SlideShare a Scribd company logo

Cloud computing: opportunities and risks

C
Cloud Legal Project

Slides for talk by Prof Christopher Millard on "Cloud Computing: Opportunities and Risks" at the International Bar Association Annual Meeting 2010, Vancouver, Canada, October 2010

Technology
1 of 9
Download to read offline
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks International Bar Association Annual Meeting 2010 Cloud Computing: Opportunities and Risks Professor Christopher Millard Centre for Commercial Law Studies c.millard@qmul.ac.uk Some key questions we will tackle today… •  Why is cloud computing such a hot topic? •  Is cloud computing mature and is it safe ? •  Who is responsible for data in clouds? •  What should you watch out for in off the shelf cloud contracts? •  Can you negotiate custom deals for cloud computing? •  Whose laws apply if you have a cloud dispute? •  Can you control where your data are stored in clouds? •  What s the forecast…. Cloudy but bright ? •  And finally… some practical tips for managing cloud-related risks Christopher Millard 1
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Why is cloud computing such a hot topic? •  Not entirely new but various factors have facilitated a recent surge in interest, including high-bandwidth, low-cost connectivity and the development of large server farms and virtualisation •  In the current economic climate, cloud computing may be attractive as a means of: •  achieving rapid outsourcing efficiencies •  cost reduction / converting capex to opex •  simplifying hardware and software maintenance •  smoothing fluctuations in demand levels •  delivering public sector services more efficiently, see eg. •  Digital Britain and the G-Cloud or, more recently, the •  the Obama Administration’s apps.gov Christopher Millard 2
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Is cloud computing ‘mature’ and is it ‘safe’? •  Some vendors are major players with resilient service offerings backed by robust Service Level Agreements (SLAs) •  Plenty of cloud offerings are, however, provided by startups which may, or may not, prove to be substantial and reliable •  Many services, both consumer and business, are launched while still in development and are often provided long-term on an as is basis and may remain in Beta for a very long time… •  Many services, again both consumer and business, are wholly dependent on third-party owned / controlled infrastructure •  So … whether a particular cloud computing service arrangement is appropriate in a particular case will depend on many factors Do things actually go wrong? Christopher Millard 3
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Do things actually go wrong? What happened? Yesterday [Ma.gnolia founder] Halff informed users that a specialist had been unable to recover any data from the corrupted hard drive. “Unfortunately, database file recovery has been unsuccessful and I won’t be able to recover members’ bookmarks from the Ma.gnolia database,” he wrote. With the benefit of hindsight… • It turns out that Ma.gnolia was pretty much a one-man operation, running on two Mac OS X servers and four Mac minis • Don’t assume that online services have plenty of staff, lots of servers and secure backups. If it matters, take due diligence + contracts seriously Major cloud players have substantial infrastructure… •  Massive data centres are being built, often containing sealed shipping containers, themselves containing pre-configured servers: The trucks back em in, rack em and stack em (Ray Ozzie: Microsoft s Chief Software Architect) •  Huge requirements for power / cooling / connectivity •  Google has patented a water-based data center - a system that includes a floating platform-mounted computer data center comprising a plurality of computing units, a sea-based electrical generator in electrical connection with the plurality of computing units, and one or more sea-water cooling units for providing cooling to the plurality of computing units. Christopher Millard 4
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks So, jus So just when you thought you had identified all the technical, commercial and legal risks associated with outsourcing and offshore data processing … …don t forget maritime law …and that real pirates still operate on the high seas! Contracting in the clouds: ‘off the shelf’ arrangements •  Many cloud service providers use click-wrap terms of business •  Such terms of business sometimes state, for example, that: •  the service provider has minimal, or even no, liability for loss or damage caused by failure of the cloud computing service •  the service may be modified or be discontinued without cause, without notice and without liability to users •  subcontracting may be unrestricted •  customers may have limited / no ability to recover data following termination of service •  Depending on the circumstances, the enforceability of some of these terms may be subject to challenge (!) Christopher Millard 5
