The document provides an executive briefing on strategic issues surrounding cloud services. It defines different types of cloud services and models. It also discusses the business drivers for cloud computing including cost optimization, risk optimization, and strategic agility. Additionally, it outlines some of the legal and security risks organizations should consider when using cloud services, such as data privacy and protection, contracting risks, and security vulnerabilities. It emphasizes the importance of having appropriate security policies, service level agreements, and terms in cloud contracts.
This presentation will highlight the key legal issues associated with cloud computing and some implementation methods for minimizing or mitigating those risks.
There are numerous legal issues in cloud computing like operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and jurisdictional issues. Security, privacy and confidentiality remain the biggest concern for the data owner, as when the data is stored on the cloud the same might be accessible to multiple users. There is concern for its safety and protection of valuable data and trade secrets. Then there are intellectual property issues regarding ownership of and rights in information and services placed in the cloud.
Presentation from Chesapeake Regional Tech Council\'s TechFocus Seminar on Cloud Security; Presented by Mike Sandberg, SVP and CTO, Federal Systems, Vision Technologies Incorporated on Thursday, October 27, 2011. http://www.chesapeaketech.org
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
Steve Roderick, CEO of gotoBilling, differentiates his end-to-end software payment service in a highly competitive marketplace. How? He trusts a formula that’s a critical component of every business. Sound security — particularly when properly layered — helps organizations defend against breach, protect their brands, ensure compliance and avoid fines. And it’s a message that’s resonating with customers and winning business.
Presentation at the 3rd Annual Convention of the Affiliated Lawyers of the Americas http://www.affiliatedlawyers.org/). Conference focused on the status of the Mexican economy and developing opportunities for small business to conduct business across borders.
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
This is a lightning presentation given by Nhan Nguyen to our team for the purpose of knowledge sharing in support of our efforts to create a culture of learning.
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...IndicThreads
Session presented at the 2nd IndicThreads.com Conference on Cloud Computing held in Pune, India on 3-4 June 2011.
http://CloudComputing.IndicThreads.com
Abstract:As the cloud adoption increases, there is a growing concern about the lock-in of customers into the various cloud platforms. This session will discuss various major cloud platforms, the type of lock-in the customer will face in each of these platforms and what each customer can do to minimize their lock-in.
Key takeaways for audience are:
Understand what is cloud lock-in
Types of cloud vendor lock-ins
What is cloud interoperability
Major initiatives around cloud interoperability standards
Goals, differences and players/proponents of these major standards
Steps to minimize cloud lock-in for your customers
Speaker: Ashwin Waknis is a Sr. IT professional with 15 years in the industry. Ashwin is currently head of the Cloud Professional Services Business at Persistent Systems. Before that Ashwin was a Sr. Product Manager at Cisco Systems where he lead major initiatives around Knowledge Management, Enterprise Portal, Web 2.0/Social softwares and Enterprise Search. For the last 2 years, Ashwin has been involved in Cloud Computing initiatives first at Cisco and then at Persistent Systems.Ashwin has spoken at many customer workshops and events organized for educational institutes.
This presentation will highlight the key legal issues associated with cloud computing and some implementation methods for minimizing or mitigating those risks.
There are numerous legal issues in cloud computing like operational, legislative or regulatory, security, third party contractual limitations, risk allocation or mitigation, and jurisdictional issues. Security, privacy and confidentiality remain the biggest concern for the data owner, as when the data is stored on the cloud the same might be accessible to multiple users. There is concern for its safety and protection of valuable data and trade secrets. Then there are intellectual property issues regarding ownership of and rights in information and services placed in the cloud.
Presentation from Chesapeake Regional Tech Council\'s TechFocus Seminar on Cloud Security; Presented by Mike Sandberg, SVP and CTO, Federal Systems, Vision Technologies Incorporated on Thursday, October 27, 2011. http://www.chesapeaketech.org
Case Study - Currency from the Cloud: Security & Compliance for Payment ProviderArmor
Steve Roderick, CEO of gotoBilling, differentiates his end-to-end software payment service in a highly competitive marketplace. How? He trusts a formula that’s a critical component of every business. Sound security — particularly when properly layered — helps organizations defend against breach, protect their brands, ensure compliance and avoid fines. And it’s a message that’s resonating with customers and winning business.
Presentation at the 3rd Annual Convention of the Affiliated Lawyers of the Americas http://www.affiliatedlawyers.org/). Conference focused on the status of the Mexican economy and developing opportunities for small business to conduct business across borders.
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
The Cloud & I, The CISO challenges with Cloud Computing Moshe Ferber
The Cloud is a challenge for the Security professional, but also creates opportunities. In this presentation we will overview the different cloud challenges according to each market sector.
This is a lightning presentation given by Nhan Nguyen to our team for the purpose of knowledge sharing in support of our efforts to create a culture of learning.
