Presentation on basics of cloud computing models, current status and future use in healthcare environments, differences between traditional outsourcing contracting and cloud contracting, and discussion of e-discovery issues created by cloud environments.
The document discusses private clouds and their benefits for government organizations. A private cloud provides dedicated cloud resources either on-premises or hosted remotely, allowing more control over security, customization, and governance than a public cloud. A private cloud can help optimize existing server capacity, increase data center efficiency, and provide consistent services. When comparing private cloud providers, an organization should consider attributes like security, management capabilities, storage options, supported services, and customer support. A private cloud can help agencies lower costs while supporting initiatives like data center consolidation, telework support, and greener computing.
1. The document discusses effective storage management strategies for cloud computing environments. It describes different cloud configurations like private, public, and hybrid clouds.
2. Key aspects of storage management in clouds are data protection and recovery, data lifecycle management, storage utilization and optimization, and storage resource management.
3. IBM software solutions help with data migration between storage tiers, automating storage policies, and providing visibility into cloud storage resources and asset utilization.
This document provides an overview of cloud computing models including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). It defines each model and discusses their key characteristics and when each makes sense to use versus when alternatives may be better. Case studies are provided of companies using SaaS and PaaS solutions. The document aims to help readers understand the different cloud computing options and how to determine the best solution for their needs.
Cloud Computing is a growing research topic in recent years. The key concept of Cloud Computing is to provide a resource sharing model based on virtualization, distributed file system, parallel algorithm and web services. But how can we provide a testbed for cloud computing related training courses? In this talk we will share our experience to build cloud computing testbed for virtualization, high throughput computing and bioinformatics applications. It covers lots of open source projects, such as DRBL, Xen, Hadoop and bioinformatics related applications.
In short, Diskless Remote Boot in Linux (DRBL) provides a diskless or systemless environment for client machines. It works on Debian, Ubuntu, Mandriva, Red Hat, Fedora, CentOS and SuSE. DRBL uses distributed hardware resources and makes it possible for clients to fully access local hardware.
Xen is one of open source hypervisor for linux kernel. It had been used in Amazon EC2 production environment to provide cloud service model (1) — "Infrastructure as a Service (IaaS)". In this talk, we will show you how DRBL can help on fast deployment of Xen playground in classroom.
Hadoop is becoming the well-known open source cloud computing technology developed by Apache community. It is very power tool for data mining. It had been used in Yahoo and Facebook production environment to provide cloud service model (2) — "Platform as a Service (PaaS)". It’s easy to setup single hadoop node but difficult to manage a hadoop cluster. In this talk, we will show you how DRBL can help on fast deployment and management.
Most bioinformatics applications are open source, such as R, Bioconductor, BLAST, Clustal, PipMaker, Phylip, etc. But it also require traditional cluster job submission. In this talk we will show you how DRBL can help to build a testbed of bioinformatics research and provide cloud service model (3) — "Software as a Service (SaaS)". In this talk, we will cover how to:
- 1. Use DRBL to deploy Xen virtual cluster (drbl-xen)
- 2. Use DRBL to deploy Hadoop cluster (drbl-hadoop)
- 3. Use DRBL to deploy bioinformatics cluster (drbl-biocluster)
A live demonstration about drbl-hadoop and drbl-biocluster will be done in the talk, too.
This white paper discusses the concept of "Carrier Cloud" and the opportunities it presents for telecommunications carriers. The three pillars of Carrier Cloud are being carrier-centric, able to deliver carrier-grade cloud services, and providing differentiation through IT and network innovation. Carriers can capture new revenue streams by positioning themselves in key value chains like business IT using their cloud. Carriers have advantages over other cloud providers through their networks, commercial maturity, datacenter infrastructure, and ability to ensure high service availability. The paper argues Carriers should pursue cloud services as a strategic opportunity.
* Explore the similar histories of the cloud and Content Delivery Networks (CDNs)
* Discover the future relationship between CDNs and emerging cloud platforms as the lines of distinction continue to blur
* Learn from real world use cases in which these technologies interact together
The document provides an overview of cloud computing, including its definition, history, characteristics, service models (SaaS, PaaS, IaaS), and green benefits. It examines cloud computing elements like on-demand self-service, broad network access, resource pooling, and rapid elasticity. The document also previews top obstacles for cloud computing growth, like availability of service, data lock-in, and data transfer bottlenecks, as well as opportunities to address them through approaches like using multiple cloud providers, standardizing cloud computing, and deploying encryption.
iStart hitchhikers guide to cloud computingHayden McCall
Many pundits agree that
2011 is set to become the year of
The Cloud and that IT professionals
need to prepare themselves. While everyone
seems to be talking about “The Cloud” in excited
tones, do we really understand what it’s all about?
iStart helps demystify what it all means and
navigates a clear path through all the hype.
What are the implications of ‘going public’
and staying private? By Chris Bell
http://www.istart.com.au
The document discusses private clouds and their benefits for government organizations. A private cloud provides dedicated cloud resources either on-premises or hosted remotely, allowing more control over security, customization, and governance than a public cloud. A private cloud can help optimize existing server capacity, increase data center efficiency, and provide consistent services. When comparing private cloud providers, an organization should consider attributes like security, management capabilities, storage options, supported services, and customer support. A private cloud can help agencies lower costs while supporting initiatives like data center consolidation, telework support, and greener computing.
1. The document discusses effective storage management strategies for cloud computing environments. It describes different cloud configurations like private, public, and hybrid clouds.
2. Key aspects of storage management in clouds are data protection and recovery, data lifecycle management, storage utilization and optimization, and storage resource management.
3. IBM software solutions help with data migration between storage tiers, automating storage policies, and providing visibility into cloud storage resources and asset utilization.
This document provides an overview of cloud computing models including Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). It defines each model and discusses their key characteristics and when each makes sense to use versus when alternatives may be better. Case studies are provided of companies using SaaS and PaaS solutions. The document aims to help readers understand the different cloud computing options and how to determine the best solution for their needs.
Cloud Computing is a growing research topic in recent years. The key concept of Cloud Computing is to provide a resource sharing model based on virtualization, distributed file system, parallel algorithm and web services. But how can we provide a testbed for cloud computing related training courses? In this talk we will share our experience to build cloud computing testbed for virtualization, high throughput computing and bioinformatics applications. It covers lots of open source projects, such as DRBL, Xen, Hadoop and bioinformatics related applications.
In short, Diskless Remote Boot in Linux (DRBL) provides a diskless or systemless environment for client machines. It works on Debian, Ubuntu, Mandriva, Red Hat, Fedora, CentOS and SuSE. DRBL uses distributed hardware resources and makes it possible for clients to fully access local hardware.
Xen is one of open source hypervisor for linux kernel. It had been used in Amazon EC2 production environment to provide cloud service model (1) — "Infrastructure as a Service (IaaS)". In this talk, we will show you how DRBL can help on fast deployment of Xen playground in classroom.
