SlideShare a Scribd company logo
1 of 22
Download to read offline
Cloud Services As An Enabler
The Strategic, Legal & Pragmatic Approach
Janneke Breeuwsma
Breeuwsma@arthurslegal.com
Arthur’s Legal
Tech Law Firm By Design. Est. 2001
The next level law firm: Compact Core + Trusted Outsourcing + Lot’s of Tech & Tools
Janneke Breeuwsma: Lawyer: Digital, Data, Privacy & Technology
Cloud & Data: Cooperates with European Commission, global organizations including many
universities worldwide. Frequent speaker at leading international conferences.
Practice What you Preach: Arthur's Legal technology partner Zapplied Platform is helping
organizations with practical and user-friendly artificial intelligence to optimize and automate
knowledge engineering, document generation, deal/relation life cycle management and
collaboration.
Cloud Services As An Enabler
Risks, Comfort & Trust in the Cloud
Major Cloud Services & Digital Single Market Challenge:
For the 80% not yet using paid cloud services, insufficient knowledge is the main blocking
factors (42%).
For the 20% using paid cloud services, the risk of a security breach is the main limiting
factor (39%).
Eurostat (EC)
Risks, Comfort & Trust in the Cloud
Cybersecurity & Data Protection: Threat or Strength?
European Commission Priority: Digital Single Market
C-SIG Drafting Group DG CNECT: EC Cloud SLA Standardisation
Guidelines, ISO/IEC 17788, ISO/IEC 19086, and other standards.
Improve transparency, bridging the disconnect between supply and
demand, and increase the uptake of cloud computing by making it easier
for and empower 20.000.000+ EU SMEs to understand SLAs.
Digital Society, Digital Economy & DSM
Use Cases
Common Reference Model Requirements Cloud SLOs & SLAs
SME MARKET TO SLA(RELATED) REQUIREMENTS & STANDARDS, AND VICE VERSA
Common Reference Model Cloud SLOs & SLAs
SME 5
Basic Knowledge
EC Cloud SLA Standardisation Guidelines, Document IU Requirements & Cloud SLA/SLO related International Standards
SME 1
Novice
SME 2
Basic Knowledge
SME 3
Experienced
SME 6
Experienced
Use Case Recognition
UC A UC B UC C UC D UC E UC F
SMEs
ARTHUR’S LEGAL LAYERED METHODOLOGY
SME 4
Novice
Start with Common Understanding: Definitions
Start with Common Understanding: Definitions
Data is not a four letter word
EC Cloud Service Level Agreement Standardisation Guidelines (v20140828)
3D approach | Multi-story of connected data types | Classified data |
Sensitive data | Personal data | Derived data | Proprietary data | IPR |
Encrypted data, with or without Tokenization | Every kind of data
needs to be addressed differently.
Data
Data of any form, nature or structure, that can be created, uploaded, inserted
in, collected or derived from or with cloud services and/or cloud computing,
including without limitation proprietary and non-proprietary data, confidential
and non-confidential data, non-personal and personal data, as well as other
human readable or machine readable data.
Ethics & Accountability
Law & Legislation Official Policies
Standardisation &
Certification
Market Self-regulatory
& Contractual
Risk Allocation
& Insurance
Technology
Case Law
Human & Society
Ecosystem for Technology & The Rule of Law
Value Chain of Services =
Pandora’s Box of SLAs, or
Value Added Ecosystem?
Hyperconnected, accountable Value Chain: to serve B2x, G2x, C2x, Peer2Peer
Software
as-a-Service
Platform
as-a-Service
Infrastructure
as-a-Service
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
SLA
International Standardisation & Best Practices
4 Main Categories Service Level Objectives (SLOs)
1. Performance
2. Security
3. Data Management
4. (Personal) Data Protection
SLA Life Cycle: Assess, Select, Negotiate/Contracting, Execute, Monitor,
Update & Terminate
Data Life Cycle: Create/derive, Store, Use/Process, Share, Archive, Destroy
Out of ScopeWithin Scope
EU CyberSecurity Service Legal Objectives
Chapter 4 EC SLA Standardisation Guidelines
International Standarisation & Best Practices (2)
Where to Find the Cloud Services Agreement? *
1. Service Agreement / Master Services Agreement (MSA)
2. Service Level Agreement (SLA)
3. Service Description
4. Acceptable Use Policy
5. Privacy Policy & Data Processor Agreement
6. Privacy Level Agreement
7. Security Policy
8. Business Continuity Policy / Disaster Recovery Plan
