Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Cloud Computing Webinar:   Legal & Regulatory Update for 2012   15 November 2012Michael Bennett                          R...
♦Introduction:             The Cloud♦Key Developments in 2012:              Development 1:    Development 2:              ...
Introduction:Defining the Cloud© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Introduction: Why the Cloud? Approximate         Technology          Cost of             Cost of Cloud Ratio Costs        ...
Introduction: Why the Cloud?♦   “Switch” Data Center 2,200,000 square fee    ♦   (http://www.makeuseof.com/tag/5-worlds-bi...
Introduction: Cloud DefinitionCharacteristics           Service Models             Deployment ModelsOn-demand self-       ...
Introduction:The Problem with the Cloud© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Introduction: The Problem with the Cloud♦   1. Service Confusion        Software                     Network        Provid...
Introduction: The Problem with the Cloud♦   2. Jurisdictional Confusion                          Contract                R...
Introduction: The Problem with the Cloud♦   3. Security Confusion                                           Phishing /    ...
Introduction: The Problem with the Cloud4. Expectations Confusion                                      Software vs. Subscr...
Key Developments in 2012© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Development 1: Demystification of the Cloud     Data & Security             Demystifying         Ownership & Control      ...
Development 2: The Evolving Cloud♦   Traditional Outsourcing –vs– Cloud Computing                      •   Service Driven ...
Development 2: The Evolving Cloud♦   The Cloud Contract: The Need for Change                             The Cloud Contrac...
Development 2: The Evolving Cloud♦   Cloud Contracting: Non-Cloud versus Cloud      IACCM Most Negotiated                 ...
Development 2: The Evolving Cloud♦   Cloud Contracting: Negotiation Checklist1. Structure           2. Service            ...
Development 3: Regulatory Change♦   HIPAA                            ♦   PIPEDA♦   HITECH Act♦   GLB                      ...
Development 3: Regulatory Change                          ♦    Transparency EU Article 29                          ♦    Co...
Cloud Mitigation Strategies© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
Cloud Mitigation Strategies♦ Insurance♦ Does   Customer Understand Data?♦ Robust   Dispute Resolution♦ Self  Help  ♦   Bac...
Cloud Mitigation Strategies♦ SAS70Type II; SSAE No. 16 Type 2, ISO 27001; TRUSTe; SysTrust; Verisign♦ Safe   Harbor / EU D...
Cloud Mitigation Strategies♦ Multi-tenancy♦ Escrow♦ Data   Map♦ Audit   of Customer Needs Upfront♦ Contingency    Planning...
Conclusion &                                   Questions?Michael Bennett                   Richard Graham                 ...
Upcoming SlideShare
Loading in …5
×

Cloud Computing Webinar: Legal & Regulatory Update for 2012

342 views

Published on

Cloud computing has revolutionized computing, providing organizations with the opportunity to outsource their computing capability to a third party provider of networks, servers, storage, applications or services located in multiple jurisdictions. This webinar explored the global legal and regulatory developments in cloud computing that have occurred during 2012