Hadoop is becoming the well-known open source cloud computing technology developed by Apache community. It is very power tool for data mining. It had been used in Yahoo and Facebook production environment to provide cloud service model (2) — "Platform as a Service (PaaS)". It’s easy to setup single hadoop node but difficult to manage a hadoop cluster. In this talk, we will show you how DRBL can help on fast deployment and management.
Most bioinformatics applications are open source, such as R, Bioconductor, BLAST, Clustal, PipMaker, Phylip, etc. But it also require traditional cluster job submission. In this talk we will show you how DRBL can help to build a testbed of bioinformatics research and provide cloud service model (3) — "Software as a Service (SaaS)". In this talk, we will cover how to:
- 1. Use DRBL to deploy Xen virtual cluster (drbl-xen)
- 2. Use DRBL to deploy Hadoop cluster (drbl-hadoop)
- 3. Use DRBL to deploy bioinformatics cluster (drbl-biocluster)
A live demonstration about drbl-hadoop and drbl-biocluster will be done in the talk, too.
This white paper discusses the concept of "Carrier Cloud" and the opportunities it presents for telecommunications carriers. The three pillars of Carrier Cloud are being carrier-centric, able to deliver carrier-grade cloud services, and providing differentiation through IT and network innovation. Carriers can capture new revenue streams by positioning themselves in key value chains like business IT using their cloud. Carriers have advantages over other cloud providers through their networks, commercial maturity, datacenter infrastructure, and ability to ensure high service availability. The paper argues Carriers should pursue cloud services as a strategic opportunity.
* Explore the similar histories of the cloud and Content Delivery Networks (CDNs)
* Discover the future relationship between CDNs and emerging cloud platforms as the lines of distinction continue to blur
* Learn from real world use cases in which these technologies interact together
The document provides an overview of cloud computing, including its definition, history, characteristics, service models (SaaS, PaaS, IaaS), and green benefits. It examines cloud computing elements like on-demand self-service, broad network access, resource pooling, and rapid elasticity. The document also previews top obstacles for cloud computing growth, like availability of service, data lock-in, and data transfer bottlenecks, as well as opportunities to address them through approaches like using multiple cloud providers, standardizing cloud computing, and deploying encryption.
iStart hitchhikers guide to cloud computingHayden McCall
Many pundits agree that
2011 is set to become the year of
The Cloud and that IT professionals
need to prepare themselves. While everyone
seems to be talking about “The Cloud” in excited
tones, do we really understand what it’s all about?
iStart helps demystify what it all means and
navigates a clear path through all the hype.
What are the implications of ‘going public’
and staying private? By Chris Bell
http://www.istart.com.au
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...CloudOps Summit
CloudOps Summit 2012, Frankfurt, 20.9.2012 Track 2 - Build and Run
by Nigel Sanctuary, VP Propositions at Kognitio (www.kognitio.com)
http://cloudops.de/sprecher/#nigelsanctuary
Find the video of this talk at http://youtu.be/wQrHQNOMlKc
Managing A Cloud Environment: How To Get Started And Which Way To Go talemadi
This document discusses cloud computing strategies. It begins with introductions to cloud computing concepts and models. It then discusses the goals, advantages, and disadvantages of cloud computing. It provides advice on developing a cloud computing strategy, considering factors like existing infrastructure, applications, services portfolio, and business requirements. It emphasizes aligning a company's IT strategy with its overall business strategy. Finally, it provides tips for an effective cloud computing strategy, such as considering costs, architecture, and governance.
The document discusses moving a data center to the cloud. It outlines an agenda for analyzing such a transition, including considering cloud security, understanding the current environment, and comparing costs and contracts. The analysis section lists many line items to compare between the current data center and cloud providers, such as infrastructure, licensing costs, disaster recovery, and support. Conducting a thorough analysis of needs, strengths, and weaknesses is important to understand if cloud computing is suitable.
The document discusses cloud computing and its potential benefits for the Department of Defense (DoD). It provides various definitions of cloud computing from different organizations and outlines some realities of adopting cloud computing, including that it is a disruptive technology that will require planning, pilots, and lessons learned. The document also discusses how moving the desktop into the cloud could pay huge returns through cost savings, agility, and performance.
The document discusses how cloud service providers (CSPs) can help software developers by hosting their applications and services. It recommends partnering with a CSP to gain access to infrastructure, platforms, and services without having to build and maintain them. Developers should choose a CSP based on their technical capabilities, geographic coverage, security, scalability, and customer service/support. The case study profiles a payroll company that chose RackForce as their CSP due to its Canadian data centers, strong service level agreements, ease of use and support, security, and ability to scale on demand.
The document discusses cloud computing, including its definition, features, models, advantages, and challenges. It provides statistics on the growth of the cloud computing market and identifies Spain as a leading location for cloud hosting. The objectives are to analyze the current situation and impact of cloud computing, identify opportunities for growth and use among Spanish SMEs from economic and strategic perspectives, and examine best practices. The document contains sections on the concept of cloud computing, a survey of Spanish SMEs, expert opinions, impact evaluation, and best practices.
The document summarizes key aspects of cloud computing implementation. It discusses benefits like instant availability, unlimited capacity, and dramatic cost reduction provided by cloud computing. It also describes different types of cloud deployments like public, private and hybrid clouds. Additionally, it outlines important considerations and building blocks for organizations to adopt cloud technologies like open source tools, virtualization, infrastructure tools, and choosing solutions that allow flexibility and efficiency through standards.
This document discusses federated cloud computing and key challenges. It defines cloud computing according to NIST and describes essential characteristics, service models, and deployment models. The document outlines challenges around scalability, resource utilization, vendor lock-in, quality of service, security, and compliance. It proposes that open source platforms and standards can help address these challenges by enabling interoperability across cloud offerings. The document provides examples of open source cloud middleware like OpenStack and describes standards like OVF and SCIM that can help with portability and identity management.
Business implementation of Cloud ComputingQuaid Sodawala
This document discusses business implementation and security concerns regarding cloud computing. It provides an introduction to cloud computing, explaining that it allows users to access applications from anywhere through connected devices. The key benefits of cloud computing are discussed as scalability, cost savings, instant access, and mobility. The document also outlines the evolution of cloud computing from earlier concepts like grid computing and utility computing. It describes the different cloud computing models of public, private, and hybrid clouds and how they each have different security risk levels. Finally, it mentions there are also different cloud service models beyond the infrastructure models.
This document discusses cloud computing and compares it to building and maintaining infrastructure on-premises. It notes that cloud computing allows companies to avoid the large upfront costs and complexity of managing their own infrastructure by paying only for the computing resources they use. It also discusses the benefits of scaling resources easily in the cloud without having to purchase and set up new hardware. Finally, it addresses common concerns about security, privacy, and control when using cloud services and outlines steps cloud providers take to isolate customer data and ensure its security.
This is Lenovo's presentation at FETC 2013.
The mega-trends of bring-your-own-device (BYOD) and the consumerization of IT go directly against the desire to limit security exposure and keep TCO low. In this session, Rich discusses approaches to meeting both needs plus drill down on how and where cloud computing can ultimately, resolve these seemingly mutually exclusive goals and streamline the enablement of BYOD.
