and ‘as available’
No liability for user’s damages, including for deletion, corruption, or failure to store a user’s data
Effect on a Gmail user is one consideration, but what about a Google Apps (PaaS) user?
What standards applicable to cloud computing exist?
Payment Card Industry Data Security Standards
A set of requirements for enhancement of payment account data security
ISO 27000 Series Standards
An information security standard that provides best practices for those implementing an information security management system
Open Cloud Manifesto
Basic premise is that cloud computing should be open like other technologies (e.g. use open source technologies) to enhance ability: (a) for a user to transfer to a new provider, (b) for companies to work together, and (c) to speed and ease integration