* Make sure to obtain & understand the complete set of documents
Use Case: Access to & Usability of Cloud SLAs
Name: Document transparency
Cloud service
life-cycle phase:
Assessment
Source: Legal practice
Description: It is not easy to find or otherwise obtain Cloud SLAs in general, and a
comprehensive set of related documents in general that sets out the complete
scope of Cloud service offerings and related legal rights and obligations. Cloud
customers and its advisors such as Cloud architects and IT managers have
difficulty to map these out so they can assess the offerings, including terms and
conditions, let alone compare those with other offerings in order to make an
informed decision on what to services to use, what to expect and what to trust.
Even CSPs have difficulty in providing such comprehensive set, for several
reasons, including the lack of transparency of Cloud service offerings and the
unwillingness to make it possible for Cloud customers to compare its offerings
with competitors and other peers.
Use Case: Carve-Outs
Name: Assumptions, carve-outs & exclusions
Cloud service life-
cycle phase:
Preparation
Source: Legal practice
Description: If Cloud SLAs provided by Cloud customers describe certain
SLOs/attributes, it is important that any and all assumptions, carve-outs
and exclusions are correctly, clearly and accurately described ad detailed.
This ‘small-print’ is quite important in order to properly assess the
Cloud service, the offered levels thereof, and which SLOs/attributes
that are important for the Cloud customer are missing and need to
either be requested and negotiated out with such or another CSP, or be
taken into account as a risk and allocated otherwise such as with an
(additional) investment or insurance.
Use Case: Data Life Cycle Management
Name: Data Life Cycle Monitoring & Amendment
Cloud service life-cycle
phase:
Updates & Amendments
Source: Legal practice
Description: If CSP and the Cloud customer have made clear arrangements on the
classification and several types of data, the permitted use as well as the data life
cycle thereof per classes, type and deployment, and the monitoring of those
arrangements before parties execute the Cloud SLA, the execution and
operation phase of the SLA life cycle is the phase to monitor, audit, update and
where necessary amend those arrangements, not only to optimize the use of
the Cloud services but also to aim to prevent the risk of breach of contractual
or local legal requirements, and pro-actively mitigate incidents and related
damages in case such breach occurs.
Use Case: Data Portability
Name: Data portability
Cloud service life-
cycle phase:
Termination & Consequences of Termination
Source: Legal practice
Description: Cloud SLA rarely describes the data portability format,
data portability interface or the data transfer date. One of
the fundamental issues forgotten by both CSPs and Cloud
customers is describing exactly what data is with scope of
such portability arrangements, and what other data than
customer data needs to be made available, accessible and
transferable. This leads to discussions, vendor lock-in
incidents and other escalations that are to be avoided.
Use Case: Termination Clauses
Name: Termination Clauses
Cloud service
life-cycle phase:
Termination & Consequences of Termination
Source: Legal practice
Description: Cloud SLA rarely describes a proper and detailed
termination clause, while termination clause should
be the longest and most well-structured clauses in
any agreement. The Cloud customer is depending on
the cloud service, so should avoid any unexpected
and other unpleasant surprises, also to avoid vendor
lock-in incidents and other escalations.
Use Cases: It’s Up to You. Go Ahead, Shoot!
Name: Anything Goes!
Cloud service
life-cycle phase: Any phase
Source: Yours!
Description: We will fill it in. Let’s start & continue the dialogue.
Other Tips & Tricks:
 Expectation management & deal building start well before any negotiations
 Preparation & team work will lead to quicker and smoother time2deal
 Fair & effective deal making strategies to avoid escalation and ligitation
 Risk Allocation & Mitigation: Credits, Liability Scope, Cloud Insurance
Questions? Anything Goes!
Arthurslegal.com | @Arthurslegal
ZappliedPlatform.com | @Zapplied

