Good evening!So, Technology: Inside the black box.Quick introductions first…
…My name is Mark Wilson…
…and I work for the Chief Technology Officer at Fujitsu in the UK and Ireland
One quick word of warning. I am a geek by training… but I’m told I’m on the mend and, with a few more years treatment, I should be cured…
Seriously though, I’m officially known as a Strategy Consultant, but I prefer the term “technologist”, or “technology strategist
My job is to take Fujitsu’s vision, together with market analysis and a variety of other sources and highlight where technology is heading to support Fujitsu’s reputation as innovative technology leaders.
But, I’m sure you’ll be pleased to hear, I’m not here to sell to you tonight…
The first rule of presenting is know your audience!And, I’m a little nervous that I don’t really know a lot about the Society for Computers and Law… and, as IT lawyers, you guys know quite a bit about tech?So who here would consider themselves to be proficient with technology?Is there anyone who works in IT law but really thinks “what the hell is all this geek stuff?”Well, the good news for anyone in that second category is that, even with a technical background, there’s a lot of stuff which goes way over my head. I’m guessing that, as lawyers, your family and friends expect you to know everything and everything about all aspects of the law… and the same goes for IT folk like me. Whatever we do we are expected to be able to fix any problem on anyone’s computer… indeed, my first call this morning was to check out a virus on my father-in-law’s computers - and it’s been a while since I did desktop support as my day job!I’m going to try and build out a picture of how we deliver IT in the enterprise with the aim that, next time you are negotiating a contract, you can understand why we insist on doing certain things.But please, please, don’t let me patronise you. If you think this is pitched at too low a level, then stop me, and we’ll see what we can do to correct it. Similarly, if I gloss over something and you want me to explain more… then let me know!
When James Taylor and I named this presentation, we called it “Technology: inside the black box”. Perhaps we weren’t being particularly imaginative but wouldn’t it be nice if we could treat tech as something that “just works” and that could be plugged in to a solution.
Often, the term “black box” is used to describe a flight recorder for an aeroplane. So, when I was putting this presentation together I was amused to find that they are not actually black boxes at all…Image from http://en.wikipedia.org/wiki/File:Flightrecorder.jpg - Creative Commons Attribution Sharealike 3.0 license (http://creativecommons.org/licenses/by-sa/3.0/)
Wikipedia has a nice definition of a “black box”.The trouble is, as much as we would like to, we can’t really treat commercial agreements as black boxes.
Fundamentally, we don’t design systems in isolation, we design solutions – and successful implementation relies on a combination of people, process and technology.
Even as those solutions become commoditised, there are complex considerations but there also are ways that we can design and manage our IT systems conceptually, logically and physically.Image from http://www.gapingvoid.com/complicated127.jpg - Attribution-NonCommercial-NoDerivs 3.0 Unported (http://creativecommons.org/licenses/by-nc-nd/3.0/)
We can work from the top down (taking an holistic view and drilling down into the detail), or bottom-up (starting out with the detailed requirements and building out to create a solution). Typically, the IT guys are happiest with a bottom up approach, whilst the architects and IT Managers want to take a top-down view……sometimes these views meet in the middle ;-)
Commonly though, we think in terms of business, application, and technology when we design services. Within our architectures, we have “frameworks” of “services” and, in a moment, I’m going to take you through some of services (grouped into “families” within these three “domains”).The framework I’m going to build out here is Fujitsu’s model but it should be fairly standard across organisations.
A service is considered a business service if it has a process or people element to it.The Business layer is about business processes, services, functions and events of business units. This layer "offers products and services to external customers, which are realised in the organisation by business processes performed by business actors and roles".So, you can see here the corporate governance functionality that is essential for the company to remain “on the straight and narrow”; the line of business functions and the supporting functions found in just about any organisation – we all need to control finance, HR, to manage our offices and other facilities, and to control the procurement processes.Underpinning all of this are the IT functions, organised as services, with supporting service management.Some business services are not what they seem, in that they provide IT functionality: for example Service Management. This is because the IT Service Management functionality provided is predominately process related. The process here is called ITIL. (I’ll come back to service management in a short while).
The Application layer is about software applications that "support the components in the business with application services".Not shown on this diagram are any specific applications for a given industry, but you can see the key business capabilities, with a supporting layer of information management. The only reason that there are no industry-specific applications here is that this is a generic model. IT Delivery is about those applications that provide specific functionality that’s required by other services in the model.
