Eduserv, profile picture
Uploaded byEduserv
2,004 views

Cloud Computing - a legal view from Bird & Bird

Cloud computing contracts require balancing risks, costs, and control. Key issues include jurisdiction, intellectual property licensing, regulatory compliance, availability, security, and data portability. While cloud services provide flexibility, customers must avoid contractual lock-ins that make exiting services difficult. Overall, cloud contracts reflect the multi-tenant nature of cloud computing and require customers to accept more risk and less control than traditional agreements.

Technology
Related topics:
Cloud Services

Embed presentation

Cloud Computing Barry Jennings 12th March 2013
Overview ● Striking the right balance – negotiating cloud contracts ● Taking a positive approach to data protection in the cloud ● Keeping the rights to your data & IP – licensing issues ● Staying flexible – the commercial/contractual lock-in issues to avoid ● Concluding thoughts
Striking the right balance – reviewing cloud contracts © Bird & Bird LLP 2010
Key Legal and Commercial Issues ● Commercial and legal risk analysis – contract and service issues ● Incorporation within or replacement of outsourcing arrangements ● TUPE transfers – is there a continuing activity? ● Jurisdiction & governing law issues ● Content & IP issues – what licences are required? ● Regulatory compliance – data protection, interception & communications regulations, financial services regulations © Bird & Bird LLP 2010
Risk Allocation under Contract ● Cloud computing agreements represent an arbitrage of risk, cost and control. ● Change one aspect and the other aspects – usually cost – will need to change in response. ● With most public cloud services, this balance is determined by suppliers as part of their service development and market positioning. ● The process of seeking to negotiate drives up costs so customers and suppliers should be conscious of when this is sensible and when it isn’t. ● Contract review becomes part of the service evaluation rather than a matter for negotiation and it needs to be fed in to the procurement process at an early stage. © Bird & Bird LLP 2010
Reviewing Cloud Services Agreements Implementation Service Exit / Transition •Configuration •Availability and •Notice assistance (£) performance provisions and •Acceptance service levels (£) termination Process •Service credits rights •Migration from (£) •Data portability legacy systems •Scaling – •Configuration •Integration with storage, users information other systems (£) •Transition (£) •Support (£) support (£) •Training (£) •Back-up and •Escrow (£) •Migration in - data recovery (£) •Migration out - Data Protection •Data Protection Data Protection Compliance & Security Compliance •Audit rights (£) – service element that may attract additional charges – vary between vendors © Bird & Bird LLP 2010
Taking a positive approach to data protection in the cloud © Bird & Bird LLP 2010
Data Protection, IT Security & Cybercrime ● Information assurance is critical in cloud computing and yet the regulatory and standards framework is still catching up with the technology. ● Risk-based assessments are again key in this area – see ICO Guidance. ● The regulatory regimes are still jurisdictional in nature – making transitions to the cloud incredibly complex. © Bird & Bird LLP 2010
Technical Concerns ● Multi-tenancy in cloud environments is enabled by virtualisation. ● There are questions over the security of virtual versus physical segregation. ● Deployment via the cloud means data escapes the corporate firewall. ● Encryption of data passing across the internet is crucial. ● Data migration (in and out) is a difficult undertaking even where open formats are agreed © Bird & Bird LLP 2010
Location, Location, Location ● Ability to move data gives vendors flexibility and scalability. ● Cloud vendors may wish to move data to maintain physical hardware. ● Data protection regulation tends to emphasise location of data and consider data transfer to be processing requiring consent. ● Where IT systems are globalised is systemic security and information governance more important than location? ● Jurisdiction may have rules that enforce authority access to data or court systems that make it more difficult to enforce judgments to release data. © Bird & Bird LLP 2010
Flexibility and Mobility ● Cloud computing enables access outside of the office and on mobile devices. ● This has led to BYOD – where employees want access to corporate systems from their own computers, tablets and smart phones. ● There are questions over the security of some of these devices, particularly where shared with partners and children – increase in two factor authentication. ● Deployment of data and applications outside of the corporate firewall can be more expensive and harder to control. ● However, if enterprises impose too much control, most employees can easily find alternative ways of circumventing controls (e.g. sending documents to personal email). © Bird & Bird LLP 2010
People Issues ● Fairly well-recognised that most serious data security breaches result from inadvertent or deliberate acts of employees or contractors. ● Certain cloud deployments (e.g. thin client virtual desktops) increase security by centralising control. ● Disgruntled employees are a key risk area. ● Password management, locking computers when not in use, physical security are governance rather than technical issues. © Bird & Bird LLP 2010
Staying flexible – the commercial/ contractual lock-in issues to avoid © Bird & Bird LLP 2010
Lock-in Issues ● Are minimum terms acceptable? Purist v commercial view. ● Technical barriers to data extracts. ● High charges for data extracts. ● Lack of standards. ● Termination for convenience charges. ● User resistance to change.
Concluding thoughts © Bird & Bird LLP 2010
Cloud contracts will reflect the fact that cloud services are multi-tenancy – the customer has to accept more risk and less control (not negotiable in many cases) © Bird & Bird LLP 2010
Many of the benefits of cloud computing come from the way the services are used – proper risk appraisal and strong demand © Bird & Bird LLP 2010 management
Cloud services are like cars – lots of different types that you can configure but building one especially for you could be very expensive (or dangerous) © Bird & Bird LLP 2010
Thank you Bird & Bird is an international legal practice comprising Bird & Bird LLP and its affiliated businesses. www.twobirds.com