More Related Content

What's hot

Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-TRichard Veryard
 
Go west young federation
Go west young federationGo west young federation
Go west young federationGluu
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudCognizant
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Updatekantarainitiative
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutionsijccsa
 
Legal challenges of cloud based enterprise 20
Legal challenges of cloud based  enterprise 20Legal challenges of cloud based  enterprise 20
Legal challenges of cloud based enterprise 20Kasia Szkuta
 
Hl7 vs fhir
Hl7 vs fhirHl7 vs fhir
Hl7 vs fhirThiyagu2
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uaeRishalHalid1
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAkantarainitiative
 
Kantara a Global Context 2011
Kantara a Global Context 2011Kantara a Global Context 2011
Kantara a Global Context 2011kantarainitiative
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...SafeNet
 
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS)
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS) AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS)
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS) ijccsa
 
Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & WhereMohammed Sajjad Ali
 
Protecting Personal Data in a IoT Network with UMA
 Protecting Personal Data in a IoT Network with UMA Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMAkantarainitiative
 
Cloud computing applications for e health
Cloud computing applications for e healthCloud computing applications for e health
Cloud computing applications for e healthHector Martin Garcia
 

What's hot (18)

MULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTUREMULTI-CLOUD ARCHITECTURE
MULTI-CLOUD ARCHITECTURE
 
Globalization and VPEC-T
Globalization and VPEC-TGlobalization and VPEC-T
Globalization and VPEC-T
 
Go west young federation
Go west young federationGo west young federation
Go west young federation
 
Ensuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the CloudEnsuring PCI DSS Compliance in the Cloud
Ensuring PCI DSS Compliance in the Cloud
 
Kantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG UpdateKantara - Consent & Information Sharing WG Update
Kantara - Consent & Information Sharing WG Update
 
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and SolutionsSecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
SecSecuring Software as a Service Model of Cloud Computing: Issues and Solutions
 
Trust Frameworks Explained
Trust Frameworks ExplainedTrust Frameworks Explained
Trust Frameworks Explained
 
Legal challenges of cloud based enterprise 20
Legal challenges of cloud based  enterprise 20Legal challenges of cloud based  enterprise 20
Legal challenges of cloud based enterprise 20
 
Hl7 vs fhir
Hl7 vs fhirHl7 vs fhir
Hl7 vs fhir
 
Data privacy and security in uae
Data privacy and security in uaeData privacy and security in uae
Data privacy and security in uae
 
Extending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMAExtending the Power of Consent with User-Managed Access & OpenUMA
Extending the Power of Consent with User-Managed Access & OpenUMA
 
Kantara a Global Context 2011
Kantara a Global Context 2011Kantara a Global Context 2011
Kantara a Global Context 2011
 
Draft TEFCA
Draft TEFCADraft TEFCA
Draft TEFCA
 
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...A Question of Trust: How Service Providers Can Attract More Customers by Deli...
A Question of Trust: How Service Providers Can Attract More Customers by Deli...
 
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS)
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS) AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS)
AUTHENTICATION SCHEME FOR DATABASE AS A SERVICE(DBAAS)
 
Moving to the Cloud When & Where
Moving to the Cloud When & WhereMoving to the Cloud When & Where
Moving to the Cloud When & Where
 
Protecting Personal Data in a IoT Network with UMA
 Protecting Personal Data in a IoT Network with UMA Protecting Personal Data in a IoT Network with UMA
Protecting Personal Data in a IoT Network with UMA
 
Cloud computing applications for e health
Cloud computing applications for e healthCloud computing applications for e health
Cloud computing applications for e health
 

Similar to Cloud Services As An Enabler

Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An EnablerSLA-Ready Network
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreementsCade Zvavanjanja
 
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')Cloud computing: 'everything you always wanted to know (but were aftaid to ask')
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')DLA Piper Nederland N.V.
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingJanine Anthony Bowen, Esq.
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesPeister
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0David Spinks
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDEryk Budi Pratama
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory  Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory  Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1David Spinks
 