The Technology layer deals "with the hardware and communication infrastructure to support the Application Layer [mostly infrastructure]".A service is considered a technology service if it contains neither business process/people or business application elements, but is still technology. Examples of a Technology Service are web server, messaging, network or data persistence.The technology services are broken into application platforms and end user infrastructure; underpinned by compute platforms and communications; with security and enterprise management wraparounds.When we talk about infrastructure, I normally draw comparisons with household plumbing – or electrics – you don’t want to spend money on them, but when something goes wrong, you know about it!
Some Services will need to consume functionality provided by another service to function. An example of this is that a CRM Application Service will consume the Data Persistence Technology Service, to store the CRM data in. Services can only consume Service within their layer, or a lower layer:Offerings can contain Business, Application and Technology Service. Business services can consume other Business Services, Application Services, or Technology Services Application Services can consume other Application Services, or Technology Services, and Technology Services can only consume other Technology Services.
I’ll come back to the technology reference model in a moment but I want to introduce a few more concepts first of all.When we design solutions, we always start from requirements. I say always, but it’s remarkably common across the industry to have no, or poorly-specified requirements: which, in my view, is a major contribution to failure of IT projects. I have, in the past, worked in a team that resorted to working through pages of contract schedules to try and determine the requirements against which we needed to design and I can tell you that’s far from ideal…Where requirements are stated, they may be broken into functional and non-functional requirements. Functional requirements are generally simple – something either functions as specified or it doesn’t; but the non-functionals are often open to interpretation [click to build]. For example, how do we define that a system “must be secure” – no system is 100% secure so what threats must it be able to withstand, and for how long? Performance is equally vague - and availability is only useful when we know what period it’s being measured over. 99.99% availability is all well and good; but does that mean over a 24x7 operation, or just within core hours on weekdays? Those considerations make a big difference when we design systems – and that affects the cost; and the service delivery. Indeed, it’s worth considering existing internal service levels when specifying the requirements to an external service provider as a recent Harvard Business Review post suggests that internal IT departments range from 97-99.1% uptime – much lower than a typical cloud service agreement (source: http://blogs.hbr.org/cs/2011/07/coming_to_terms_with_the_consu.html)Ultimately there is a balance between the value architecture (what the customer wants to buy) and the service management architecture. [click to build]We need service management because it puts in place the checks and balances to respond when IT goes wrong because we’re generally talking about complex solutions of interconnected services and there is a lot to manage.
But you don’t have service management for your car - so why do you need it for IT?Think about the volumes: if you manage a fleet of vehicles (whether that’s a fleet of company cars or a major international haulier), you have service management.It’s the same for IT – a few computers at home or in a small business are no big deal; but what about 1000, 10 000, 100 000?Audi image from audi.co.uk website (configurator); Eddie Stobart image from http://www.stobartgroup.co.uk/media/photo-library/
You’ll probably hear me referring to “cloud” a lot this evening.Cloud computing is a major trend in our industry. There are many definitions of “cloud” but ultimately, it’s a business (not a technology) model that moves us towards buying IT services on a utility basis, just as we do for electricity. It’s not necessarily less expensive, but it does have the potential to simplify IT operations and to offer unparalleled levels of flexibility and agility in service provision. And you’ll be hard-pushed to find an IT organisation (customer or vendor) that is not affected in some way.
We define cloud computing as shown here. The key points are that it follows a subscription-based model; is “elastic”; normally multi-tenant; and involves a degree of self-service. There are various types of cloud service: we’ve shown the main five here [describe each one]; and there are various locations for clouds: public is shared; private isn’t; community clouds are shared between a closed group of business partners. I’ve used a colleague’s slide here but I’d add a fourth location – hybrid: for clouds that cross the divide between public and private, with resources being switched between the two.
Virtualisation is a model that’s become common in recent years to improve resource utilisation and reduce power consumption.By creating logical “containers” of computing resource we can run several computers’ worth of activities side by side on one physical computer. We can virtualise other infrastructure too, doing smart things with storage, for example. And increasingly we use application virtualisation to assist when an old version of software doesn’t co-exist with more recent applications.Taking that shipping container analogy a little further, we actually use specialist containers to create modular data centres these days.