More Related Content

PPTX
Dimension Data - Company Profile
bykojoboy
 
PDF
Wireless Center of Excellence Applications
byInfosys
 
PPTX
G-Cloud: where we are, where we're going
byEduserv
 
PDF
Nadicent_Cloud_Brochure
byTed Hartlett
 
PDF
Accelerating The Journey to IT as a Service (ITaaS) by leveraging Cloud Servi...
byJohn M. Kundtz ☛ Associate Partner / Sales Mgr / BDE
 
PPTX
Using the CloudStore and engaging with SMEs
byEduserv
 
PDF
More flexibility. More freedom in the cloud.
byNexon Asia Pacific
 
PPTX
Defra Network Open Working - a CloudStore case study
byEduserv
 
Dimension Data - Company Profile
bykojoboy
 
Wireless Center of Excellence Applications
byInfosys
 
G-Cloud: where we are, where we're going
byEduserv
 
Nadicent_Cloud_Brochure
byTed Hartlett
 
Accelerating The Journey to IT as a Service (ITaaS) by leveraging Cloud Servi...
byJohn M. Kundtz ☛ Associate Partner / Sales Mgr / BDE
 
Using the CloudStore and engaging with SMEs
byEduserv
 
More flexibility. More freedom in the cloud.
byNexon Asia Pacific
 
Defra Network Open Working - a CloudStore case study
byEduserv
 

What's hot

PDF
Cloud service providers in pune
byRichaMathur30
 
PDF
Andy Tait, Cabinet Office - public sector ICT landscape
bySocitm
 
PPTX
Dimension Data Corporate Overview Presentation (US)
byAdam Petrovsky
 
PDF
Julian David, Intellect - managed services
bySocitm
 
PPTX
Cloud Computing And The Supply Chain
bydenisosullivan
 
PPTX
G cloud - what is it?
byAndy Powell
 
PDF
Making Money in the Cloud
byGravitant, Inc.
 
PDF
Extending the Partnership to the Cloud
byBMC Software
 
PDF
Yobitel Communicaitons Corporate Brochure
byAbishek Vimala Raju
 
PPTX
Is10 innovative technology 8
byhicksonj
 
PDF
JISC11_Cloud Solutions Henry Hughes
byJisc
 
PDF
How to Build a Business Case for Unified Wired/Wireless Cloud-Managed Networks
byExtreme Networks
 
PDF
Compliance in Messaging
byCleo
 
PDF
Ims at mindtree key concepts and paradigms
byKoushik Ramani
 
PPS
Leveraging Technology Investment
bywebhostingguy
 
PPTX
The ultimate banking and financial sector with cloud computing machine !
bySai Natkar
 
PDF
Save Money Save The Environment
byCleo
 
PDF
InventureIS Profile
byS K Jha
 
PDF
Cloud service brokerage
byKorea Advanced Institute of Science and Technology
 
PDF
Evaluating Cloud Computing Risk :Recounting PBB’s Journey into the Cloud - Ke...
byKnowledge Group
 
Cloud service providers in pune
byRichaMathur30
 
Andy Tait, Cabinet Office - public sector ICT landscape
bySocitm
 
Dimension Data Corporate Overview Presentation (US)
byAdam Petrovsky
 
Julian David, Intellect - managed services
bySocitm
 
Cloud Computing And The Supply Chain
bydenisosullivan
 
G cloud - what is it?
byAndy Powell
 
Making Money in the Cloud
byGravitant, Inc.
 