Cloud computing
Cloud computingCloud computing
Cloud computinghundejibat
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud ComputingJoseph Williams
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computingmovinghats
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issuesAleem Mohammed
 
Cloud Computing & IT in the Boardroom
Cloud Computing & IT in the BoardroomCloud Computing & IT in the Boardroom
Cloud Computing & IT in the BoardroomBrendon Noney
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management Padma Jella
 
Intro to cloud computing
Intro to cloud computingIntro to cloud computing
Intro to cloud computingKashif Bhatti
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is CloudWilliam Lam
 

Similar to Cloud Services As An Enabler (20)

Cloud Services As An Enabler
Cloud Services As An EnablerCloud Services As An Enabler
Cloud Services As An Enabler
 
Cloud computing & service level agreements
Cloud computing & service level agreementsCloud computing & service level agreements
Cloud computing & service level agreements
 
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')Cloud computing: 'everything you always wanted to know (but were aftaid to ask')
Cloud computing: 'everything you always wanted to know (but were aftaid to ask')
 
Understanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud ComputingUnderstanding Minimizing And Mitigating Risk In Cloud Computing
Understanding Minimizing And Mitigating Risk In Cloud Computing
 
Cloud services and it security
Cloud services and it securityCloud services and it security
Cloud services and it security
 
Procurement Of Software And Information Technology Services
Procurement Of Software And Information Technology ServicesProcurement Of Software And Information Technology Services
Procurement Of Software And Information Technology Services
 
Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0Legal And Regulatory Issues Cloud Computing...V2.0
Legal And Regulatory Issues Cloud Computing...V2.0
 
Cloud
CloudCloud
Cloud
 
The Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA IDThe Art of Cloud Auditing - ISACA ID
The Art of Cloud Auditing - ISACA ID
 
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory  Hp Version V 2.1Cloud Security And Cyber Security Legal And Regulatory  Hp Version V 2.1
Cloud Security And Cyber Security Legal And Regulatory Hp Version V 2.1
 
02 05 d_51_cc_efiles
02 05 d_51_cc_efiles02 05 d_51_cc_efiles
02 05 d_51_cc_efiles
 
Governing in the Cloud
Governing in the CloudGoverning in the Cloud
Governing in the Cloud
 
Cloud computing
Cloud computingCloud computing
Cloud computing
 
IEEE PHM Cloud Computing
IEEE PHM Cloud ComputingIEEE PHM Cloud Computing
IEEE PHM Cloud Computing
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Cloud computing-security-issues
Cloud computing-security-issuesCloud computing-security-issues
Cloud computing-security-issues
 
Cloud Computing & IT in the Boardroom
Cloud Computing & IT in the BoardroomCloud Computing & IT in the Boardroom
Cloud Computing & IT in the Boardroom
 
Cloud computing Risk management
Cloud computing Risk management  Cloud computing Risk management
Cloud computing Risk management
 
Intro to cloud computing
Intro to cloud computingIntro to cloud computing
Intro to cloud computing
 
How Secure Is Cloud
How Secure Is CloudHow Secure Is Cloud
How Secure Is Cloud
 

More from SLA-Ready Network

The European Cloud Initiative
The European Cloud InitiativeThe European Cloud Initiative
The European Cloud InitiativeSLA-Ready Network
 
“Tools” and Standards for Cloud-SLA
“Tools” and Standards for Cloud-SLA“Tools” and Standards for Cloud-SLA
“Tools” and Standards for Cloud-SLASLA-Ready Network
 
European Open Science Cloud (EOSC) From vision to action
European Open Science Cloud (EOSC) From vision to actionEuropean Open Science Cloud (EOSC) From vision to action
European Open Science Cloud (EOSC) From vision to actionSLA-Ready Network
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Network
 
Making cloud SLAs readily usable in the EU private sector
Making cloud SLAs readily usable in the EU private sector Making cloud SLAs readily usable in the EU private sector
Making cloud SLAs readily usable in the EU private sector SLA-Ready Network
 