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Who is responsible for data in clouds? “...you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.” Q. Will that be good enough? A. It depends what you are going to use the service for! What about disclosure of your data to third parties? Would you feel more comfortable signing up to this… The Receiving Party [Salesforce.com] may disclose Confidential Information of the Disclosing Party [the customer] if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. … or this? You authorize ADrive to disclose any information about You to law enforcement or other government officials as ADrive, in its sole discretion, believes necessary, prudent or appropriate, in connection with an investigation of fraud, intellectual property infringement, or other activity that is illegal or may expose ADrive to legal liability. Christopher Millard 6
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Whose laws apply if you have a cloud dispute? Choice  of  law  specified  by  cloud  provider…   Number  *   US  State:  California  (most  common),  Massachuse6s  (Akamai),   15   Washington  (Amazon),  Utah  (Decho),  Texas  (The  Planet)   English  law,  probably  because  service  provider  based  there   4   English  law,  for  customers  in  Europe  /  EMEA   4   Other  EU  jurisdicAons  (for  European  customers):  eg.  Ireland  (Apple),   2   Luxembourg  (some  MicrosoN  services)   ScoBsh  law  (Flexiant)   1   The  customer’s  local  law   2   No  choice  of  law  expressed  or  implied,  or  ambiguous  choice     3   (eg.  “UK  Law”  for  g.ho.st)   *  Number  in  each  category  is  out  of  31  contracts  analysed  by  QMUL  Cloud  Legal  Project   h?p://www.cloudlegal.ccls.qmul.ac.uk/   Can you control where your data are stored in clouds? •  It depends! •  Some service providers can t, for technical reasons, or won t, for commercial reasons, let you choose (eg. Google… though see City of LA) •  Other service providers are designing their clouds so as to offer customers a choice between regions (eg. Amazon Web Services) •  Other service providers, if asked, say they currently store customer data by default in the customer s local region (eg. Decho Mozy Inc) •  Geolocation may become a critical differentiator for customers concerned about where their data are stored (eg. because of disclosure risks associated with litigation or regulators) or subject to restrictions on data transfers (such as national rules based on Articles 25 + 26 of the DP Dir.) •  An amorphous cloud may not be appropriate for the storage of personal data, eg. if you don t know where the data will be stored and by whom Christopher Millard 7
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Contracting in the clouds: custom deals •  Although not generally advertised, major cloud vendors with standard contracts are prepared to go off piste if a deal merits it •  One-off contracts are usually confidential but… •  A high-profile negotiated deal, for which extensive documentation has been published, is the CSC, Google and the City of LA transaction. This includes provisions that appear to depart in significant ways from Google s standard position, including: •  Google agrees to store and process Customer s email and Google Message Discovery (GMD) data only in the continental United States. As soon as it shall become commercially feasible, Google shall store and process all other Customer Data, from any other Google Apps applications, only in the continental United States. (cl. 1.7) Practical tips for managing cloud-related risks… •  Read the contract, inc. TOS, T&C, SLA, Privacy Policy, AUP, etc •  Consider due diligence questions like these… •  Is the infrastructure multi-layered? •  Where will your data be stored / processed / replicated? •  Who is running the critical infrastructure? •  How easily can third parties get access to your data? •  What happens if your cloud provider / their provider) goes bust? •  How easily could you move your data to another cloud service (or back to your own systems) and how long would it take? •  How confident are you that you could regain control of your data without leaving behind copies and / or key metadata? Christopher Millard 8
IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Forecast: the outlook is complex and changeable! •  The cloud computing industry is at an early stage of development •  Putting data / processes into clouds may facilitate cost savings and risk management… or it may end up having unintended adverse effects •  Legal and regulatory obligations certainly don t end when data are handed over to one or more cloud service providers •  It may matter a lot who has control over, and access to, data in clouds •  Physical location can remain very important in virtual environments •  Some cloud services are much more sophisticated than others in terms of security (eg. encryption options) and facilitating compliance (eg. providing commitments regarding data location, if required, and support for audit, mandatory disclosure processes, etc) •  It may take some time and effort to get regulators (privacy and others) comfortable with specific cloud arrangements Thanks for listening! Any questions… http://www.cloudlegal.ccls.qmul.ac.uk/ Christopher Millard 9