Presenter: Rich Cheston, Chief Technical Architect, Distinguished Engineer and Master Inventor, Lenovo
www.lenovo.com/eduevents
Cloud computing allows for on-demand access to shared computing resources like networks, servers, storage, applications and services. It provides accessibility, agility and flexibility through rapid provisioning and releasing of resources with minimal management effort. Some key aspects of cloud computing include virtualization, multi-tenancy, broad network access, resource pooling and measured service. Cloud computing is changing the nature of IT by moving computing resources from local desktops and data centers to the internet.
Texas state agencies wanted a solution to plan, provision, and manage cloud IT services from multiple providers to reduce costs and improve efficiency. Gravitant implemented a cloud brokerage portal called the Texas Cloud Services Portal that allowed agencies to design architectures, estimate costs, provision resources, and monitor billing across Amazon, Savvis, Terremark, and other providers. The portal provided consolidated visibility and control over cloud spending. It was successfully piloted by several state agencies who were able to launch applications in just two days, demonstrating the agility of the cloud.
Improving Utilization of Infrastructure CloudIJASCSE
This document summarizes a research paper that proposes improving the utilization of infrastructure in cloud computing. The paper discusses how Infrastructure as a Service (IaaS) clouds provide on-demand access to computing resources but must overprovision to do so. The research presents combining on-demand allocation with opportunistic provisioning of idle cloud nodes to other processes through backfill virtual machines. This allows better utilization of resources while still providing access when needed. The paper outlines related work, the proposed methodology using location tracking and efficient request processing through Hadoop, and presents results showing the system design and interfaces.
This presentation attempts to first demystify what's Cloud, and why Cloud Computing is an absolute MUST to reduce Cost of Application Delivery. It then attempts to bring out the important role that DCIM will play in the Cloud Computing Infrastructure, as we head towards a world of Software Defined Data Centers.
This document provides an overview of cloud computing from a federal IT security perspective. It discusses the benefits of cloud computing including potential cost savings, increased flexibility and capabilities. It also examines some of the key security challenges for federal agencies in moving to cloud computing environments, such as ensuring proper security controls are in place with cloud vendors and understanding changes to responsibilities. Several federal cloud computing initiatives are also highlighted from agencies such as NASA, VA and DISA. Overall the document presents cloud computing as an evolving model that could modernize federal IT if security risks are adequately addressed.
Open Source Paving the Future of Cloud and Big Data StrategiesSKALI Group
This document discusses how open source technologies are paving the future of cloud and big data strategies. It defines key open source technologies like hypervisors Xen and KVM that power major cloud platforms. The document explains how open source lowers barriers to cloud adoption through cost savings, customization opportunities, and collaboration. Open source is poised to significantly impact cloud computing by offering free and flexible alternatives to proprietary software license models. Finally, the document briefly touches on how cloud and big data are related through cloud's ability to handle the volume, velocity and variety of big data through massive resource pooling and rapid elasticity.
This document discusses a seminar on cloud computing security and forensics. It covers topics like cloud security risks, risk assessment, and cloud forensics. The seminar aims to help people understand security issues in cloud computing and how to address them.
This document provides information about cloud computing types and deployment models. It discusses private cloud, which is for a single organization; public cloud, which provides services to the general public; hybrid cloud, which uses a combination of private and public clouds; and community cloud, which is shared between organizations with common interests. It also outlines common cloud software including OpenStack for managing resources, Hadoop for big data, and VMware for virtualization.
Cloud architecture and deployment: The Kognitio checklist, Nigel Sanctuary, K...CloudOps Summit
CloudOps Summit 2012, Frankfurt, 20.9.2012 Track 2 - Build and Run
by Nigel Sanctuary, VP Propositions at Kognitio (www.kognitio.com)
http://cloudops.de/sprecher/#nigelsanctuary
Find the video of this talk at http://youtu.be/wQrHQNOMlKc
Managing A Cloud Environment: How To Get Started And Which Way To Go talemadi
This document discusses cloud computing strategies. It begins with introductions to cloud computing concepts and models. It then discusses the goals, advantages, and disadvantages of cloud computing. It provides advice on developing a cloud computing strategy, considering factors like existing infrastructure, applications, services portfolio, and business requirements. It emphasizes aligning a company's IT strategy with its overall business strategy. Finally, it provides tips for an effective cloud computing strategy, such as considering costs, architecture, and governance.
The document discusses moving a data center to the cloud. It outlines an agenda for analyzing such a transition, including considering cloud security, understanding the current environment, and comparing costs and contracts. The analysis section lists many line items to compare between the current data center and cloud providers, such as infrastructure, licensing costs, disaster recovery, and support. Conducting a thorough analysis of needs, strengths, and weaknesses is important to understand if cloud computing is suitable.
The document discusses cloud computing and its potential benefits for the Department of Defense (DoD). It provides various definitions of cloud computing from different organizations and outlines some realities of adopting cloud computing, including that it is a disruptive technology that will require planning, pilots, and lessons learned. The document also discusses how moving the desktop into the cloud could pay huge returns through cost savings, agility, and performance.
The document discusses how cloud service providers (CSPs) can help software developers by hosting their applications and services. It recommends partnering with a CSP to gain access to infrastructure, platforms, and services without having to build and maintain them. Developers should choose a CSP based on their technical capabilities, geographic coverage, security, scalability, and customer service/support. The case study profiles a payroll company that chose RackForce as their CSP due to its Canadian data centers, strong service level agreements, ease of use and support, security, and ability to scale on demand.
The document discusses cloud computing, including its definition, features, models, advantages, and challenges. It provides statistics on the growth of the cloud computing market and identifies Spain as a leading location for cloud hosting. The objectives are to analyze the current situation and impact of cloud computing, identify opportunities for growth and use among Spanish SMEs from economic and strategic perspectives, and examine best practices. The document contains sections on the concept of cloud computing, a survey of Spanish SMEs, expert opinions, impact evaluation, and best practices.
The document summarizes key aspects of cloud computing implementation. It discusses benefits like instant availability, unlimited capacity, and dramatic cost reduction provided by cloud computing. It also describes different types of cloud deployments like public, private and hybrid clouds. Additionally, it outlines important considerations and building blocks for organizations to adopt cloud technologies like open source tools, virtualization, infrastructure tools, and choosing solutions that allow flexibility and efficiency through standards.
This document discusses federated cloud computing and key challenges. It defines cloud computing according to NIST and describes essential characteristics, service models, and deployment models. The document outlines challenges around scalability, resource utilization, vendor lock-in, quality of service, security, and compliance. It proposes that open source platforms and standards can help address these challenges by enabling interoperability across cloud offerings. The document provides examples of open source cloud middleware like OpenStack and describes standards like OVF and SCIM that can help with portability and identity management.
Business implementation of Cloud ComputingQuaid Sodawala
This document discusses business implementation and security concerns regarding cloud computing. It provides an introduction to cloud computing, explaining that it allows users to access applications from anywhere through connected devices. The key benefits of cloud computing are discussed as scalability, cost savings, instant access, and mobility. The document also outlines the evolution of cloud computing from earlier concepts like grid computing and utility computing. It describes the different cloud computing models of public, private, and hybrid clouds and how they each have different security risk levels. Finally, it mentions there are also different cloud service models beyond the infrastructure models.