Right about now, I figure we’ve had enough PowerPoint.I understand that there’s at least on Dilbert fan in the audience this evening and I was going to put a strip in here about “PowerPoint poisoning” but I couldn’t really justify the license fee (http://dilbert.com/strips/comic/2000-08-16/)!Suffice to say, I’m going to switch to the whiteboard and talk about some of the services that we’ve seen in the business, application and technology reference architectures.[Build out some computing models on a white board. Start with PC, connect to server. Talk about redundancy. Then multiple servers. Those servers are in a datacentre. Multiple datacentres. Resilient links. Multiple geographies. Talk about thin clients, and virtual desktops, etc.][Ask the audience to call out terms that they would like to have described]Image from http://www.pptbackgrounds.net/blackboard-backgrounds.html
I mentioned at the head of this presentation that I normally talk about where technology is heading, rather than where we are.Before I finish my presentation, I’d like to highlight a website that might be of interest to those of you who would like to understand more about where technology is heading over the next few years.
Technology Perspectives is a Fujitsu website, but it’s not about selling Fujitsu products and services – it’s actually intended to provide some background context for strategic planning.We want to help our customers to recognise the patterns that are driving technology change so that they may understand the technology and business change I mentioned at the start of my presentation, and plan for its implications.With that in mind, we’ve made 12 predictions around 9 key trends that we see occuring in the near-future.You can read more (and download the entire report) at http://technology-perspectives.com/
This slide shows an architecture for future IT, with employees using their own IT to access cloud based applications across the Internet, corporates backing their data up, and data being captured from many, many sensors.
So, my time is pretty much up – I hope it’s been useful and interesting.
I said I wasn’t here to sell tonight, but I’d like to highlight some resources that may be useful.My team runs the CTO Blog for the UK and Ireland, where we try to comment on a number of issues at the intersection of business and technology. You can also find some of our presentations (including this one) on SlideShare.Technology Perspectives is our global view on the trends that are affecting IT decision makers right now – and it’s worth a read.And if you want to contact me then here are my details, including my Twitter alias, where I can be found at all sorts of strange times of day and night…Thank you for listening!
The following slides were removed from the main presentation but provide some supplementary information
I’m going to try and talk this evening about some of the issues I see in my work where IT and the law are slightly out of alignment and maybe even on a collision course?Image source: http://en.wikipedia.org/wiki/File:Train_wreck_at_Montparnasse_1895.jpg – Public Domain
Business and technology are becoming increasingly complex at an accelerating pace
But our legal system is steeped in tradition and sometimes struggles to keep pace…
We see four main areas of misalignment between technology and the law and I’m going to spend just a few minutes talking about each of these, before I open up the “black box of enterprise IT” and talk about some of the technology that we use.
There’s a lot reported in the media about how file sharing is bad, and how it costs the entertainment industry millions in lost revenue.But this is not new. Do you notice the “cassette and crossbones” symbol on this logo? It’s a parody of the “home taping is killing music” campaign that the British Phonographic Industry ran in the 1980s. I couldn’t use the actual logo from that campaign because it’s copyright! [source: http://en.wikipedia.org/wiki/Home_Taping_Is_Killing_Music].For those who aren’t aware, The Pirate Bay is an example of a popular website for sharing media using a technology called BitTorrent that allows downloads of portions of a file from several computers (called peers) across the Internet. This gives rise to the term peer to peer (or P2P) networking. According to Wikipedia, earlier this month it was ranked as the 88th most popular website in the world (source: http://en.wikipedia.org/wiki/Pirate_bay)So peer to peer file sharing is bad, right? Well, it depends what you use it for! Although some ISPs may limit P2P traffic, legitimate uses of BitTorrent include distributing free software (Linux distributions) and, until 2008, the BBC iPlayer TV catch-up service used peer to peer technologies (source: http://en.wikipedia.org/wiki/BBC_iPlayer http://twitter.com/#!/BBC_ipdesk/status/91155385288888320).I’m not condoning the use of this technology for illegal purposes but I am highlighting it’s not exactly as it’s sometimes portrayed…Image from http://en.wikipedia.org/wiki/File:The_Pirate_Bay_logo.svg – Kopomi license