Recommended

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
F ernando sousa ibm_from hype to realiity
F ernando sousa ibm_from hype to realiityF ernando sousa ibm_from hype to realiity
F ernando sousa ibm_from hype to realiityEuroCloud
 
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 EuroCloud
 
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...EuroCloud
 

Recommended

Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloudCloud Legal Project
 
Cloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud computing: identifying and managing legal risks
Cloud computing: identifying and managing legal risksCloud Legal Project
 
Data Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingData Protection Jurisdiction and International Transfers in Cloud Computing
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
 
Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Computing Contracts and Services: What’s Really Happening Out There?
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameThe Complexities of Cloud Computing - The Rules are New, But is the Game
The Complexities of Cloud Computing - The Rules are New, But is the GameJanine Anthony Bowen, Esq.
 
F ernando sousa ibm_from hype to realiity
F ernando sousa ibm_from hype to realiityF ernando sousa ibm_from hype to realiity
F ernando sousa ibm_from hype to realiityEuroCloud
 
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009
Carla Pinheiro Presentation / CloudViews.Org - Cloud Computing Conference 2009 EuroCloud
 
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...
Luis Alves Martins Presentation / CloudViews.Org - Cloud Computing Conference...EuroCloud
 
Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccapWilliam Mann
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCezar Taurion
 
Cloud computing and libraries sndt
Cloud computing and libraries sndtCloud computing and libraries sndt
Cloud computing and libraries sndtVishwas Taralekar
 
CALET Cloud 2011 Handout
CALET Cloud 2011 HandoutCALET Cloud 2011 Handout
CALET Cloud 2011 HandoutCurtis Lee
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWes Yanaga
 
Cloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the CloudCloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the CloudEmbotics Corp.
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud ComputingRohit Buddabathina
 
Cloud computing vs edge computing
Cloud computing vs edge computingCloud computing vs edge computing
Cloud computing vs edge computingAliAbdelwahab6
 
Cloud computing
Cloud computingCloud computing
Cloud computinghundejibat
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorialsUdara Sandaruwan
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtimeAFCOM
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
iStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computingiStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computingHayden McCall
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computingabbu03oct
 
Cloud computing secrets
Cloud computing secretsCloud computing secrets
Cloud computing secretsFlora Runyenje
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleAlan Quayle
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud pptSana Nasar
 
Clearing the fog from cloud computing
Clearing the fog from cloud computingClearing the fog from cloud computing
Clearing the fog from cloud computingmciobo
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Demystifying cloud
Demystifying cloudDemystifying cloud
Demystifying cloudsriramr
 
Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...Cloud Legal Project
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 

More Related Content

What's hot

Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccapWilliam Mann
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCezar Taurion
 
Cloud computing and libraries sndt
Cloud computing and libraries sndtCloud computing and libraries sndt
Cloud computing and libraries sndtVishwas Taralekar
 
CALET Cloud 2011 Handout
CALET Cloud 2011 HandoutCALET Cloud 2011 Handout
CALET Cloud 2011 HandoutCurtis Lee
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWes Yanaga
 
Cloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the CloudCloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the CloudEmbotics Corp.
 
Cloud computing vs edge computing
Cloud computing vs edge computingCloud computing vs edge computing
Cloud computing vs edge computingAliAbdelwahab6
 
Cloud computing
Cloud computingCloud computing
Cloud computinghundejibat
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorialsUdara Sandaruwan
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtimeAFCOM
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHSHAIMA A R
 
iStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computingiStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computingHayden McCall
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computingabbu03oct
 
Cloud computing secrets
Cloud computing secretsCloud computing secrets
Cloud computing secretsFlora Runyenje
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleAlan Quayle
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud pptSana Nasar
 
Clearing the fog from cloud computing
Clearing the fog from cloud computingClearing the fog from cloud computing
Clearing the fog from cloud computingmciobo
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingAnkit Singh
 
Demystifying cloud
Demystifying cloudDemystifying cloud
Demystifying cloudsriramr
 

What's hot (20)

Cloud computing 102711 - ccap
Cloud computing 102711 - ccapCloud computing 102711 - ccap
Cloud computing 102711 - ccap
 
Cloud Computing: usos e tendências
Cloud Computing: usos e tendênciasCloud Computing: usos e tendências
Cloud Computing: usos e tendências
 
Cloud computing and libraries sndt
Cloud computing and libraries sndtCloud computing and libraries sndt
Cloud computing and libraries sndt
 
CALET Cloud 2011 Handout
CALET Cloud 2011 HandoutCALET Cloud 2011 Handout
CALET Cloud 2011 Handout
 
Windows Azure Platfrom App Fabric
Windows Azure Platfrom App FabricWindows Azure Platfrom App Fabric
Windows Azure Platfrom App Fabric
 
Cloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the CloudCloud Myths and Realities: The Truth About Moving to the Cloud
Cloud Myths and Realities: The Truth About Moving to the Cloud
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
Cloud computing vs edge computing
Cloud computing vs edge computingCloud computing vs edge computing
Cloud computing vs edge computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing course and tutorials
Cloud computing course and tutorialsCloud computing course and tutorials
Cloud computing course and tutorials
 