Extending the Partnership to the Cloud
byBMC Software
 
Yobitel Communicaitons Corporate Brochure
byAbishek Vimala Raju
 
Is10 innovative technology 8
byhicksonj
 
JISC11_Cloud Solutions Henry Hughes
byJisc
 
How to Build a Business Case for Unified Wired/Wireless Cloud-Managed Networks
byExtreme Networks
 
Compliance in Messaging
byCleo
 
Ims at mindtree key concepts and paradigms
byKoushik Ramani
 
Leveraging Technology Investment
bywebhostingguy
 
The ultimate banking and financial sector with cloud computing machine !
bySai Natkar
 
Save Money Save The Environment
byCleo
 
InventureIS Profile
byS K Jha
 
Cloud service brokerage
byKorea Advanced Institute of Science and Technology
 
Evaluating Cloud Computing Risk :Recounting PBB’s Journey into the Cloud - Ke...
byKnowledge Group
 

Viewers also liked

PDF
Cloud computing: Legal and ethical issues in library and information services
bye-Marefa
 
PPT
Cloud computing legal issues
byAdv Prashant Mali
 
PDF
Alexis Bolin Negotiating Contract To Close
byHomesPro from Homes.com
 
PPTX
Finance Vocabulary (ESL: Personal Finance)
byKatieEnglishTutoring
 
PDF
Negotiate Like a Pro - the Four Levers of a Sale by Lessonly
byLessonly
 
PDF
Contract Drafting Under English Law
byMarian Dent
 
PPTX
Social Media and Your Staff by Brian Miller and Jean Boyle, solicitors at Sto...
byBrian Miller, Solicitor
 
PPT
Intercultural Negotiation Components Chapter 11
bySawyer Education & Training
 
PPT
Power Negotiation
byRimmon Paren
 
PPTX
Common Mistakes Attorneys [and Their Clients] Make Drafting and Negotating Co...
byASpacone
 
PPT
International Arbitration Overview
byDuguekirtley
 
PPT
Contract drafting
byArun Prakaash
 
PPT
Cloud Computing Legal Risks And Best Practices
bylisaabe
 
PPT
basics of cloud computing
byProf. Jacques Folon (Ph.D)
 
PPT
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
byBrian Miller, Solicitor
 
PPT
Ian Hempseed, Hempsons
byNCVO - National Council for Voluntary Organisations
 
PDF
How to Build, Deliver and Sell Online Courses (BESIG 2016)
byBusiness English Pod
 
PPTX
Negotiating Employment Contracts in the Year of the Dragon
byMorry Morgan
 
PPT
The Benefits Of International Arbitration
byDuguekirtley
 
PDF
Drafting Game Rules to Minimize Litigation
byEric Pesik
 
Cloud computing: Legal and ethical issues in library and information services
bye-Marefa
 
Cloud computing legal issues
byAdv Prashant Mali
 
Alexis Bolin Negotiating Contract To Close
byHomesPro from Homes.com
 
Finance Vocabulary (ESL: Personal Finance)
byKatieEnglishTutoring
 
Negotiate Like a Pro - the Four Levers of a Sale by Lessonly
byLessonly
 
Contract Drafting Under English Law
byMarian Dent
 
Social Media and Your Staff by Brian Miller and Jean Boyle, solicitors at Sto...
byBrian Miller, Solicitor
 
Intercultural Negotiation Components Chapter 11
bySawyer Education & Training
 
Power Negotiation
byRimmon Paren
 
Common Mistakes Attorneys [and Their Clients] Make Drafting and Negotating Co...
byASpacone
 
International Arbitration Overview
byDuguekirtley
 
Contract drafting
byArun Prakaash
 
Cloud Computing Legal Risks And Best Practices
bylisaabe
 
basics of cloud computing
byProf. Jacques Folon (Ph.D)
 