Cloud Lock-in vs. Cloud Interoperability - Indicthreads cloud computing conf...IndicThreads
Session presented at the 2nd IndicThreads.com Conference on Cloud Computing held in Pune, India on 3-4 June 2011.
http://CloudComputing.IndicThreads.com
Abstract:As the cloud adoption increases, there is a growing concern about the lock-in of customers into the various cloud platforms. This session will discuss various major cloud platforms, the type of lock-in the customer will face in each of these platforms and what each customer can do to minimize their lock-in.
Key takeaways for audience are:
Understand what is cloud lock-in
Types of cloud vendor lock-ins
What is cloud interoperability
Major initiatives around cloud interoperability standards
Goals, differences and players/proponents of these major standards
Steps to minimize cloud lock-in for your customers
Speaker: Ashwin Waknis is a Sr. IT professional with 15 years in the industry. Ashwin is currently head of the Cloud Professional Services Business at Persistent Systems. Before that Ashwin was a Sr. Product Manager at Cisco Systems where he lead major initiatives around Knowledge Management, Enterprise Portal, Web 2.0/Social softwares and Enterprise Search. For the last 2 years, Ashwin has been involved in Cloud Computing initiatives first at Cisco and then at Persistent Systems.Ashwin has spoken at many customer workshops and events organized for educational institutes.
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...accacloud
Cloud Computing is poised to transform how information technology is used by the Financial Services Industry (FSI). However, this transformation can only come about if the FSI has confidence that the use of Cloud Computing will not interfere with legal obligations and sound business practice.
This document has been created in partnership between Financial Institutions (FIs), Cloud Service Providers (CSP), Financial Regulators and industry bodies. It proposes Safe Cloud Principles in the form of a unified, condensed and clarified set of best practices to help FIs to focus on and navigate through the relevant regulatory issues when contemplating a move to the cloud. The Safe
Cloud Principles cover key requirements such as confidentiality, availability and integrity and are derived from the very laws, regulations and guidelines with which FIs must comply.
For more information, visit http://www.asiacloudcomputing.org
Webinar presented live on April 19, 2017
The Cloud Standards Customer Council has published a reference architecture for securing workloads on cloud services. The aim of this new guide is to provide a practical reference to help IT architects and IT security professionals architect, install, and operate the information security components of solutions built using cloud services.
Building business solutions using cloud services requires a clear understanding of the available security services, components and options, allied to a clear architecture which provides for the complete lifecycle of the solutions, covering development, deployment and operations. This webinar will discuss specific security services and corresponding best practices for deploying a comprehensive cloud security architecture.
Read the whitepaper: http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
3. CLOUD DEFINITION
Automation Elastic Scale Orchestration
Key
Characteristics On-Demand Global Secure
Utility Billing
Self Service Access
Software as a Platform as a Infrastructure as a
Service Types Service (SaaS) Service (PaaS) Service (IaaS)
Cloud Types Public Private Hybrid Community
Thanks to Geoff Sinn and Dimension Data for certain slides. NIST = The National Institute of Standards and Technology
3
5. BASIC DEFINITIONS: CLOUD TYPES
• A Cloud architecture that is deployed for the sole use of a single
Private Cloud enterprise – and resides on the enterprise premise (i.e. on-premise)
• A Cloud architecture that is deployed for the sole use of a single
Hosted Private Cloud enterprise – but hosted by a cloud services provider (i.e. off-premise)
• A Cloud architecture that is deployed for the provision of public cloud
services – a cloud architecture that serve multiple enterprises – hence
Public Cloud sharing of underlying infrastructure elements occur (to varying
degrees, based on the actual service type).
• A dedicated partition within a Public Cloud architecture that is
allocated to a single enterprise – hence certain elements of the
Virtual Private Cloud architecture are shared, while others are dedicated to a single
enterprise (related to the service type).
• A Cloud architecture that is made up of a combination of previous
Hybrid Cloud Cloud Types – most often a combination of Private and Public Cloud
Architectures (once again related to the service types).
• A Public Cloud Architecture for the provision of cloud services to a
Community Cloud specific or limited community or segment or vertical.
5
7. BREAKDOWN OF PUBLIC CLOUD
• Finished Application that
you rent and customize
• Developer Platform that
abstracts the infrastructure,
OS and middleware to drive
developer productivity
• Deployment platform that
abstracts the infrastructure
Source: Forrester Research Inc.