Cloudy with a chance of downtime
Cloudy with a chance of downtimeCloudy with a chance of downtime
Cloudy with a chance of downtime
 
CLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACHCLOUD COMPUTING -DETAILED APPROACH
CLOUD COMPUTING -DETAILED APPROACH
 
iStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computingiStart hitchhikers guide to cloud computing
iStart hitchhikers guide to cloud computing
 
29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing29896059 ppt-on-cloud-computing
29896059 ppt-on-cloud-computing
 
Cloud computing secrets
Cloud computing secretsCloud computing secrets
Cloud computing secrets
 
Cloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop SampleCloud Computing 101 Workshop Sample
Cloud Computing 101 Workshop Sample
 
The why of a cloud ppt
The why of a cloud pptThe why of a cloud ppt
The why of a cloud ppt
 
Clearing the fog from cloud computing
Clearing the fog from cloud computingClearing the fog from cloud computing
Clearing the fog from cloud computing
 
The Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud ComputingThe Security and Privacy Threats to Cloud Computing
The Security and Privacy Threats to Cloud Computing
 
Demystifying cloud
Demystifying cloudDemystifying cloud
Demystifying cloud
 

Similar to Cloud computing: opportunities and risks

Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...Cloud Legal Project
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Livingstone Advisory
 
Eo navigating the cloud
Eo navigating the cloudEo navigating the cloud
Eo navigating the cloudeophiladelphia
 
Eo navigating the cloud v8
Eo navigating the cloud v8Eo navigating the cloud v8
Eo navigating the cloud v8Nerve2012
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Livingstone Advisory
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computingHossam Zein
 
cloud computing
cloud computingcloud computing
cloud computingnewme19
 
CLOUD, FOG, OR SMOG?
CLOUD, FOG, OR SMOG?CLOUD, FOG, OR SMOG?
CLOUD, FOG, OR SMOG?karlmotz
 
Accenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computingAccenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computingNgy Ea
 
Praveen V CSE technical ppt.pdf
Praveen V CSE technical ppt.pdfPraveen V CSE technical ppt.pdf
Praveen V CSE technical ppt.pdfItsmepraveen
 
Reasons for Cloud Computing’s Popularity in the UK
Reasons for Cloud Computing’s Popularity in the UKReasons for Cloud Computing’s Popularity in the UK
Reasons for Cloud Computing’s Popularity in the UKAHZ Associates
 
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...RightScale
 
Cloud computing
Cloud computingCloud computing
Cloud computingRazib M
 

Similar to Cloud computing: opportunities and risks (20)

Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...Cloud Computing Contracts and Services: What's Really Happening Out There? T...
Cloud Computing Contracts and Services: What's Really Happening Out There? T...
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
Eo navigating the cloud
Eo navigating the cloudEo navigating the cloud
Eo navigating the cloud
 
Eo navigating the cloud v8
Eo navigating the cloud v8Eo navigating the cloud v8
Eo navigating the cloud v8
 
The Sun Cloud
The Sun CloudThe Sun Cloud
The Sun Cloud
 
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?Will the Cloud be your disaster, or will Cloud be your disaster recovery?
Will the Cloud be your disaster, or will Cloud be your disaster recovery?
 
10 security concerns cloud computing
10 security concerns cloud computing10 security concerns cloud computing
10 security concerns cloud computing
 
cloud computing
cloud computingcloud computing
cloud computing
 
Introduction Of Cloud Computing
Introduction Of Cloud Computing Introduction Of Cloud Computing
Introduction Of Cloud Computing
 
Cloud Computing
Cloud ComputingCloud Computing
Cloud Computing
 
CLOUD, FOG, OR SMOG?
CLOUD, FOG, OR SMOG?CLOUD, FOG, OR SMOG?
CLOUD, FOG, OR SMOG?
 
Accenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computingAccenture 6 questions_executives_should_ask_about_cloud_computing
Accenture 6 questions_executives_should_ask_about_cloud_computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Praveen V CSE technical ppt.pdf
Praveen V CSE technical ppt.pdfPraveen V CSE technical ppt.pdf
Praveen V CSE technical ppt.pdf
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 
Reasons for Cloud Computing’s Popularity in the UK
Reasons for Cloud Computing’s Popularity in the UKReasons for Cloud Computing’s Popularity in the UK
Reasons for Cloud Computing’s Popularity in the UK
 
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...
Rightscale Webinar: Plan for Failure: How to Avert Disaster With a Cloud Stra...
 