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
byBrian Miller, Solicitor
 
Ian Hempseed, Hempsons
byNCVO - National Council for Voluntary Organisations
 
How to Build, Deliver and Sell Online Courses (BESIG 2016)
byBusiness English Pod
 
Negotiating Employment Contracts in the Year of the Dragon
byMorry Morgan
 
The Benefits Of International Arbitration
byDuguekirtley
 
Drafting Game Rules to Minimize Litigation
byEric Pesik
 

Similar to Cloud Computing - a legal view from Bird & Bird

PDF
Bird&Bird
byFrits Bussemaker
 
PDF
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
PPTX
Executive Briefing: Strategic Issues Surrounding Cloud Services
byWhitmeyerTuffin
 
PDF
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
PPT
Risks and Benefits of Cloud Computing
byDLA Piper (Canada) LLP
 
PPTX
Cloud Computing : Security and Forensics
byGovind Maheswaran
 
PDF
Loughtec cloud computing
byLoughtec
 
PPTX
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
bySAP Ariba
 
PPTX
Coud discovery chap 6
byAlain Charpentier
 
PPTX
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
byLivingstone Advisory
 
PDF
Cloud computing: opportunities and risks
byCloud Legal Project
 
PPTX
Cloud securityperspectives cmg
byNeha Dhawan
 
PDF
Cloud Computing Contracts and Services: What's Really Happening Out There? T...
byCloud Legal Project
 
PDF
The Complexities of Cloud Computing - The Rules are New, But is the Game
byJanine Anthony Bowen, Esq.
 
PDF
Considering The Cloud? Thinking Beyond The Readme File
byBill Malchisky Jr.
 
PDF
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
PDF
Ibm cloud security who do you trust thought leadership white paper-ibm
byNone
 
PDF
Cloud computing white paper who do you trust
byArun Gopinath
 
PDF
Building a Strong Foundation for Your Cloud with Identity Management
byNishant Kaushik
 
PDF
Public/Private Cloud Securtiy Trends & Awareness
bySoftware Park Thailand
 
Bird&Bird
byFrits Bussemaker
 
Info Sec 2010 Possibilities And Security Challenges Of Cloud Computing (Han...
byptaglephd
 
Executive Briefing: Strategic Issues Surrounding Cloud Services
byWhitmeyerTuffin
 
IBM Point of View: Security and Cloud Computing
byIBM India Smarter Computing
 
Risks and Benefits of Cloud Computing
byDLA Piper (Canada) LLP
 
Cloud Computing : Security and Forensics
byGovind Maheswaran
 
Loughtec cloud computing
byLoughtec
 
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and Risks
bySAP Ariba
 
Coud discovery chap 6
byAlain Charpentier
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
byLivingstone Advisory
 
Cloud computing: opportunities and risks
byCloud Legal Project
 
Cloud securityperspectives cmg
byNeha Dhawan
 
Cloud Computing Contracts and Services: What's Really Happening Out There? T...
byCloud Legal Project
 
The Complexities of Cloud Computing - The Rules are New, But is the Game
byJanine Anthony Bowen, Esq.
 
Considering The Cloud? Thinking Beyond The Readme File
byBill Malchisky Jr.
 
IBM Point of view -- Security and Cloud Computing (Tivoli)
byIBM India Smarter Computing
 
Ibm cloud security who do you trust thought leadership white paper-ibm
byNone
 
Cloud computing white paper who do you trust
byArun Gopinath
 
Building a Strong Foundation for Your Cloud with Identity Management
byNishant Kaushik
 
Public/Private Cloud Securtiy Trends & Awareness
bySoftware Park Thailand
 

More from Eduserv

PDF
Mobius from Maplesoft
byEduserv
 
PPTX
OpenAthens product update
byEduserv
 
PPTX
Phase two of OpenAthens SP evolution including OpenID connect option
byEduserv
 