Helix Nebula Science Cloud Joint Pre‐Commercial Procurement
Helix Nebula Science Cloud Joint Pre‐Commercial ProcurementHelix Nebula Science Cloud Joint Pre‐Commercial Procurement
Helix Nebula Science Cloud Joint Pre‐Commercial ProcurementSLA-Ready Network
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Network
 
Getting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpGetting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpSLA-Ready Network
 
Getting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpGetting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpSLA-Ready Network
 
Practical tools supporting businesses when adopting cloud services
Practical tools supporting businesses when adopting cloud servicesPractical tools supporting businesses when adopting cloud services
Practical tools supporting businesses when adopting cloud servicesSLA-Ready Network
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Network
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachSLA-Ready Network
 
Bob Jones, CERN on PICSE: Procurement of cloud services in Europe
Bob Jones, CERN on PICSE: Procurement of cloud services in EuropeBob Jones, CERN on PICSE: Procurement of cloud services in Europe
Bob Jones, CERN on PICSE: Procurement of cloud services in EuropeSLA-Ready Network
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...SLA-Ready Network
 
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...SLA-Ready Network
 

More from SLA-Ready Network (19)

European CIO Association
European CIO AssociationEuropean CIO Association
European CIO Association
 
The European Cloud Initiative
The European Cloud InitiativeThe European Cloud Initiative
The European Cloud Initiative
 
“Tools” and Standards for Cloud-SLA
“Tools” and Standards for Cloud-SLA“Tools” and Standards for Cloud-SLA
“Tools” and Standards for Cloud-SLA
 
European Open Science Cloud (EOSC) From vision to action
European Open Science Cloud (EOSC) From vision to actionEuropean Open Science Cloud (EOSC) From vision to action
European Open Science Cloud (EOSC) From vision to action
 
GÉANT network
GÉANT networkGÉANT network
GÉANT network
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference Model
 
Making cloud SLAs readily usable in the EU private sector
Making cloud SLAs readily usable in the EU private sector Making cloud SLAs readily usable in the EU private sector
Making cloud SLAs readily usable in the EU private sector
 
Helix Nebula Science Cloud Joint Pre‐Commercial Procurement
Helix Nebula Science Cloud Joint Pre‐Commercial ProcurementHelix Nebula Science Cloud Joint Pre‐Commercial Procurement
Helix Nebula Science Cloud Joint Pre‐Commercial Procurement
 
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: the Strategic, Legal & Pragmatic Approach
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference Model
 
Getting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpGetting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can help
 
Getting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can helpGetting to grips with a Service Level Agreement and how SLA-Ready can help
Getting to grips with a Service Level Agreement and how SLA-Ready can help
 
Practical tools supporting businesses when adopting cloud services
Practical tools supporting businesses when adopting cloud servicesPractical tools supporting businesses when adopting cloud services
Practical tools supporting businesses when adopting cloud services
 
SLA-Ready Common Reference Model
SLA-Ready Common Reference ModelSLA-Ready Common Reference Model
SLA-Ready Common Reference Model
 
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachCloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic Approach
 
Are you SLA-Ready?
Are you SLA-Ready?Are you SLA-Ready?
Are you SLA-Ready?
 
Bob Jones, CERN on PICSE: Procurement of cloud services in Europe
Bob Jones, CERN on PICSE: Procurement of cloud services in EuropeBob Jones, CERN on PICSE: Procurement of cloud services in Europe
Bob Jones, CERN on PICSE: Procurement of cloud services in Europe
 
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
Massimiliano Raks, Naples University on SPECS: Secure provisioning of cloud s...
 
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...
Siani Pearson, HP Labs UK on a Common Vision for Governance, Accountability a...
 