Cloud computing for SMBs
Cloud computing for SMBsCloud computing for SMBs
Cloud computing for SMBs
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 

Cloud computing: opportunities and risks

  • 1. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks International Bar Association Annual Meeting 2010 Cloud Computing: Opportunities and Risks Professor Christopher Millard Centre for Commercial Law Studies c.millard@qmul.ac.uk Some key questions we will tackle today… •  Why is cloud computing such a hot topic? •  Is cloud computing mature and is it safe ? •  Who is responsible for data in clouds? •  What should you watch out for in off the shelf cloud contracts? •  Can you negotiate custom deals for cloud computing? •  Whose laws apply if you have a cloud dispute? •  Can you control where your data are stored in clouds? •  What s the forecast…. Cloudy but bright ? •  And finally… some practical tips for managing cloud-related risks Christopher Millard 1
  • 2. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Why is cloud computing such a hot topic? •  Not entirely new but various factors have facilitated a recent surge in interest, including high-bandwidth, low-cost connectivity and the development of large server farms and virtualisation •  In the current economic climate, cloud computing may be attractive as a means of: •  achieving rapid outsourcing efficiencies •  cost reduction / converting capex to opex •  simplifying hardware and software maintenance •  smoothing fluctuations in demand levels •  delivering public sector services more efficiently, see eg. •  Digital Britain and the G-Cloud or, more recently, the •  the Obama Administration’s apps.gov Christopher Millard 2
  • 3. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Is cloud computing ‘mature’ and is it ‘safe’? •  Some vendors are major players with resilient service offerings backed by robust Service Level Agreements (SLAs) •  Plenty of cloud offerings are, however, provided by startups which may, or may not, prove to be substantial and reliable •  Many services, both consumer and business, are launched while still in development and are often provided long-term on an as is basis and may remain in Beta for a very long time… •  Many services, again both consumer and business, are wholly dependent on third-party owned / controlled infrastructure •  So … whether a particular cloud computing service arrangement is appropriate in a particular case will depend on many factors Do things actually go wrong? Christopher Millard 3
  • 4. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Do things actually go wrong? What happened? Yesterday [Ma.gnolia founder] Halff informed users that a specialist had been unable to recover any data from the corrupted hard drive. “Unfortunately, database file recovery has been unsuccessful and I won’t be able to recover members’ bookmarks from the Ma.gnolia database,” he wrote. With the benefit of hindsight… • It turns out that Ma.gnolia was pretty much a one-man operation, running on two Mac OS X servers and four Mac minis • Don’t assume that online services have plenty of staff, lots of servers and secure backups. If it matters, take due diligence + contracts seriously Major cloud players have substantial infrastructure… •  Massive data centres are being built, often containing sealed shipping containers, themselves containing pre-configured servers: The trucks back em in, rack em and stack em (Ray Ozzie: Microsoft s Chief Software Architect) •  Huge requirements for power / cooling / connectivity •  Google has patented a water-based data center - a system that includes a floating platform-mounted computer data center comprising a plurality of computing units, a sea-based electrical generator in electrical connection with the plurality of computing units, and one or more sea-water cooling units for providing cooling to the plurality of computing units. Christopher Millard 4
  • 5. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks So, jus So just when you thought you had identified all the technical, commercial and legal risks associated with outsourcing and offshore data processing … …don t forget maritime law …and that real pirates still operate on the high seas! Contracting in the clouds: ‘off the shelf’ arrangements •  Many cloud service providers use click-wrap terms of business •  Such terms of business sometimes state, for example, that: •  the service provider has minimal, or even no, liability for loss or damage caused by failure of the cloud computing service •  the service may be modified or be discontinued without cause, without notice and without liability to users •  subcontracting may be unrestricted •  customers may have limited / no ability to recover data following termination of service •  Depending on the circumstances, the enforceability of some of these terms may be subject to challenge (!) Christopher Millard 5