PPTX
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
byEduserv
 
PPTX
Generating leads with content marketing
byEduserv
 
PPTX
Lightning talk - EBSCO
byEduserv
 
PPTX
Our product development methodology
byEduserv
 
PPTX
How Eduserv are helping local government organisations
byEduserv
 
PPTX
Is cloud the right fit for your needs?
byEduserv
 
PPTX
Planning your cloud strategy: Adur and Worthing Councils
byEduserv
 
PPTX
Lightning talk - Boopsie
byEduserv
 
PPTX
Phase one of OpenAthens SP evolution
byEduserv
 
PPTX
OpenAthens Customer Conference - Welcome address
byEduserv
 
PPTX
Key considerations when mapping your end user experience
byEduserv
 
PPTX
Partnership Licensing - allowing access to licensed resources
byEduserv
 
PPTX
Lightning talk - Third Iron BrowZine
byEduserv
 
PPTX
How Readers Discover Content
byEduserv
 
PPTX
Lightning talk - Eduserv Chest Agreements
byEduserv
 
PDF
QSR NVivo
byEduserv
 
PPTX
Lightning talk - Softlink
byEduserv
 
Mobius from Maplesoft
byEduserv
 
OpenAthens product update
byEduserv
 
Phase two of OpenAthens SP evolution including OpenID connect option
byEduserv
 
Pre-launch introduction to the new OpenAthens SP dashboard - 13/09/2016
byEduserv
 
Generating leads with content marketing
byEduserv
 
Lightning talk - EBSCO
byEduserv
 
Our product development methodology
byEduserv
 
How Eduserv are helping local government organisations
byEduserv
 
Is cloud the right fit for your needs?
byEduserv
 
Planning your cloud strategy: Adur and Worthing Councils
byEduserv
 
Lightning talk - Boopsie
byEduserv
 
Phase one of OpenAthens SP evolution
byEduserv
 
OpenAthens Customer Conference - Welcome address
byEduserv
 
Key considerations when mapping your end user experience
byEduserv
 
Partnership Licensing - allowing access to licensed resources
byEduserv
 
Lightning talk - Third Iron BrowZine
byEduserv
 
How Readers Discover Content
byEduserv
 
Lightning talk - Eduserv Chest Agreements
byEduserv
 
QSR NVivo
byEduserv
 
Lightning talk - Softlink
byEduserv
 

Recently uploaded

PDF
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PDF
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
PPTX
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
PDF
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
PPT
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
PDF
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
PDF
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 
PDF
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
PDF
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PDF
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 
Chapter 1 Introduction to Computer Security.pdf
byGetnet Tigabie Askale -(GM)
 
DataLiva-LivaGRC- Business Software for Governance, Risk, and Compliance
byMustafa Kuğu
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
Generating Structured Outputs from Unstructured Content Using LLMs
byEnterprise Knowledge
 
Information about Trusted Platform Module(TPM)
bynewtoknow techs
 
Master the FME Connector for ArcGIS: Streamlined Data Management & Robust Met...
bySafe Software
 
HDTV and DTV Standards: The United States Opts for a Digital HDTV Standard
byJeffrey Hart
 
Digital Transformation Services The Key to Futureproofing Your Business
byQuadrafort Technolgies
 
From Compliance to Competitive Advantage Board-Level Cyber Governance Under D...
bySaraDavis91
 
The Future of AI-Powered Fashion Design 10 Top Generators for 2026
bymockitseo
 
Josh Chu Boston - An Innovative Technology Executive
byJosh Chu Boston
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Beyond BBB: Practical Alternatives to Posterior Approximation in Bayesian Neu...
byTomasz Kusmierczyk
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Scott M. Graffius' Phases of Team Development - Applied to Human Teams and Hu...
byScott M. Graffius
 