  • Be the first to comment

  • Be the first to like this

Cloud Computing Webinar: Legal & Regulatory Update for 2012

  1. 1. Cloud Computing Webinar: Legal & Regulatory Update for 2012 15 November 2012Michael Bennett Richard Graham Mark SchreiberPartner Partner PartnerEdwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLPChicago London Boston+1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.com © 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  2. 2. ♦Introduction: The Cloud♦Key Developments in 2012: Development 1: Development 2: Demystification The Evolving Customer of the Cloud Cloud Supplier Drivers Drivers Development 3: Regulatory Change♦Cloud Mitigation Strategies 2
  3. 3. Introduction:Defining the Cloud© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  4. 4. Introduction: Why the Cloud? Approximate Technology Cost of Cost of Cloud Ratio Costs Enterprise Data Center for Data Center Enterprise Network $95 /Mpbs/ $13 / Mpbs / 7.1 Data Center month month with 1K Servers Storage $2.20 / GB / $0.40 / GB / 5.7 vs month month Cloud base Administration 140 servers / 1,000 servers / 7.1 100K Server Admin Admin Center http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/ 4
  5. 5. Introduction: Why the Cloud?♦ “Switch” Data Center 2,200,000 square fee ♦ (http://www.makeuseof.com/tag/5-worlds-biggest-data-centers-stats-pics/)♦ Average Cloud Data Center 11.5 X the size of a football field ♦ (http://wikibon.org/blog/how-big-is-the-world-of-cloud-computing-infographic/)♦ Acquisitions of Terremark by Verizon for $1.4B♦ Acquisition of Savvis for 2.5B by Century Link (Qwest) 5
  6. 6. Introduction: Cloud DefinitionCharacteristics Service Models Deployment ModelsOn-demand self- Software as a Private cloudservice Service (SaaS)Broad network Platform as a Community cloudaccess Service (PaaS)Resource pooling Infrastructure as a Public cloud Service (IaaS)Rapid elasticity Cross Platform? Hybrid cloud ♦ http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf 6
  7. 7. Introduction:The Problem with the Cloud© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  8. 8. Introduction: The Problem with the Cloud♦ 1. Service Confusion Software Network Providers Providers Technology Information & Manufacturers Service Providers 8
  9. 9. Introduction: The Problem with the Cloud♦ 2. Jurisdictional Confusion Contract Regulatory Cloud Data Customer Location? Location? US PATRIOT Breach Act Notification Cloud Data Provider Subject Location? Location? Intellectual Property Data Protection Rights 9
  10. 10. Introduction: The Problem with the Cloud♦ 3. Security Confusion Phishing / Trojans / Botnets Denial of Accidental Service / Disclosure DDOS Security Cyber Attack / Flaw Terrorism Information Security: Accessibility Integrity Data Confidentiality Certification Damage or Authority Destruction Breach Fraud / Data Loss Theft / ID Theft Poor Data Protection Compliance 10
  11. 11. Introduction: The Problem with the Cloud4. Expectations Confusion Software vs. Subscription Commodity Service Outsourcing vs. Commodity Leverage Assets Individualized Service Levels Provable Data Security / Privacy Virtualization Control 11
  12. 12. Key Developments in 2012© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  13. 13. Development 1: Demystification of the Cloud Data & Security Demystifying Ownership & Control Cloud 1. New Privacy Risks? Computing 1. Extraterritorial? 2. More Data Sharing? 2. Local Retention? 3. More Security Risks? 3. Access & Audit? 4. More International? 4. Loss of Control? Political 1. Business Models 2. Employment Protection 3. Risk Allocation 13