This document discusses cloud computing and compares it to building and maintaining infrastructure on-premises. It notes that cloud computing allows companies to avoid the large upfront costs and complexity of managing their own infrastructure by paying only for the computing resources they use. It also discusses the benefits of scaling resources easily in the cloud without having to purchase and set up new hardware. Finally, it addresses common concerns about security, privacy, and control when using cloud services and outlines steps cloud providers take to isolate customer data and ensure its security.
This is Lenovo's presentation at FETC 2013.
The mega-trends of bring-your-own-device (BYOD) and the consumerization of IT go directly against the desire to limit security exposure and keep TCO low. In this session, Rich discusses approaches to meeting both needs plus drill down on how and where cloud computing can ultimately, resolve these seemingly mutually exclusive goals and streamline the enablement of BYOD.
Presenter: Rich Cheston, Chief Technical Architect, Distinguished Engineer and Master Inventor, Lenovo
www.lenovo.com/eduevents
Cloud computing allows for on-demand access to shared computing resources like networks, servers, storage, applications and services. It provides accessibility, agility and flexibility through rapid provisioning and releasing of resources with minimal management effort. Some key aspects of cloud computing include virtualization, multi-tenancy, broad network access, resource pooling and measured service. Cloud computing is changing the nature of IT by moving computing resources from local desktops and data centers to the internet.
Texas state agencies wanted a solution to plan, provision, and manage cloud IT services from multiple providers to reduce costs and improve efficiency. Gravitant implemented a cloud brokerage portal called the Texas Cloud Services Portal that allowed agencies to design architectures, estimate costs, provision resources, and monitor billing across Amazon, Savvis, Terremark, and other providers. The portal provided consolidated visibility and control over cloud spending. It was successfully piloted by several state agencies who were able to launch applications in just two days, demonstrating the agility of the cloud.
Improving Utilization of Infrastructure CloudIJASCSE
This document summarizes a research paper that proposes improving the utilization of infrastructure in cloud computing. The paper discusses how Infrastructure as a Service (IaaS) clouds provide on-demand access to computing resources but must overprovision to do so. The research presents combining on-demand allocation with opportunistic provisioning of idle cloud nodes to other processes through backfill virtual machines. This allows better utilization of resources while still providing access when needed. The paper outlines related work, the proposed methodology using location tracking and efficient request processing through Hadoop, and presents results showing the system design and interfaces.
This presentation attempts to first demystify what's Cloud, and why Cloud Computing is an absolute MUST to reduce Cost of Application Delivery. It then attempts to bring out the important role that DCIM will play in the Cloud Computing Infrastructure, as we head towards a world of Software Defined Data Centers.
This document provides an overview of cloud computing from a federal IT security perspective. It discusses the benefits of cloud computing including potential cost savings, increased flexibility and capabilities. It also examines some of the key security challenges for federal agencies in moving to cloud computing environments, such as ensuring proper security controls are in place with cloud vendors and understanding changes to responsibilities. Several federal cloud computing initiatives are also highlighted from agencies such as NASA, VA and DISA. Overall the document presents cloud computing as an evolving model that could modernize federal IT if security risks are adequately addressed.
Open Source Paving the Future of Cloud and Big Data StrategiesSKALI Group
This document discusses how open source technologies are paving the future of cloud and big data strategies. It defines key open source technologies like hypervisors Xen and KVM that power major cloud platforms. The document explains how open source lowers barriers to cloud adoption through cost savings, customization opportunities, and collaboration. Open source is poised to significantly impact cloud computing by offering free and flexible alternatives to proprietary software license models. Finally, the document briefly touches on how cloud and big data are related through cloud's ability to handle the volume, velocity and variety of big data through massive resource pooling and rapid elasticity.
This document discusses a seminar on cloud computing security and forensics. It covers topics like cloud security risks, risk assessment, and cloud forensics. The seminar aims to help people understand security issues in cloud computing and how to address them.
This document provides information about cloud computing types and deployment models. It discusses private cloud, which is for a single organization; public cloud, which provides services to the general public; hybrid cloud, which uses a combination of private and public clouds; and community cloud, which is shared between organizations with common interests. It also outlines common cloud software including OpenStack for managing resources, Hadoop for big data, and VMware for virtualization.
1. The document discusses cloud computing and compares it to grid computing. Cloud computing delivers computing as a service using virtualized hardware and software platforms.
2. Cloud computing provides massive scalability, fault tolerance, and reliable service quality through virtualization and load balancing across infrastructure.
3. Users can access cloud applications and services from any internet-connected device without installing or managing software/hardware themselves.
This document describes implementing Software as a Service (SaaS) in a cloud computing environment. It discusses different cloud delivery models including SaaS, PaaS, and IaaS. It also covers cloud deployment models like public, private, and hybrid clouds. The document then demonstrates creating a virtual machine running Ubuntu to enable a basic calculator application as an example SaaS implementation in a cloud. It shows how to access and use the application within the virtual machine while it runs simultaneously with the host operating system.
The document provides an overview of cloud computing concepts including definitions, characteristics, deployment and service models. It defines cloud computing as providing on-demand access to computing resources and applications over the internet. The key characteristics are on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The common deployment models are public, private and hybrid clouds. The main service models are Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS).
This document discusses cloud computing, defining it as a computing platform that provides dynamic resource pools, virtualization, and high availability. It outlines the key benefits of cloud computing such as reduced costs through improved utilization and faster deployment cycles. The document also defines clouds and cloud applications, explaining that cloud computing dynamically provisions, configures, and deprovisions servers as needed to host web applications accessible over the internet.
Cloud Computing genral for all concepts.pptxraghavanp4
Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services via the internet. It has three service models - Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and Software as a Service (SaaS). There are four deployment models - public, private, hybrid and community clouds. Key enabling technologies include virtualization, distributed resource management and reservation-based provisioning to meet service level agreements.
This PPT covers the following topics...
Definition’s
CC in a Nutshell
Roots of CC
Layers and Types of Clouds
Desired Features of Cloud
Cloud Infrastructure Management
Infrastructure as a Service Providers
Platform as a Service Providers
Challenge and Risks
Cloud computing basically involves delivering hosted services over the Internet to store, manage, and process data, instead of using local server or a personal computer. These services are broadly divided into three categories: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS). In scientific terms, cloud computing is a synonym for distributed computing over a network which means the ability to run a program on many connected computers at the same time. Therefore it involves a large number of computers that are connected through a real-time communication network.
Cloud Computing: Hindernisse und Chancen für GroßunternehmenJohn Rhoton
The document discusses cloud computing, including definitions, benefits, challenges, and considerations for large enterprises adopting cloud solutions. Cloud computing offers potential cost savings and flexibility but also risks regarding security, compliance, and vendor viability. Migrating applications requires evaluating their suitability for the cloud and modernizing architectures. A phased, hybrid approach can help enterprises transition while ensuring current IT environments remain future-proofed.