Recently uploaded

How To Get Rich With Bitcoin Even If You Have No Clue About Technology
How To Get Rich With Bitcoin Even If You Have No Clue About TechnologyHow To Get Rich With Bitcoin Even If You Have No Clue About Technology
How To Get Rich With Bitcoin Even If You Have No Clue About Technologyzaidashadali00
 
How to track billable hours - a step-by-step guide
How to track billable hours - a step-by-step guideHow to track billable hours - a step-by-step guide
How to track billable hours - a step-by-step guideManagry
 
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and Compliance
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and CompliancePreventing Timesheet Fraud Strategies for Ensuring Accuracy and Compliance
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and ComplianceManagry
 
Institutions Supporting Small Business Enterprises.pptx
Institutions Supporting Small Business Enterprises.pptxInstitutions Supporting Small Business Enterprises.pptx
Institutions Supporting Small Business Enterprises.pptxshrinivas kulkarni
 
Expense Management Maximizing Efficiency for Business Success
Expense Management Maximizing Efficiency for Business SuccessExpense Management Maximizing Efficiency for Business Success
Expense Management Maximizing Efficiency for Business SuccessManagry
 
HDPE Pipe Fittings Manufacturer and Supplier
HDPE Pipe Fittings Manufacturer and SupplierHDPE Pipe Fittings Manufacturer and Supplier
HDPE Pipe Fittings Manufacturer and SupplierBhavin Kanani
 
What is the Best Way to Track Employee Vacation Time?
What is the Best Way to Track Employee Vacation Time?What is the Best Way to Track Employee Vacation Time?
What is the Best Way to Track Employee Vacation Time?Managry
 
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdf
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdfPath to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdf
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdfContent Strategy Inc.
 
Establishing An Enterprise and Project Management.pptx
Establishing An Enterprise and Project Management.pptxEstablishing An Enterprise and Project Management.pptx
Establishing An Enterprise and Project Management.pptxshrinivas kulkarni
 
Analysis Of FaarmTech | BBA | Business Plan
Analysis Of FaarmTech | BBA | Business PlanAnalysis Of FaarmTech | BBA | Business Plan
Analysis Of FaarmTech | BBA | Business Planmohsinrai101
 

Recently uploaded (10)

How To Get Rich With Bitcoin Even If You Have No Clue About Technology
How To Get Rich With Bitcoin Even If You Have No Clue About TechnologyHow To Get Rich With Bitcoin Even If You Have No Clue About Technology
How To Get Rich With Bitcoin Even If You Have No Clue About Technology
 
How to track billable hours - a step-by-step guide
How to track billable hours - a step-by-step guideHow to track billable hours - a step-by-step guide
How to track billable hours - a step-by-step guide
 
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and Compliance
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and CompliancePreventing Timesheet Fraud Strategies for Ensuring Accuracy and Compliance
Preventing Timesheet Fraud Strategies for Ensuring Accuracy and Compliance
 
Institutions Supporting Small Business Enterprises.pptx
Institutions Supporting Small Business Enterprises.pptxInstitutions Supporting Small Business Enterprises.pptx
Institutions Supporting Small Business Enterprises.pptx
 
Expense Management Maximizing Efficiency for Business Success
Expense Management Maximizing Efficiency for Business SuccessExpense Management Maximizing Efficiency for Business Success
Expense Management Maximizing Efficiency for Business Success
 
HDPE Pipe Fittings Manufacturer and Supplier
HDPE Pipe Fittings Manufacturer and SupplierHDPE Pipe Fittings Manufacturer and Supplier
HDPE Pipe Fittings Manufacturer and Supplier
 
What is the Best Way to Track Employee Vacation Time?
What is the Best Way to Track Employee Vacation Time?What is the Best Way to Track Employee Vacation Time?
What is the Best Way to Track Employee Vacation Time?
 
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdf
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdfPath to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdf
Path to Traditional Pub - BookFest 2024 presentation - 03-23-2024.pdf
 
Establishing An Enterprise and Project Management.pptx
Establishing An Enterprise and Project Management.pptxEstablishing An Enterprise and Project Management.pptx
Establishing An Enterprise and Project Management.pptx
 
Analysis Of FaarmTech | BBA | Business Plan
Analysis Of FaarmTech | BBA | Business PlanAnalysis Of FaarmTech | BBA | Business Plan
Analysis Of FaarmTech | BBA | Business Plan
 