  14. 14. Development 2: The Evolving Cloud♦ Traditional Outsourcing –vs– Cloud Computing • Service Driven • Data Controllers / Data Processors Traditional Outsourcing • Standalone Bespoke Services • Agents • Pushed Service Levels • Static Location • Service Scope • Service Levels • Charges • Security Driven • IaaS / PaaS / SaaS • Standardized Environment Cloud • Shared Infrastructure Computing • Self-service • Pulled Service Levels • Dynamic Location 14
  15. 15. Development 2: The Evolving Cloud♦ The Cloud Contract: The Need for Change The Cloud ContractRegulation & Differences Changers Legal Issues Large Consumer Negotiated Law Deals Access Government Enforceability Shared Industry Validity Commodity Landmark Deals Non-Compliant Structure Insurers Data Breach 15
  16. 16. Development 2: The Evolving Cloud♦ Cloud Contracting: Non-Cloud versus Cloud IACCM Most Negotiated Cloud Most Negotiated 1. Limitation of Liability 1. Limitation of Liability 2. Indemnities 2. Indemnities 3. Charges 3. Data Integrity 4. Intellectual Property 4. Service/Service Levels 5. Payment 5. Regulatory Compliance 6. Liquidated Damages 6. Confidentiality/Access 7. Service/Service Levels 7. Security/Audit 8. Delivery/Acceptance 8. Lock-in/Exit/Term 9. Applicable Law 9. Service Change 10. Confidentiality/Access 10. Intellectual Property 16
  17. 17. Development 2: The Evolving Cloud♦ Cloud Contracting: Negotiation Checklist1. Structure 2. Service 3. Data 4. Regulation•Type (IaaS, •Services •Information •DP/PrivacyPaaS, SaaS) Security •Service •Other•Subcontractor Levels •Access •Change •Service •Audit Credits •Breach •Business •Price Continuity/DR 5. IPR 6. Termination 7. Liability 8. Other •Ownership •Term •Warranties •Jurisdiction •Rights of Use •Termination •Indemnities •Change •Exit •Exclusions •Insurance •Portability •Limitations •Certification 17
  18. 18. Development 3: Regulatory Change♦ HIPAA ♦ PIPEDA♦ HITECH Act♦ GLB ♦ FTC ♦ Subpoena/Rule 34 FRCP♦ FACTA ♦ In re NTL Inc. Sec. Litig., 244 F.R.D.♦ FCRA 179 (S.D.N.Y. 2007)♦ Fair Debt Collection Practices ♦ State Regulations Act ♦ SOX ♦ ECPA♦ FERPA ♦ SCA♦ COPPA ♦ PCI♦ ITAR/Export Compliance♦ FFIEC♦ Banking Requirements 18
  19. 19. Development 3: Regulatory Change ♦ Transparency EU Article 29 ♦ ControlData Protection ♦ SharingWorking Party ♦ Sub-ContractingOpinion 1 July 2012 ♦ Data Portability ♦ Outside of EEA EC Strategy for ♦ Interoperability "Unleashing the ♦ Data Portability potential of ♦ Reversibility cloud computing ♦ Certification in Europe" 27 ♦ Safe and Fair Contract Terms September 2012 ♦ European cloud market ♦ What data to put into the cloud? UK ICO ♦ Performance monitoring Guidance on ♦ Written contract Cloud ♦ Security assessment Computing 27 ♦ Security measures September 2012 ♦ Using cloud services from outside the UK ♦ Multi-tenancy environment 19
  20. 20. Cloud Mitigation Strategies© 2012 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP
  21. 21. Cloud Mitigation Strategies♦ Insurance♦ Does Customer Understand Data?♦ Robust Dispute Resolution♦ Self Help ♦ Backup ♦ Migration Plan ♦ Privacy pre-Audit ♦ Data Map♦ “Leverage” Awareness 21
  22. 22. Cloud Mitigation Strategies♦ SAS70Type II; SSAE No. 16 Type 2, ISO 27001; TRUSTe; SysTrust; Verisign♦ Safe Harbor / EU Data Protection Compliance♦ Be Aware of Chat Boards/Internet Search/News♦ Transparency of Procedures♦ Multi/Single Jurisdiction of Data Centers? 22
  23. 23. Cloud Mitigation Strategies♦ Multi-tenancy♦ Escrow♦ Data Map♦ Audit of Customer Needs Upfront♦ Contingency Planning ♦ Migration ♦ Return of Data ♦ Termination Services 23
  24. 24. Conclusion & Questions?Michael Bennett Richard Graham Mark SchreiberPartner Partner PartnerEdwards Wildman Palmer LLP Edwards Wildman Palmer LLP Edwards Wildman Palmer LLPChicago London Boston+1 312.201.2679 +44 (0) 20.7556.4418 +1 617.239.0585mbennett@edwardswildman.com rgraham@edwardswildman.com mschreiber@edwardswildman.comwww.edwardswildman.com/mbennett www.edwardswildman.com/rgraham www.edwardswildman.com/mschreiber 24

×