More seriously, intellectual property is something that’s fiercely guarded by some companies and sometimes even used to protect a market. Whilst not as heavily guarded as, for example, the pharmaceutical industry, there is a lot of technology innovation that is either protected or licensed to others. Does anyone here have a Google Android phone, by the way?Well, patent licensing deals mean that Microsoft stands to make around $1bn next year from Android. That’s more than it’s own Windows Phone business! [source: http://techcrunch.com/2011/07/13/scott-you-just-dont-get-it-do-ya/]There is intense debate over the extent to which software patents should be granted, if at all. Important issues concerning software patents include:Where the boundary between patentable and non-patentable software should lie;Whether the inventive step and non-obviousness requirement is applied too loosely to software; andWhether patents covering software discourage, rather than encourage, innovation.[source: http://en.wikipedia.org/wiki/Software_patent]Even Open Source software comes with licensing/legal implications – there are a plethora of licenses to consider, particularly when modifications are made to the software.Image from http://en.wikipedia.org/wiki/File:Trident_II_missile_image.jpg – public domain
In February 2011, there were 206 requests for “take downs” from Google’s Android Market (an application store for the popular Google Android smartphone operating system) [source: http://www.chillingeffects.org/weather.cgi?WeatherID=648]. I have no equivalent figures available for the Apple Appstore but it’s common practice for brands to protect themselves against trademark infringements.Even so, sometimes this results in what might be considered “shooting oneself in the foot”. I was recently alerted to a handy application called “Find a Starbucks” that had to be relaunched as “Coffee Fix”. After all, why would Starbucks want someone to develop an app that drives business to their stores? Sure, I’m being flippant (it is important to protect trademarks, etc. or else run the risk of losing the mark in certain jurisdictions) but take another example, Coca Cola. When their unofficial fan page on Facebook became popular, they employed it’s founders to run the site for them on an official basis and it’s gone on to accumulate more than 32 million fans.Coffee Fix graphic via Andy Piper on Google+Coca-ColaFacebook story from http://www.ajc.com/business/content/business/coke/stories/2009/03/30/coke_facebook_page.htmlCoca-Colalogo from http://coca-cola-art.com/2008/10/08/free-coca-cola-vectors/Coca-Cola bottle from http://www.facebook.com/cocacola26 million fans from http://www.coca-cola.co.uk/125/coca-cola-fun-facts-infographic.html
Here in the UK, an injunction whose existence and details may not be published, in addition to the facts or allegations injuncted, became informally known as a "super-injunction". Earlier this year one such judgement became the source of much ridicule when a Premier League footballer was named on Twitter as having an alleged affair with former Miss Wales Imogen Thomas. An MP, John Hemming, used parliamentary privilege (for the second time this year, and receiving a warning from the speaker of the House of Commons in the process) to highlight the issue of newspapers being banned from reporting whilst the public can use the Internet with little recourse.http://en.wikipedia.org/wiki/2011_British_privacy_injunctions_controversy#Parliamentary_privilegeImage from http://en.wikipedia.org/wiki/File:Ryan_Giggs_vs_MLS_All_Stars_2010.jpg – Creative Commons Attribution 2.0 Generic 2.0 license (http://creativecommons.org/licenses/by/2.0/deed.en_GB)
Then there’s impersonation. The examples here are parodies on the social networking site, Twitter.Fake Steve Jobs and Elizabeth Windsor are clearly just a bit of fun, but what about the spoof BP Public Relations Account which appears shortly after the Deepwater Horizon incident in 2010. The real account (@BP_America) has far fewer followers but Newsweek ran an article highlighting that at times it was difficult to spot the difference [source: http://www.newsweek.com/2010/06/04/bp-s-global-pr-vs-bpglobalpr.html]More topical is the Rupert Murdoch parody. I wouldn’t like to offend anyone here tonight from News International but it’s safe to say I wouldn’t want my name, or a brand that I was responsible for to be impersonated in this manner.