Cloud Services As An Enabler

  • 1. Cloud Services As An Enabler The Strategic, Legal & Pragmatic Approach Janneke Breeuwsma Breeuwsma@arthurslegal.com
  • 2. Arthur’s Legal Tech Law Firm By Design. Est. 2001 The next level law firm: Compact Core + Trusted Outsourcing + Lot’s of Tech & Tools Janneke Breeuwsma: Lawyer: Digital, Data, Privacy & Technology Cloud & Data: Cooperates with European Commission, global organizations including many universities worldwide. Frequent speaker at leading international conferences. Practice What you Preach: Arthur's Legal technology partner Zapplied Platform is helping organizations with practical and user-friendly artificial intelligence to optimize and automate knowledge engineering, document generation, deal/relation life cycle management and collaboration.
  • 4. Risks, Comfort & Trust in the Cloud Major Cloud Services & Digital Single Market Challenge: For the 80% not yet using paid cloud services, insufficient knowledge is the main blocking factors (42%). For the 20% using paid cloud services, the risk of a security breach is the main limiting factor (39%). Eurostat (EC)
  • 5. Risks, Comfort & Trust in the Cloud Cybersecurity & Data Protection: Threat or Strength?
  • 6. European Commission Priority: Digital Single Market C-SIG Drafting Group DG CNECT: EC Cloud SLA Standardisation Guidelines, ISO/IEC 17788, ISO/IEC 19086, and other standards. Improve transparency, bridging the disconnect between supply and demand, and increase the uptake of cloud computing by making it easier for and empower 20.000.000+ EU SMEs to understand SLAs. Digital Society, Digital Economy & DSM
  • 7. Use Cases Common Reference Model Requirements Cloud SLOs & SLAs SME MARKET TO SLA(RELATED) REQUIREMENTS & STANDARDS, AND VICE VERSA Common Reference Model Cloud SLOs & SLAs SME 5 Basic Knowledge EC Cloud SLA Standardisation Guidelines, Document IU Requirements & Cloud SLA/SLO related International Standards SME 1 Novice SME 2 Basic Knowledge SME 3 Experienced SME 6 Experienced Use Case Recognition UC A UC B UC C UC D UC E UC F SMEs ARTHUR’S LEGAL LAYERED METHODOLOGY SME 4 Novice
  • 8. Start with Common Understanding: Definitions
  • 9. Start with Common Understanding: Definitions Data is not a four letter word EC Cloud Service Level Agreement Standardisation Guidelines (v20140828) 3D approach | Multi-story of connected data types | Classified data | Sensitive data | Personal data | Derived data | Proprietary data | IPR | Encrypted data, with or without Tokenization | Every kind of data needs to be addressed differently. Data Data of any form, nature or structure, that can be created, uploaded, inserted in, collected or derived from or with cloud services and/or cloud computing, including without limitation proprietary and non-proprietary data, confidential and non-confidential data, non-personal and personal data, as well as other human readable or machine readable data.
  • 10. Ethics & Accountability Law & Legislation Official Policies Standardisation & Certification Market Self-regulatory & Contractual Risk Allocation & Insurance Technology Case Law Human & Society Ecosystem for Technology & The Rule of Law
  • 11. Value Chain of Services = Pandora’s Box of SLAs, or Value Added Ecosystem? Hyperconnected, accountable Value Chain: to serve B2x, G2x, C2x, Peer2Peer Software as-a-Service Platform as-a-Service Infrastructure as-a-Service SLA SLA SLA SLA SLA SLA SLA SLA SLA SLA SLA SLA SLA SLA
  • 12. International Standardisation & Best Practices 4 Main Categories Service Level Objectives (SLOs) 1. Performance 2. Security 3. Data Management 4. (Personal) Data Protection SLA Life Cycle: Assess, Select, Negotiate/Contracting, Execute, Monitor, Update & Terminate Data Life Cycle: Create/derive, Store, Use/Process, Share, Archive, Destroy Out of ScopeWithin Scope
  • 13. EU CyberSecurity Service Legal Objectives Chapter 4 EC SLA Standardisation Guidelines International Standarisation & Best Practices (2)
  • 14. Where to Find the Cloud Services Agreement? * 1. Service Agreement / Master Services Agreement (MSA) 2. Service Level Agreement (SLA) 3. Service Description 4. Acceptable Use Policy 5. Privacy Policy & Data Processor Agreement 6. Privacy Level Agreement 7. Security Policy 8. Business Continuity Policy / Disaster Recovery Plan * Make sure to obtain & understand the complete set of documents