Cloud computing provides on-demand access to shared computing resources like networks, servers, storage, applications and services available over the internet. It has its origins in the 1960s and the term "cloud" was used to depict the demarcation point between the service provider's responsibility and the user's responsibility. There are various cloud service models like SaaS, PaaS and IaaS. Major players investing heavily in cloud computing include Amazon, Microsoft, Google, IBM, Apple etc. Cloud computing has huge potential in India given its large population and rapid urbanization. However, concerns around security and reliability need to be addressed for it to be widely adopted.
Why all clouds are not created equal enterprise cloud, public cloud, carrier cloud strategic white paper. Cloud computing technology brings an unprecedented level of independence and liberation in deploying applications. Applications are no longer tied to dedicated hardware, yet clouds vary significantly in their capabilities and their cost. This paper helps readers understand the differences between enterprise clouds and public clouds, and explains the advances available in carrier clouds.
Cloud computing is a new model for enabling access to shared configurable computing resources over a network. It allows users to access services like servers, storage, databases and software applications without needing to manage the physical infrastructure. Key characteristics include on-demand self-service, broad network access, resource pooling, rapid elasticity and measured service. Common cloud service models are SaaS, PaaS and IaaS. Benefits include reduced costs, location independence, scalability and access to greater computing power. An example is Google Chrome OS which uses cloud computing to provide applications and storage through a web browser on low-cost netbooks.
This document discusses two ArcGIS applications deployed in the cloud by the Forest Health Technology Enterprise Team (FHTET). A public Forest Pest Conditions Viewer application allows users to explore forest pest impact data. A secured Disturbance Mapper application uses remote sensing data to identify disturbed forest areas and enable analysis of the causes and effects of disturbances. Both applications were built with ArcGIS Server 10 and deployed to Amazon Web Services, demonstrating how custom ArcGIS applications can be quickly deployed to the cloud.
This document discusses two ArcGIS applications deployed in the cloud by the Forest Health Technology Enterprise Team (FHTET). A public Forest Pest Conditions Viewer application allows users to explore forest pest impact data. A secured Disturbance Mapper application uses remote sensing data to identify disturbed forest areas and enable analysis of the causes and effects of disturbances. Both applications were built with ArcGIS Server 10 and deployed to Amazon Web Services for scalability and convenience.
The document discusses 6fusion's utility metered cloud platform. 6fusion profiles existing computing environments to determine supply, demand and cost. It meters workloads across private and public clouds for efficient resource allocation. 6fusion's tools allow modeling optimal workload distribution and estimating cloud costs before deployment.
The document defines cloud computing as a model for enabling on-demand access to a shared pool of configurable computing resources that can be rapidly provisioned with minimal management effort. It identifies essential characteristics of cloud computing including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. It also outlines common cloud service models and deployment models.
The document defines cloud computing as a model for enabling on-demand access to a shared pool of configurable computing resources that can be rapidly provisioned with minimal management effort. It identifies essential characteristics of cloud computing including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. It also outlines common cloud service models and deployment models.
This document discusses cloud computing and related topics. It begins with definitions of cloud computing and cloud storage. It then covers cloud architecture, virtualization, cloud services and service models (SaaS, PaaS, IaaS). The document discusses private, public and hybrid cloud types and provides examples. It also discusses cloud management strategies and tools. Opportunities and challenges of cloud computing are presented.
Similar to BCBSA Summit - Cloud Computing Issues (Dec 2012) (20)
1. Cloud Computing:
Key Issues for Blue Plans to
address before moving to
the Cloud
Joseph E. Kendall
Partner
Pillsbury Winthrop Shaw Pittman
John L. Nicholson
Counsel
Pillsbury Winthrop Shaw Pittman
December 4-7, 2011
Sheraton Chicago Hotel and Towers
Chicago, Illinois
PRESENTATION TITLE
2. Agenda
• What is the Cloud ?
• Blue Plans and Cloud Computing – Today and the Future
• How secure is data in the Cloud?
• Contracting for Cloud services
• Specific contract issues - Cloud vs Outsourcing Contracts
• e Discovery and Subpoenas in the Cloud
• Best practices for data in the Cloud
CLOUD COMPUTING 2
4. What is the “Cloud”?
• Cloud Computing is:
“a model for enabling convenient, on-demand network access to a
shared pool of configurable computing resources (e.g., networks,
servers, storage, applications, and services) that can be rapidly
provisioned and released with minimal management effort or
service provider interaction.”
- National Institute of Standards and Technology
CLOUD COMPUTING 4
5. Essential Characteristics
On-demand, Self- Ubiquitous Network
Rapid Elasticity Measured Service service Access Resource Pooling
Elasticity is defined as In a measured service The on-demand and Ubiquitous network Resource pooling allows
the ability to scale aspects of the cloud self-service aspects of access means that the a Cloud Provider to
resources both up service are cloud computing mean Cloud Provider’s serve its consumers via
and down as controlled and that a consumer can capabilities are a multi-tenant model.
Physical and virtual
needed. To the monitored by the use cloud services available over the
resources are assigned
consumer, the cloud Cloud Provider. This is as needed without network and can be and reassigned
appears to be infinite, crucial for billing, any human accessed through according to demand.
and the consumer can access control, interaction with the standard There is a sense of
purchase as much or resource optimization, Cloud Provider. mechanisms by both location independence in
as little computing capacity planning and thick and thin clients that the customer
power as they need. other tasks. generally has no control
or knowledge over the
exact location of the
resources but may be
able to specify location
at a higher level of
abstraction (e.g.,
country, state, or
datacenter).
CLOUD COMPUTING 5
6. Service Models
Infrastructure as a Service Platform as a Service Software as Service
(IaaS) (PaaS) (SaaS)
The consumer uses ”fundamental The consumer uses a hosting The consumer uses an application but
computing resources" such as environment for their applications. The does not control the operating system,
processing power, storage, networking consumer controls the applications that run hardware or network infrastructure on
components or middleware. The consumer in the environment (and possibly has some which it's running.
can control the operating system, storage, control over the hosting environment), but
deployed applications and possibly does not control the operating system, * Note: Business Process as a Service is
networking components such as firewalls hardware or network infrastructure on the furthest evolution of SaaS Cloud
and load balancers, but not the cloud which they are running. The platform is Services, but is nascent in the marketplace.
infrastructure beneath them. typically an application framework.
Amazon EC2 Bungee Connect Microsoft Office 365
Sun Etelos Oracle SaaS platform
Micrsoft’s Network.com Coghead Salesforce SFA
HP Flex. Computing Svcs. Google App Engine NetSuite
IBM Blue Cloud HP Adaptive IaaS GoogleApps
OpSource Force.com Workday Human Capital Mgmt.