In the days when our computers were confined to one office, or one company it was relatively simple to legislate. The Computer Misuse Act, for example, still has its uses, even though it pre-dates the world wide web. I’m told, by a criminologist and journalist (@ZackWhittaker), that sometimes vague laws can be good. Then there are laws like the Data Protection Act. Because this falls under the European Data Protection Directive, it works well in a pan-European context but what happens when there’s not parity with other nations – then things start to fall down.I won’t pretend to be an expert on this (I am not a lawyer, etc. etc.) but I understand, via that same journalist) that the United States Patriot Act trumps the European Union Data Protection Directive and companies that do business in the United States (in particular American companies) may, under certain circumstances, be forced to hand over data, even if it’s stored in European data centres. In an IT industry that’s increasingly global, that’s a concern.Of course, America is not the only concern, but the Internet was “invented” by the US Military and the United States is only too happy to flex its legal muscle. The Gary McKinnon extradition case for hacking the Pentagon is well known but Richard O’Dwyer is facing extradition because the website he ran used a .net domain name (registered in the United States) address, even though he is a UK Citizen and the server he used is outside the USA and the data he is accused of sharing didn’t even reside on his server!Or course, we have our own controversial laws too (like the Regulation of Investigatory Powers Act) – and I can’t even attempt to go into the details; my point is that as we work (and trade) in an increasingly global society, the legal complexities could become significant.Sources:http://www.zdnet.com/blog/igeneration/summary-zdnets-usa-patriot-act-series/9233http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225http://www.zdnet.com/blog/igeneration/eu-demands-answers-over-microsofts-patriot-act-admission/11290http://www.zdnet.com/blog/igeneration/patriot-act-vs-european-law-what-are-the-likely-outcomes/11365http://en.wikipedia.org/wiki/Key_disclosure_law#United_Kingdomhttp://www.zdnet.co.uk/blogs/500-words-into-the-future-10014052/its-1-am-do-you-know-where-your-data-is-10023368/http://blogs.hbr.org/cs/2011/07/coming_to_terms_with_the_consu.htmlhttp://www.guardian.co.uk/law/2011/jun/17/student-file-sharing-tvshack-extraditionhttp://en.wikipedia.org/wiki/Richard_O%27Dwyer
Cloud computing is a major trend in our industry. There are many definitions of “cloud” but ultimately, it’s a business (not a technology) model that moves us towards buying IT services on a utility basis, just as we do for electricity. It’s not necessarily less expensive, but it does have the potential to simplify IT operations and to offer unparalleled levels of flexibility and agility in service provision. And you’ll be hard-pushed to find an IT organisation (customer or vendor) that is not affected in some way.If we look at traditional IT, we have always had infrastructure (compute, storage, communications networks, etc.) upon which we have layered middleware, business applications and finally the data. Over time, we’ve grown used to parts of the stack being outsourced, and maybe even with administration occurring offshore. As this happens, the level of legal complexity increases; for example if my Oracle middleware development is being outsourced to an Indian service provider, it’s not exactly trivial but once the business applications and the data go offshore, we enter whole new levels of complexity.And it’s just the same with the cloud, infrastructure as a service (offering compute, storage and network services on a subscription basis), platform as a service (offering a platform upon which to create applications as a service), software as a service (subscription-based applications) and data as a service – each level is progressively more complex in terms of balancing service with flexibility and legal/contractual cover.
It’s important to note that, in order to provide the flexibility and pricing that companies expect from cloud service providers, so-called “public” cloud services are (generally) multi-tenant and highly standardised.But when it comes down to the contracts that are used to govern cloud service provision, research suggests that there are significant issues around their effectiveness and the protection that they provide: for the client or for the service provider.These issues are around enforceability, liability, disclaimers (re: guarantee of service provision or continuity; or re: confidentiality), choice of law and jurisdiction, data disclosure, data recovery (e.g. following termination of service, what are the grace periods? What about data portability? What about data deletion?); subcontracting; intellectual property.Other legal issues include data ownership, data protection, competition law (lock-in vs. interoperability/portability), consumer protection laws, running software in the cloud (software patents and export controls, e.g. on cryptography), and tax.It is possible to negotiate cloud contracts, but it’s not common and generally only happens when the cloud service provider wants your business. You have to be pretty large to get Amazon or Google interested in you as a customer (I’m just using these two as examples – I’m sure it’s the same for many other providers too).Source: Kuan Hon at Cloud Camp (7 July 2011) and UnVirtual (13 July 2011) unconferences.See also http://www.cloudlegal.ccls.qmul.ac.uk/ and http://www.computerweekly.com/blogs/david_lacey/2010/09/cloud_computing_contracts.htmlQMUL logo from http://www.dir.qmul.ac.uk/