  • 15. Use Case: Access to & Usability of Cloud SLAs Name: Document transparency Cloud service life-cycle phase: Assessment Source: Legal practice Description: It is not easy to find or otherwise obtain Cloud SLAs in general, and a comprehensive set of related documents in general that sets out the complete scope of Cloud service offerings and related legal rights and obligations. Cloud customers and its advisors such as Cloud architects and IT managers have difficulty to map these out so they can assess the offerings, including terms and conditions, let alone compare those with other offerings in order to make an informed decision on what to services to use, what to expect and what to trust. Even CSPs have difficulty in providing such comprehensive set, for several reasons, including the lack of transparency of Cloud service offerings and the unwillingness to make it possible for Cloud customers to compare its offerings with competitors and other peers.
  • 16. Use Case: Carve-Outs Name: Assumptions, carve-outs & exclusions Cloud service life- cycle phase: Preparation Source: Legal practice Description: If Cloud SLAs provided by Cloud customers describe certain SLOs/attributes, it is important that any and all assumptions, carve-outs and exclusions are correctly, clearly and accurately described ad detailed. This ‘small-print’ is quite important in order to properly assess the Cloud service, the offered levels thereof, and which SLOs/attributes that are important for the Cloud customer are missing and need to either be requested and negotiated out with such or another CSP, or be taken into account as a risk and allocated otherwise such as with an (additional) investment or insurance.
  • 17. Use Case: Data Life Cycle Management Name: Data Life Cycle Monitoring & Amendment Cloud service life-cycle phase: Updates & Amendments Source: Legal practice Description: If CSP and the Cloud customer have made clear arrangements on the classification and several types of data, the permitted use as well as the data life cycle thereof per classes, type and deployment, and the monitoring of those arrangements before parties execute the Cloud SLA, the execution and operation phase of the SLA life cycle is the phase to monitor, audit, update and where necessary amend those arrangements, not only to optimize the use of the Cloud services but also to aim to prevent the risk of breach of contractual or local legal requirements, and pro-actively mitigate incidents and related damages in case such breach occurs.
  • 18. Use Case: Data Portability Name: Data portability Cloud service life- cycle phase: Termination & Consequences of Termination Source: Legal practice Description: Cloud SLA rarely describes the data portability format, data portability interface or the data transfer date. One of the fundamental issues forgotten by both CSPs and Cloud customers is describing exactly what data is with scope of such portability arrangements, and what other data than customer data needs to be made available, accessible and transferable. This leads to discussions, vendor lock-in incidents and other escalations that are to be avoided.
  • 19. Use Case: Termination Clauses Name: Termination Clauses Cloud service life-cycle phase: Termination & Consequences of Termination Source: Legal practice Description: Cloud SLA rarely describes a proper and detailed termination clause, while termination clause should be the longest and most well-structured clauses in any agreement. The Cloud customer is depending on the cloud service, so should avoid any unexpected and other unpleasant surprises, also to avoid vendor lock-in incidents and other escalations.
  • 20. Use Cases: It’s Up to You. Go Ahead, Shoot! Name: Anything Goes! Cloud service life-cycle phase: Any phase Source: Yours! Description: We will fill it in. Let’s start & continue the dialogue.
  • 21. Other Tips & Tricks:  Expectation management & deal building start well before any negotiations  Preparation & team work will lead to quicker and smoother time2deal  Fair & effective deal making strategies to avoid escalation and ligitation  Risk Allocation & Mitigation: Credits, Liability Scope, Cloud Insurance
  • 22. Questions? Anything Goes! Arthurslegal.com | @Arthurslegal ZappliedPlatform.com | @Zapplied