Jamcracker LongJump
Uses:
Ad hoc development / testing Taking custom applications to the cloud Commodity applications (email)
Cover volume fluctuations Developing new, cloud-based apps Non-proprietary business processes
CLOUD COMPUTING 6
7. Deployment Models
Public Cloud Hybrid Cloud Private Cloud
In simple terms public cloud services A hybrid cloud is a combination In a private cloud-based service,
are characterized as being available of a public and private cloud that data and processes are managed
to clients from a third party interoperates. In this model users within the organization without the
service provider via the Internet. typically outsource non-business- restrictions of network bandwidth,
The term “public” does not always critical information and processing security exposures and legal
mean free, even though it can be to the public cloud, while keeping requirements that using public cloud
free or fairly inexpensive to use. A business-critical services and data services might entail. In addition,
public cloud does not mean that a in their control private cloud services offer the
user’s data is publically visible; public provider and the user greater
cloud vendors typically provide an control of the cloud infrastructure,
access control mechanism for their improving security and resiliency
users. Public clouds provide an because user access and the
elastic, cost effective means to networks used are restricted and
deploy solutions. designated.
Private clouds can be built on a
company's own infrastructure
(“internal clouds”) or on the
backbone of public clouds.
CLOUD COMPUTING 7
10. What can the Cloud mean to Blue Plans?
Microsoft’s Office 365 Cloud Service provides the following:
• Word (Word Processing)
• Excel
• Calendar
• Mail (25GB)
• PowerPoint
• SharePoint intranet for co-authoring documents
• Premium antivirus / anti-spam filtering
• Instant Messaging
• Voice Chat (VoIP)
• Online customer support
• Build/host web site
CLOUD COMPUTING 10
11. Where do Blue Plans stand today with respect to
Cloud Computing?
• Blue CIOs are motivated to look for ways to use the Cloud because:
– Opportunities to reduce cost
– Speed to Deployment
• Blue Plans exploring how to benefit from the Cloud
– Blue Plans exchange info / ideas on Cloud usage
– Use of IaaS to address Resource Spikes (Proof of Concept)
• Some production use
– Blue Plan running proprietary app on SalesForce (PaaS)
– Blue Plan using Microsoft Office 365
– Blue Plan using cloud based solution to access CMS database
• Conclusions:
– Blue Plans are actively looking at how they can benefit from the Cloud
– Preliminary and Limited adoption of Cloud services to date
CLOUD COMPUTING 11
12. How secure is data in the Cloud?
Cloud Data Centers are easier to secure:
• Software / Patches are up do date
• Limit devices on the network
• Use of repeatable processes and best practices
Perceived risks of Cloud Computing:
• Multi-tenant use of Cloud Resources
– Answer: Data encrypted - only Blue Plan has encryption keys
• Network – data flows over same physical cable
– Answer: Hybrid approach - Combine Cloud computing and VPN to make it more secure
• People - Cloud Staff can access data from multiple companies
– Answer: Run “dark” data centers
CLOUD COMPUTING 12
13. How secure is data in the Cloud?
Survey of 127 Cloud Providers by Ponemon Institute, April 2011
• Most Cloud Providers believe Customers buy Cloud services because of
lower cost and faster access to Cloud resources, and not Security
• Majority of Cloud Providers believe it is their customer’s responsibility
to secure the Cloud and not their responsibility
• Most Cloud Providers do not believe their services substantially protect and
secure confidential information of their customers
• Most Cloud Providers do not have dedicated Security personnel
• But, 1/3 of Cloud Providers considering Security solutions in next 2 years
CLOUD COMPUTING 13
14. How secure is data in the Cloud?
• Summary and Predications:
– Cloud data centers do not have many of the security issues that are
inherent to non-cloud data centers
– Cloud Providers focus on the cost and speed aspects of their services,
not security
– But Security issues are being addressed
– As Cloud solutions mature, Cloud Providers will begin to invest more in
security as way to differentiate themselves from their competitors
– In 2-3 years, Cloud data centers will be as secure as any non-cloud or
Blue Plan Data Center
CLOUD COMPUTING 14
15. How can you measure/require security in the Cloud?
• ISO 27001 Certification
– Be sure to review the Statement of Applicability
• Check against Cloud Security Alliance Cloud Controls Matrix
– Contract should include rep & warranty that certification will be maintained
• Service Organization Controls (“SOC”) 2 Audit
– Customers used to require SAS 70 Type 2, which has been replaced by SSAE 16
Type 2 (also known as SOC 1)
– SOC 1 tests controls at a service organization relevant to user entities internal
control over financial reporting, but it used to be the only option
– SOC 2 tests controls at a service organization relevant to security, availability,
processing integrity, confidentiality, or privacy
CLOUD COMPUTING 15
16. The Future of Blue Plans in the Cloud
• Blue Plans will take advantage of Cloud benefits where security is not
a priority and where PHI is not implicated
• If Cloud Providers offer same Security as Blue Plans can achieve, will
Blue Plans place PHI / PII in the Cloud ?
– Limited amounts of PHI / PII – Possibly Yes
• For example, in the Sales area, the sale of a policy might require placing
some health insurance information in the Cloud regarding the purchaser
(name, SS#, address)
• Benefits of a Cloud based solution may outweigh some breach risk
– Substantial amounts of PHI – No
• Blue Plan systems with large amounts of PHI (e.g., Claims and Membership)
will not be placed in the Cloud, even if security at the Cloud Provider is the
same as Blue Plan provides
CLOUD COMPUTING 16
17. The Future of Blue Plans in the Cloud
• The potential financial liability from a data breach will prevent
Blue Plans from trusting PHI to most Cloud Providers
– In order for Blue Plan to trust the Cloud Provider with PHI, Cloud
Provider must assume financial responsibility for data breaches
– But Cloud Providers will not agree to substantial liability for data
breaches because they are not getting paid enough to assume that risk
• Breach could wipe out profits, revenue or the Cloud Provider
• Many Cloud Providers are “start-ups” without ability to make Blue Plan whole
– Contrast with Outsourcing Providers, which will agree to substantial
liability provisions because the profit / revenue is sufficient to justify the
risk
CLOUD COMPUTING 17
18. The Future of Blue Plans in the Cloud
• Cyber Liability Insurance
– Same party should control both data security and data breach liability
• Alignment of interests will reduce breaches
– Recovery under policies is not guaranteed
• Policies not uniform – wide variance
• Policies very complex / negotiable
• Gaps
– Coverage for “Blue Plan’s breach of duty to maintain privacy of PHI”
– Breach = “unauthorized acquisition, access, use or disclosure of PHI”
• Strongly Recommend legal review of policy
• Do not rely on obligation in contract that Cloud Provider will obtain policy
CLOUD COMPUTING 18
20. Cloud Provider’s Typical Contract Template
This AGREEMENT contains lots of really fine print and we really do not feel like negotiating any of it. This AGREEMENT contains lots of really fine
print and we really do not feel like negotiating any of it. This AGREEMENT contains lots of really fine print and we really do not feel like negotiating
any of it. This AGREEMENT contains lots of really fine print and we really do not feel like negotiating any of it. This AGREEMENT contains lots of
really fine print and we really do not feel like negotiating any of it.
This AGREEMENT contains lots of really fine print and we really do not This AGREEMENT contains lots of really fine print and we really do
feel like negotiating any of it. This AGREEMENT contains lots of really not feel like negotiating any of it. This AGREEMENT contains lots of
fine print and we really do not feel like negotiating any of it. This really fine print and we really do not feel like negotiating any of it.