Credit due to Kuan Hon at Queen Mary University London for this slide.Not just cloud – applies to traditional IT delivery too, but cloud is becoming ever more prominent…
Technology, Inside the Black Box
Technology: Inside the black box<br />Mark Wilson<br />Society for Computers and Law, Junior Lawyers’ Group: July 2011<br />
geek(gēk), noun<br />Obsessive computer user: somebody who enjoys or takes pride in using computers or other technology, often to what others consider an excessive degree<br />Someone with greater than normal computer skills<br />
A black box?<br />Image source: Wikipedia<br />
“In science and engineering, a black box is a device, system or object which can be viewed solely in terms of its input, output and transfer characteristics without any knowledge of its internal workings, that is, its implementation is ‘opaque’ (black).”<br />Source: Wikipedia<br />
Functional<br />Things that a system must do<br />Clearly defined<br />Often a simple yes/no<br />For example, “the system must be able to store customer data”<br />Non-functional<br />Security<br />Performance<br />Availability<br />etc.<br />For example, “the system must be capable of storing 40bn customer records with retrieval in less than 1 second”<br />Requirements<br />This is the stuff that<br />causes problems<br /><ul><li>Hence, we have Service Management
Because IT can and does go wrong</li></li></ul><li>Do we really need service management?<br />Image source: Stobart Group Media Library<br />
It is self-service</li></ul>Business Process<br />(BPaaS)<br />Data<br />(DaaS)<br />Software<br />(SaaS)<br />Platform<br />(PaaS)<br />Infrastructure <br />(IaaS)<br />Public<br />Community<br />Private<br />
Creating “containers” of computing resource<br />Run several “virtual machines” on one physical computer<br />Securely isolated from one another<br />Been around in various forms for 40+ years<br />Taken over PC server market in recent years but possible to virtualise many other infrastructure technologies<br />Application virtualisation is becoming increasingly popular:<br />Sandbox applications from one another – helps run legacy applications on modern systems and can also<br />And talking of shipping containers… we use them for to build modular datacentres these days…<br />Virtualisation<br />
We’re experiencing rapid changes in the world of business and technology<br />IT systems are often complex, with good reasons<br />We took a look inside the “black box”<br />Top down and bottom up views<br />Its always the non-functional requirements that cause difficulties<br />Service management is used to control non-functional requirements<br />We’ve looked at a reference architecture and highlighted some key terms<br />We’ve taken a quick look at the potential future direction for IT<br />In summary<br />
CTO Blog:<br />uk.fujitsu.com/blogs/cto<br />slideshare.net/fujitsu_uk<br />Technology Perspectives:<br />technology-perspectives.com<br />Contact me:<br />+44-7867824753<br />email@example.com<br />@markwilsonit *<br /> * Personal views, not endorsed by Fujitsu<br />More information<br />
Preventing challenges<br />Protecting a market<br />IP as a weapon<br />Image source: Wikipedia<br />
Brands need to protect intellectual property but can sometimes shoot themselves in the foot<br />Find a Starbucks app now relaunched as Coffee Fix<br />Cease and desist… or embrace?<br /><ul><li>Coca Cola took a different approach and employed the guys who set up their Facebook fan page:
Now has over 32 million fans and growing (13 July 2011)</li></li></ul><li>Privacy<br />In a world of social networking<br />
“With about 75,000 people having named Ryan Giggs on Twitter it is obviously impracticable to imprison them all and with reports that Giles Coren also faces imprisonment... the question is what the Government's view is on the enforceability of a law which clearly does not have public consent?”<br />[John Hemming, MP: 23 May 2011]<br />“Super-injunctions” vs. Twitter<br />Image source: Apasciuto on Flickr, via Wikipedia<br />
<ul><li>Is parody something to be concerned about?</li></ul>Impersonation <br /><ul><li>What about this one?
Or this one?</li></li></ul><li>International boundaries<br />In a global Internet society<br />
Centre for Commercial Law Studies at Queen Mary University of London carried out analysis into cloud terms and conditions:<br />31 cloud providers<br />Found that terms were generally:<br />Predictable<br />Inappropriate, unenforceable or illegal<br />Didn’t take into account complexity and multiple dependencies<br />Many practical questions to be answered<br />Whilst negotiated cloud contracts are possible, they are not commonplace<br />Examples include Google and the City of Los Angeles<br />Some thoughts on cloud contracts<br />
Any of these considerations could be applied to any IT service contract<br />Procurement process<br />Layering – the provider stack<br />Physical location and legal/regulatory obligations<br />Critical infrastructure<br />Differences in service provision<br />Third party access<br />Insolvency of contracting party… their provider?<br />Data migration and backup<br />Retaining data and removing copies<br />Contract terms<br />Governance<br />See http://www.cloudlegal.ccls.qmul.ac.uk/<br />It’s not just cloud though<br />