7
9. BUSINESS DRIVERS OF CLOUD COMPUTING
Cost Optimization Risk Optimization Strategic Agility
• No capex, less assets • Business continuity • Time-to-market
• Pay-as-you-use • Technology • Innovation
• On-demand capacity independence • New business models
• Elasticity • Operational complexity • Resource leverage
• Economies of scale • Specialized skills
• Time-to-value
9
10. ECONOMICS OF CLOUD COMPUTING/SAAS
Recommend resources from VC firm Updata Partners (Carter
Griffin) web site:
http://www.updatapartners.com/resources/12/SEVC-Cloud-Presentation/
SE Venture Conference 2013 Presentation on Cloud
Computing
Growth in Cloud market from $14B in 2010 to $60B in
2016
SMB’s are early adopters
Cloud Computing: GMPP, rCAC and the Importance of
Component Level Analysis -- Key metrics for measuring and
managing a SaaS business
Cloud Computing: A Closer Look at Churn -- a deeper
analysis of churn and its impact on SaaS businesses
10
12. Main areas of legal risk:
Keeping data “secure” to:
Manage personal information in compliance with
growing number of laws and regulations, and
Maintain trade secrets/other IP
Avoiding contract risk and the customer-supplier
“gap”
12
13. CLOUD COMPUTING AND SECURITY
Advantages Disadvantages
Data Dispersal Lack of Transparency
Data Fragmentation Lack of Responsiveness
Secure Data Centers “Trading Market” of
Subcontractors
Multiple Customer
Demands Vendor Lock-In
Easier Patching and
Updates
13
14. UPDATES IN PRIVACY AND SECURITY LAW
HIPAA Updates
This month – 10 year anniversary for HIPAA
2009 Hi-Tech imposed obligations on vendors (“Business Associates”)
New Omnibus Rule effective March 26, 2013; compliance required generally by
September 23, 2013. Enhanced obligations on Business Associates and
increased penalties.
Massachusetts Data Security Act
Effective March 2010; contract requirements effective March 2012
Requires contract terms with vendors; written security policy; and that certain
personal information to be encrypted
New COPPA Regulations
Published December 2012; compliance required July 1, 2013
Now covers third-party plugins, ad networks
Expands what constitutes personal information (e.g. IP Addresses)
14
15. UPDATES IN PRIVACY AND SECURITY LAW
EU Data Protection Proposed Regulations
In January 2012, detailed revisions proposed to make the law more
uniform across the EU, and increases protections and possible penalties
US companies seeking to transfer personal information from EU to US
must follow a safe harbor certification/filing approach or other rules to
comply with EU regulations
FTC:
Concerns have increased from use and sale of personal information, to
use of IP addresses, device identifiers, and other information not
normally considered as personally identifiable
Breach Notification Laws:
NC Identity Theft Protection Act of 2005
Virtually all states have adopted similar statutes
15
16. SECURITY POLICY
Legal Requirement to have a Written Information Security Policy:
NC law: All companies must have written procedures relating to the destruction
of personal records as official policy
Mass. Data Security Act: organizations that handle information about Mass.
residents must have a comprehensive written information security program
HIPAA/Hi-Tech: Also requires a written information security program
Federal Trade Commission: Failure to protect personal information by using
reasonable security can be an unfair and deceptive trade practice
Other Good Reasons for a “WISP”
Complying with breach notification laws
Assuring compliance with required privacy notices (e.g. California requirement)
Protecting intellectual property
Satisfying officer and director fiduciary obligations
Complying with contracts
Increasing value of company to buyers
Dealing with subpoenas and related requests for electronic information in
discovery
16
17. CONTRACTING IN THE CLOUD
Typically service agreements, not licenses
Often offered via “click and accept” agreements
Sometimes incorporate by reference other terms of
use and policies
Sometimes purport to be changeable without notice
by the vendor
17
18. CONTRACT TERMS: SECURITY AND PRIVACY
Confidentiality
Obligation to maintain reasonable and effective
physical, technical and administrative security
measures
Compliance with all applicable data privacy and
security laws
Right to review security/disaster recovery policies
Right to audit and test security
18
19. CONTRACT TERMS: SECURITY AND PRIVACY
Notification in the case of breach
Indemnification for breaches/payment of costs
of required notices to customers
Require use of encryption
Restrictions on use of subcontractors and
downstream sharing of information
Restrictions on where data can be stored
19
20. CONTRACT TERMS: DATA ISSUES
Ownership and Use of Data
Disposition of Data on Termination
Location of Data
Legal / Government Request to Access Data
20
21. CONTRACT TERMS: SLA’S
Uptime
Performance & Response Time
Error Correction Time
Infrastructure / Security
Performance Credits
Use of Measurement Technology
Notice/Reporting Obligations
21
22. CONTRACT TERMS: PRICING
Monthly service fees
Per user or provider, or based on transactions?
When does it start?
Implementation fees
Commitment to start date?
Add-on pricing
Payment terms
Caps on increase in fees
22
23. CONTRACT TERMS: TERM & TERMINATION
Length
Termination Rights
Termination Penalties
Data Rights upon Termination
Vendor Termination or Suspension
Automatic Renewal
23
24. KEY TAKEAWAYS
Companies (vendors and users) should:
review the laws applicable to their situation, and
update security practices, policies and
procedures as needed
perform appropriate due diligence and contract
negotiations for important cloud contracts
review insurance policies and possibility for
additional insurance
24