AGREEMENT contains lots of really fine print and we really do not feel This AGREEMENT contains lots of really fine print and we really do
like negotiating any of it. This AGREEMENT contains lots of really fine not feel like negotiating any of it. This AGREEMENT contains lots of
print and we really do not feel like negotiating any of it. This really fine print and we really do not feel like negotiating any of it.
AGREEMENT contains lots of really fine print and we really do not feel This AGREEMENT contains lots of really fine print and we really do
like negotiating any of it. not feel like negotiating any of it.
This AGREEMENT contains lots of really fine print and we really do not This AGREEMENT contains lots of really fine print and we really do
feel like negotiating any of it. This AGREEMENT contains lots of really not feel like negotiating any of it. This AGREEMENT contains lots of
fine print and we really do not feel like negotiating any of it. This really fine print and we really do not feel like negotiating any of it.
AGREEMENT contains lots of really fine print and we really do not feel This AGREEMENT contains lots of really fine print and we really do
like negotiating any of it. This AGREEMENT contains lots of really fine not feel like negotiating any of it. This AGREEMENT contains lots of
print and we really do not feel like negotiating any of it. This really fine print and we really do not feel like negotiating any of it.
AGREEMENT contains lots of really fine print and we really do not feel This AGREEMENT contains lots of really fine print and we really do
like negotiating any of it. not feel like negotiating any of it.
This AGREEMENT contains lots of really fine print and we really do not* * * This AGREEMENT contains lots of really fine print and we really do
feel like negotiating any of it. This AGREEMENT contains lots of really not feel like negotiating any of it. This AGREEMENT contains lots of
fine print and we really do not feel like negotiating any of it. This really fine print and we really do not feel like negotiating any of it.
CLOUD COMPUTING 20
21. Guiding Principles for Contracting with Cloud
Providers
• Must understand Cloud Provider’s business model
– Standard service to all customers
– Consistent, repeatable processes
• Customers must accept a standard delivery model to take advantage
of the cost savings
• Cloud Providers insist on their own contract template
– They want standardized contracts to match their standardized delivery model
• But there ARE terms to negotiate !
CLOUD COMPUTING 21
22. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Contract Template Use Customer’s template Cloud Providers insist on their contract
documents
Each deal customized
Contract Negotiation Almost everything negotiable Provisions impacting uniformity and
scalability of the cloud service are not
Service delivery solution customized negotiable.
Service delivery solution standardized
Contract Leverage Size of deal matters. Competition matters. Size and competition matter much less
Contract Negotiation Timing 4-8 months, but can be 12 months or more Generally < 3 months and frequently faster
Term 5-7 years, with Renewal Options 1-3 years, with evergreen extension unless
either party terminates 30 days before
anniversary
CLOUD COMPUTING 22
23. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Contract Modification Modified only via written contract Governed by online terms (service
amendment descriptions) or “then current” policies found
on web pages (security and privacy)
Control Over Supplier Key Supplier Positions, background checks, Largest contracts may include one Key
Personnel and ability to remove personnel Supplier Position, but little else
Subcontractors Significant restrictions on use of No restrictions - Subcontractors may be
subcontractors essential to the provider’s ability to deliver
the services
Security Fully negotiable (for a price) Non-negotiable
Governance Detailed, multi-committee governance None
structure
CLOUD COMPUTING 23
24. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Service Levels Customized and numerous Standardized and very few
Service Level Credits Customized. Based on percentage of Can be significant – even up to 100% of
monthly revenue – generally 5-15% monthly charges (but dollars are smaller and
credits tied to the charges for the failed
service)
Data Location Customer knows where its data is Customer does not know where data is
Limits on moving data center Fewer restrictions on data center location
Charges Complex combination of transition Minimal transition cost (if any). Charges
charges, plus ongoing fixed and variable based on simple metric such as “per user” or
charges “per seat” or similar units
Audits Extensive audit rights, particularly in None (although Supplier may agree to
dedicated environments provide SSAE 16)
CLOUD COMPUTING 24
25. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Limit of Liability General 12 months of charges Need to negotiate to make it
mutual
Numerous exceptions to direct and consequential damage
limits – indemnities, breach of confidentiality, wrongful 12 months of charges also, but tied
abandonment, failure to provide disengagement to the particular service causing the
assistance, gross negligence, intentional misconduct damages
Stipulated direct damages – error correction, cost of work- More limited carve-outs, especially
around, overtime, government fines and penalties, cost to for consequential damages
recreate data
Data Breach Liability Separate liability bucket, ranging from 1 – 12 additional Generally none, but if pressed, they
months of charges (may depend on whether data will agree to separate liability
encrypted) bucket, and acknowledge notice
and credit monitoring costs are
Stipulated direct damages - Cost of data breach notices, recoverable
credit monitoring, call center, identity restoration services,
consulting and attorney fees Be wary of commitment to perform
“as required by law”
CLOUD COMPUTING 25
26. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Customer’s Termination Rights Cause, Service Level Failures, Change of For Supplier’s material breach
(cause and other) Control of Customer, Change of Control of
Supplier, Force Majeure Events, Change in
Laws, Increase in Taxes, Supplier’s Liability
Cap, Regulatory Approval, Business
Associate Addendum, Insolvency
Supplier’s Termination Rights Limited to: Failure to pay 2 month’s Starting position is Supplier may terminate or
and Right to Suspend charges and Breach of Confidentiality suspend “for any reason” or for “breach of
Acceptable Use Policy” or if Provider believes
No right to suspend Customer’s use threatens providers network
or ability to provide services
Can limit termination right to “Customer’s
material breach”, and add cure rights
Can limit right to suspend only “to the
extent” necessary to address the breach of
the AUP, or to address the breach
CLOUD COMPUTING 26
27. Outsourcing vs. Cloud contracting
Topic Outsourcing Cloud Services
Termination for Convenience Yes, but must make Supplier whole Yes, after initial commitment on 30 days
notice without cost
Also, if Supplier changes terms that adversely
affects Customer, without cost
Termination Assistance Requires fairly extensive cooperation Need to negotiate
between customer, existing service
provider and replacement service provider Very limited cooperation required
12-18 months of assistance, with right to Existing Cloud Provider provides a copy of all
acquire hardware, software, contracts and data resident in cloud environment for
people transfer to replacement service provider
No right to acquire assets
CLOUD COMPUTING 27
28. In sum . . .
By understanding:
(1) where a Cloud Provider can negotiate, and
(2) where the cloud model precludes negotiation,
you can balance your risk reduction efforts against the Cloud
Service benefits, to achieve best results for the Blue Plan.