Cloud Computing - a legal view from Bird & Bird

  • 1.
    Cloud Computing Barry Jennings 12th March 2013
  • 2.
    Overview ● Striking theright balance – negotiating cloud contracts ● Taking a positive approach to data protection in the cloud ● Keeping the rights to your data & IP – licensing issues ● Staying flexible – the commercial/contractual lock-in issues to avoid ● Concluding thoughts
  • 3.
    Striking the rightbalance – reviewing cloud contracts © Bird & Bird LLP 2010
  • 4.
    Key Legal andCommercial Issues ● Commercial and legal risk analysis – contract and service issues ● Incorporation within or replacement of outsourcing arrangements ● TUPE transfers – is there a continuing activity? ● Jurisdiction & governing law issues ● Content & IP issues – what licences are required? ● Regulatory compliance – data protection, interception & communications regulations, financial services regulations © Bird & Bird LLP 2010
  • 5.
    Risk Allocation underContract ● Cloud computing agreements represent an arbitrage of risk, cost and control. ● Change one aspect and the other aspects – usually cost – will need to change in response. ● With most public cloud services, this balance is determined by suppliers as part of their service development and market positioning. ● The process of seeking to negotiate drives up costs so customers and suppliers should be conscious of when this is sensible and when it isn’t. ● Contract review becomes part of the service evaluation rather than a matter for negotiation and it needs to be fed in to the procurement process at an early stage. © Bird & Bird LLP 2010
  • 6.
    Reviewing Cloud ServicesAgreements Implementation Service Exit / Transition •Configuration •Availability and •Notice assistance (£) performance provisions and •Acceptance service levels (£) termination Process •Service credits rights •Migration from (£) •Data portability legacy systems •Scaling – •Configuration •Integration with storage, users information other systems (£) •Transition (£) •Support (£) support (£) •Training (£) •Back-up and •Escrow (£) •Migration in - data recovery (£) •Migration out - Data Protection •Data Protection Data Protection Compliance & Security Compliance •Audit rights (£) – service element that may attract additional charges – vary between vendors © Bird & Bird LLP 2010
  • 7.
    Taking a positiveapproach to data protection in the cloud © Bird & Bird LLP 2010
  • 8.
    Data Protection, ITSecurity & Cybercrime ● Information assurance is critical in cloud computing and yet the regulatory and standards framework is still catching up with the technology. ● Risk-based assessments are again key in this area – see ICO Guidance. ● The regulatory regimes are still jurisdictional in nature – making transitions to the cloud incredibly complex. © Bird & Bird LLP 2010
  • 9.
    Technical Concerns ● Multi-tenancy in cloud environments is enabled by virtualisation. ● There are questions over the security of virtual versus physical segregation. ● Deployment via the cloud means data escapes the corporate firewall. ● Encryption of data passing across the internet is crucial. ● Data migration (in and out) is a difficult undertaking even where open formats are agreed © Bird & Bird LLP 2010
  • 10.
    Location, Location, Location ● Ability to move data gives vendors flexibility and scalability. ● Cloud vendors may wish to move data to maintain physical hardware. ● Data protection regulation tends to emphasise location of data and consider data transfer to be processing requiring consent. ● Where IT systems are globalised is systemic security and information governance more important than location? ● Jurisdiction may have rules that enforce authority access to data or court systems that make it more difficult to enforce judgments to release data. © Bird & Bird LLP 2010
  • 11.
    Flexibility and Mobility ● Cloud computing enables access outside of the office and on mobile devices. ● This has led to BYOD – where employees want access to corporate systems from their own computers, tablets and smart phones. ● There are questions over the security of some of these devices, particularly where shared with partners and children – increase in two factor authentication. ● Deployment of data and applications outside of the corporate firewall can be more expensive and harder to control. ● However, if enterprises impose too much control, most employees can easily find alternative ways of circumventing controls (e.g. sending documents to personal email). © Bird & Bird LLP 2010
  • 12.
    People Issues ●Fairly well-recognised that most serious data security breaches result from inadvertent or deliberate acts of employees or contractors. ● Certain cloud deployments (e.g. thin client virtual desktops) increase security by centralising control. ● Disgruntled employees are a key risk area. ● Password management, locking computers when not in use, physical security are governance rather than technical issues. © Bird & Bird LLP 2010
  • 13.
    Staying flexible –the commercial/ contractual lock-in issues to avoid © Bird & Bird LLP 2010
  • 14.
    Lock-in Issues ●Are minimum terms acceptable? Purist v commercial view. ● Technical barriers to data extracts. ● High charges for data extracts. ● Lack of standards. ● Termination for convenience charges. ● User resistance to change.
  • 15.
  • 16.
    Cloud contracts willreflect the fact that cloud services are multi-tenancy – the customer has to accept more risk and less control (not negotiable in many cases) © Bird & Bird LLP 2010
  • 17.
    Many of thebenefits of cloud computing come from the way the services are used – proper risk appraisal and strong demand © Bird & Bird LLP 2010 management
  • 18.
    Cloud services arelike cars – lots of different types that you can configure but building one especially for you could be very expensive (or dangerous) © Bird & Bird LLP 2010
  • 19.
    Thank you Bird &Bird is an international legal practice comprising Bird & Bird LLP and its affiliated businesses. www.twobirds.com