  • 6. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Who is responsible for data in clouds? “...you acknowledge that you bear sole responsibility for adequate security, protection and backup of Your Content and Applications. We strongly encourage you, where available and appropriate, to (a) use encryption technology to protect Your Content from unauthorized access, (b) routinely archive Your Content, and (c) keep your Applications or any software that you use or run with our Services current with the latest security patches or updates. We will have no liability to you for any unauthorized access or use, corruption, deletion, destruction or loss of any of Your Content or Applications.” Q. Will that be good enough? A. It depends what you are going to use the service for! What about disclosure of your data to third parties? Would you feel more comfortable signing up to this… The Receiving Party [Salesforce.com] may disclose Confidential Information of the Disclosing Party [the customer] if it is compelled by law to do so, provided the Receiving Party gives the Disclosing Party prior notice of such compelled disclosure (to the extent legally permitted) and reasonable assistance, at the Disclosing Party's cost, if the Disclosing Party wishes to contest the disclosure. … or this? You authorize ADrive to disclose any information about You to law enforcement or other government officials as ADrive, in its sole discretion, believes necessary, prudent or appropriate, in connection with an investigation of fraud, intellectual property infringement, or other activity that is illegal or may expose ADrive to legal liability. Christopher Millard 6
  • 7. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Whose laws apply if you have a cloud dispute? Choice  of  law  specified  by  cloud  provider…   Number  *   US  State:  California  (most  common),  Massachuse6s  (Akamai),   15   Washington  (Amazon),  Utah  (Decho),  Texas  (The  Planet)   English  law,  probably  because  service  provider  based  there   4   English  law,  for  customers  in  Europe  /  EMEA   4   Other  EU  jurisdicAons  (for  European  customers):  eg.  Ireland  (Apple),   2   Luxembourg  (some  MicrosoN  services)   ScoBsh  law  (Flexiant)   1   The  customer’s  local  law   2   No  choice  of  law  expressed  or  implied,  or  ambiguous  choice     3   (eg.  “UK  Law”  for  g.ho.st)   *  Number  in  each  category  is  out  of  31  contracts  analysed  by  QMUL  Cloud  Legal  Project   h?p://www.cloudlegal.ccls.qmul.ac.uk/   Can you control where your data are stored in clouds? •  It depends! •  Some service providers can t, for technical reasons, or won t, for commercial reasons, let you choose (eg. Google… though see City of LA) •  Other service providers are designing their clouds so as to offer customers a choice between regions (eg. Amazon Web Services) •  Other service providers, if asked, say they currently store customer data by default in the customer s local region (eg. Decho Mozy Inc) •  Geolocation may become a critical differentiator for customers concerned about where their data are stored (eg. because of disclosure risks associated with litigation or regulators) or subject to restrictions on data transfers (such as national rules based on Articles 25 + 26 of the DP Dir.) •  An amorphous cloud may not be appropriate for the storage of personal data, eg. if you don t know where the data will be stored and by whom Christopher Millard 7
  • 8. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Contracting in the clouds: custom deals •  Although not generally advertised, major cloud vendors with standard contracts are prepared to go off piste if a deal merits it •  One-off contracts are usually confidential but… •  A high-profile negotiated deal, for which extensive documentation has been published, is the CSC, Google and the City of LA transaction. This includes provisions that appear to depart in significant ways from Google s standard position, including: •  Google agrees to store and process Customer s email and Google Message Discovery (GMD) data only in the continental United States. As soon as it shall become commercially feasible, Google shall store and process all other Customer Data, from any other Google Apps applications, only in the continental United States. (cl. 1.7) Practical tips for managing cloud-related risks… •  Read the contract, inc. TOS, T&C, SLA, Privacy Policy, AUP, etc •  Consider due diligence questions like these… •  Is the infrastructure multi-layered? •  Where will your data be stored / processed / replicated? •  Who is running the critical infrastructure? •  How easily can third parties get access to your data? •  What happens if your cloud provider / their provider) goes bust? •  How easily could you move your data to another cloud service (or back to your own systems) and how long would it take? •  How confident are you that you could regain control of your data without leaving behind copies and / or key metadata? Christopher Millard 8
  • 9. IBA Annual Conference, Vancouver 2010 Cloud Computing: Opportunities and Risks Forecast: the outlook is complex and changeable! •  The cloud computing industry is at an early stage of development •  Putting data / processes into clouds may facilitate cost savings and risk management… or it may end up having unintended adverse effects •  Legal and regulatory obligations certainly don t end when data are handed over to one or more cloud service providers •  It may matter a lot who has control over, and access to, data in clouds •  Physical location can remain very important in virtual environments •  Some cloud services are much more sophisticated than others in terms of security (eg. encryption options) and facilitating compliance (eg. providing commitments regarding data location, if required, and support for audit, mandatory disclosure processes, etc) •  It may take some time and effort to get regulators (privacy and others) comfortable with specific cloud arrangements Thanks for listening! Any questions… http://www.cloudlegal.ccls.qmul.ac.uk/ Christopher Millard 9