CLOUD COMPUTING 28
30. Access to Cloud Data
• Subpoenas for data in the US
– Not a lot of case law directly addressing discovery of corporate email held by Cloud Providers
– Instructive analogs found in:
• Cases involving 3rd-party email providers under Stored Communications Act ("SCA") and
• Cases addressing the concept of "control" under US Federal regulations
• US Civil Subpoenas
– Basic test under FRCP: “possession, custody, or control”
– U.S. courts construe “control” broadly
• Party often deemed to have control if it has the legal right, authority or practical ability to obtain the
materials sought upon demand
– However, courts generally presume 3rd parties cannot be compelled to disclose electronic
communications pursuant to a civil subpoena
– Courts tend to focus on whether email account holders who are parties in the underlying
litigation can be ordered to authorize access to their email accounts, despite the SCA
CLOUD COMPUTING 30
31. Stored Communications Act Cases
Thayer v. Chiczewski (N.D. Ill. Sept. 11, 2009)
• Civil rights suit against Chicago
• City served a subpoena on AOL seeking production of several of plaintiff's
emails
• Contrary to general practice, the court granted the motion over the objections
of both the plaintiff and AOL.
• Court first acknowledged SCA usually prevents enforcement of civil
subpoenas against 3rd parties:
– "The Court agrees that, although decisions analyzing the SCA have defined its
parameters in sometimes competing ways, most courts have concluded that third
parties cannot be compelled to disclose electronic communications pursuant to a
civil-as opposed to criminal-discovery subpoena."
CLOUD COMPUTING 31
32. Stored Communications Act Cases (cont.)
Thayer v. Chiczewski (N.D. Ill. Sept. 11, 2009) - continued
• Court stated that because plaintiff would be required to produce relevant
emails if he were in possession of them, and AOL would be obliged to
produce the emails at plaintiff's request, the emails were under the plaintiff's
"control" for discovery purposes
• Court noted that plaintiff authorized production of at least one email and had
put his mental state at time of relevant events at issue (which arguably would
be shown by contemporaneous emails), thus, court assumed that plaintiff
had authorized disclosure
CLOUD COMPUTING 32
33. Stored Communications Act Cases (cont.)
Chasten v. Franklin (No. C10-80205 MISC JW (HRL), 2010 WL
4065606 (N.D. Cal. Oct. 14, 2010))
•Defendant in civil rights case served subpoena on Yahoo seeking plaintiff's
emails
•Plaintiff argued SCA prohibited Yahoo from disclosing his emails
•Court agreed and quashed subpoena stating:
– "Because no exception applies, compliance with the [third-party] subpoena would
be an invasion of the specific interests that the SCA seeks to protect."
•Unlike Thayer, Chasten court did not examine whether plaintiff could/should be
ordered to consent to Yahoo producing emails
•Court's failure to discuss whether account holder could be forced to consent to
disclosure was unique
CLOUD COMPUTING 33
34. Discovery Obligation Comes Back to You
• The fact that court does not force a Cloud Provider to turn over
your information simply brings the issue to your doorstep
• U.S. discovery system encourages extensive production of
information
• Having data held by a Cloud Provider can make compliance
with discovery obligations more challenging
CLOUD COMPUTING 34
35. Inadvertent Loss/Destruction
• What happens if a Cloud Provider loses / inadvertently deletes your
information?
• Currently uncommon for a cloud agreement to reference e-discovery type
requirements
– Difficult to claim Cloud Provider is responsible if there’s nothing in the contract on point
• Legal analysis for a “spoilation claim” normally focuses on “possession,
custody or control” over the data, which would generally point back to you –
even for hosted services
– Cloud Provider is not (normally) party to the litigation; court will typically focus its efforts on the
parties appearing in court
• If court finds you responsible (i.e., it did not produce information in its
possession, custody or control) then court can order sanctions
– Sanctions can range from fines to a terminating order that ends the case in the other party’s
favor
CLOUD COMPUTING 35
36. Inadvertent Loss/Destruction
• If the data was lost due to the Cloud Provider’s actions (or inactions), you will
need to argue that you were not at fault
– Trying to establish this fact would likely require going far beyond merely establishing who
deleted the data
– You need to show you acted diligently in selecting Cloud Provider, negotiating terms, putting
controls in place and notifying the provider in a timely manner — and that despite all of those
efforts, data was lost through no fault of yours
– Even so, minimal (if any) case law guidance on whether this argument would be adequate
– More likely, if the other party has been prejudiced by the loss of data, a sanction of some type
is likely to balance the playing field
• Recovery of fines from Cloud Provider unlikely
– Based on standard limitation of liability approaches in most cloud contracts, you may not be
able to recover damages from Cloud Provider
CLOUD COMPUTING 36
37. The “Democratization” Wrinkle
• Employees may be using cloud services without the knowledge of the
company (e.g., Google docs, Dropbox) or social media (e.g., Facebook)
• When employees leave, Plans may lose access to those password
protected accounts
• BUT, if you end up in litigation you may have had a duty to preserve
that information and/or produce it
– Cloud Providers may not store information in easily accessible, legally compliant
(i.e., “reasonably usable”) format
– Facebook and other social media services are not e-discovery friendly
– Obtaining information without employee’s password/cooperation may require
litigation against that Cloud Provider
CLOUD COMPUTING 37
38. The International Wrinkle
• What happens if a lawsuit is in the US but the other party’s headquarters is in another
country? Or what if the data is in a country where the rules are different?
• U.S. Supreme Court has held that U.S. courts may order production of documents
governed by foreign blocking laws
• Violation of French blocking statute to deliver documents in the U.S. has resulted in
criminal sanctions in France
• AccessData Corp. v. ALSTE Technologies GMBH, 2010 WL 318477 (D. Utah Jan. 21,
2010)
– ALSTE argued German privacy laws prevented collection of company emails located in Germany
– U.S. court held German law did not bar disclosure of information relevant to the litigation
– U.S. court required ALSTE to proceed with e-discovery
– Failure to produce the data after the court’s ruling would likely result in severe sanctions
– However, German Data Protection authorities have sanctioning powers, as well
• Companies with data spread across different jurisdictions may have to make difficult
choices if cloud-based data is implicated in litigation
CLOUD COMPUTING 38
40. Best Practices for Data in the Cloud
When drafting your RFP / evaluating potential Cloud Providers /
negotiating with the selected Cloud Provider
1. Know where Blue Plan data is/will be stored
- Request data center locations and consider including in contract
- Request geographic limits (e.g., “stored in the US”)
2. Protect Blue Plan data
- ISO 27001 certification, SOC 2, Cloud Security Alliance Cloud Controls Matrix
3. Ensure Blue Plan can use its data
- Make sure Blue Plan has right to access its data at all times (and the Cloud
Provider cannot hold your data “hostage” in a dispute)
- Make sure that Blue Plan can export it in a useable format
- Cloud Provider should be obligated to provide Disengagement Assistance
CLOUD COMPUTING 40
41. Best Practices for Data in the Cloud
4. Determine if Cloud Provider can comply with Blue Plan data
retention/destruction policies
- Including litigation holds
5. Subpoena / e-Discovery Requirements
- Require notice of subpoenas received by Cloud Provider that could impact your data
- Ensure that Cloud Provider will assist with e-Discovery efforts and specify costs
6. Ensure there is financial responsibility for data breaches
- Separate liability bucket
- Do not accept “as required by law” language
- Costs of notice, credit monitoring, call center should be recoverable (not consequential)
- Cyber Liability Insurance - Legal review is important !
CLOUD COMPUTING 41