SlideShare a Scribd company logo

@COISSA Cloud Computing and Privacy

Download as PPTX, PDF
Dino Tsibouris
Dino Tsibouris

Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues.

Law
1 of 26
Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com
Outline 1. Cloud Contracting 2. Cloud Security 3. Government Access to Data in the Cloud 4. EU Safe Harbor and Transfers of Personal Data from Europe
Contracting
Contracting
Contracting • Liability –Unlimited –Capped
Contracting
Contracting • Indemnification –Intellectual property –Violation of laws –Violation of agreement –Gross negligence
Contracting • Service Levels –Availability, scheduled maintenance, emergency maintenance –Performance, response time, latency • Security –Certification –Encryption in transit, at rest, in backups
Contracting • Vulnerabilities –Treat vulnerabilities like security breaches –Demand: • Notification • Action plan • Remediation • Mitigation
Security in Practice • Major cloud providers implement reasonable or appropriate measure. • You are responsible for your configuration. • You get Service Levels, but no other warranties. • Liability is limited, typically to 12-month’s fees.
Security in Practice • Major cloud providers implement reasonable or appropriate measure. • You are responsible for your configuration. • You get Service Levels, but no other warranties. • Liability is limited, typically to 12-month’s fees.
Security in Practice - AWS • 3.1 AWS Security. Without limiting Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
Security in Practice - AWS • 4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.
Security in Practice - AWS THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.
Security in Practice - Azure We maintain appropriate technical and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, or unlawful destruction. Current information about our security practices can be found within the Trust Center. You are wholly responsible for configuring your Customer Solution to ensure adequate security, protection, and backup of Customer Data.
Security in Practice - Azure We will comply with all laws applicable to our provision of the Services, including applicable security breach notification laws, but not including any laws applicable to you or your industry that are not generally applicable to information technology services providers. You will comply with all laws applicable to your Customer Solution, Customer Data, and your use of the Services, including any laws applicable to you or your industry.
Security in Practice - Azure Limited warranty. We warrant that the Services will meet the terms of the SLAs during the Term. Your only remedies for breach of this warranty are those in the SLAs.
Security in Practice - Azure DISCLAIMER. Other than this warranty, we provide no warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability or fitness for a particular purpose. These disclaimers will apply except to the extent applicable law does not permit them.
Privacy in the Cloud - AWS You may specify the AWS regions in which Your Content will be stored and accessible by End Users. We will not move Your Content from your selected AWS regions without notifying you, unless required to comply with the law or requests of governmental entities. You consent to our collection, use and disclosure of information associated with the Service Offerings in accordance with our Privacy Policy...
Government Access to Data
Government Access to Data • Cybersecurity Information Sharing Act • Allows sharing of cybersecurity threat data with the DHS • Passed in Senate and House, in reaction to Sony, Anthem, and OPM breaches • Broad sharing of personal information with the government with few privacy protection in place
International Privacy Issues
Possible Alternatives • Standard Contractual Clauses (Model Clauses) • Binding Corporate Rules • Derogations in Law –Necessary for performance of contract –Unambiguous, informed, freely given, specific consent • January 31, 2016 deadline by European privacy regulators
General Data Protection Regulation • EU member states in final stages of negotiations • Expected in the next year or so • Includes data breach notification obligation • Fines as high as 2% of annual turnover
Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com Questions & Answers

Recommended

Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Data security
Data securityData security
Data securityForeSolutions
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityShitiz Upreti
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 

Recommended

Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Recovering from a Cyber Attack
Recovering from a Cyber AttackRecovering from a Cyber Attack
Recovering from a Cyber AttackShawn Tuma
 
Information Security Lecture #1 ppt
Information Security Lecture #1 pptInformation Security Lecture #1 ppt
Information Security Lecture #1 pptvasanthimuniasamy
 
Data security
Data securityData security
Data securityForeSolutions
 
Introduction to Network Security
Introduction to Network SecurityIntroduction to Network Security
Introduction to Network SecurityShitiz Upreti
 
FRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByFRSecure's Ten Security Principles to Live (or die) By
FRSecure's Ten Security Principles to Live (or die) ByEvan Francen
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
Seclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore for Forcepoint DLP
Seclore for Forcepoint DLPSeclore
 
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqSHIVA101531
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecurityHudson Valley Public Relations
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
IT security
IT securityIT security
IT securityAman Jain
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
IT Policy
IT PolicyIT Policy
IT PolicySensewareInfomedia
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awarenessKanishk Raj
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 
2-01A-312_Rev002
2-01A-312_Rev0022-01A-312_Rev002
2-01A-312_Rev002Kevin Wilson
 
MOD-20160222
MOD-20160222MOD-20160222
MOD-20160222MagtrónicaOpenData - MOD
 

More Related Content

What's hot

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Shawn Tuma
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Shawn Tuma
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqSHIVA101531
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation pptvaishalshah01
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance SolutionsSeclore
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreSeclore
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadaysPECB
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System SecurityKiran Munir
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected WorldRussell_Kennedy
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeShawn Tuma
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachJim Brashear
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awarenessKanishk Raj
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issuesHaseeb Ahmed Awan
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsJoshua Berman
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Seclore
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionSkyport Systems
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data ProtectionSeclore
 

What's hot (20)

Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
Cybersecurity is a Team Sport: How to Use Teams, Strategies, and Processes to...
 
Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.Real World Cyber Risk. Understand it. Manage it.
Real World Cyber Risk. Understand it. Manage it.
 
Respond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security reqRespond to the following in a minimum of 175 words security req
Respond to the following in a minimum of 175 words security req
 
Information security group presentation ppt
Information security group presentation pptInformation security group presentation ppt
Information security group presentation ppt
 
Simple Safe Steps to Cyber Security
Simple Safe Steps to Cyber SecuritySimple Safe Steps to Cyber Security
Simple Safe Steps to Cyber Security
 
Data Security For Insurance Solutions
Data Security For Insurance SolutionsData Security For Insurance Solutions
Data Security For Insurance Solutions
 
Customer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | SecloreCustomer Data Privacy & Protection | Seclore
Customer Data Privacy & Protection | Seclore
 
The importance of information security nowadays
The importance of information security nowadaysThe importance of information security nowadays
The importance of information security nowadays
 
Infomation System Security
Infomation System SecurityInfomation System Security
Infomation System Security
 
Cyber Security in the Interconnected World
Cyber Security in the Interconnected WorldCyber Security in the Interconnected World
Cyber Security in the Interconnected World
 
The Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should IncludeThe Legal Case for Cyber Risk Management Programs and What They Should Include
The Legal Case for Cyber Risk Management Programs and What They Should Include
 
IT security
IT securityIT security
IT security
 
A Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data BreachA Brave New World of Cyber Security and Data Breach
A Brave New World of Cyber Security and Data Breach
 
IT Policy
IT PolicyIT Policy
IT Policy
 
End user security awareness
End user security awarenessEnd user security awareness
End user security awareness
 
Information security and other issues
Information security and other issuesInformation security and other issues
Information security and other issues
 
Security Kung Fu: Firewall Logs
Security Kung Fu: Firewall LogsSecurity Kung Fu: Firewall Logs
Security Kung Fu: Firewall Logs
 
Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions Mcafee CASB/DLP + Seclore Rights Management Solutions
Mcafee CASB/DLP + Seclore Rights Management Solutions
 
Active Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval ProtectionActive Directory: Modern Threats, Medieval Protection
Active Directory: Modern Threats, Medieval Protection
 
Inbound Data Protection
Inbound Data ProtectionInbound Data Protection
Inbound Data Protection
 

Viewers also liked

Analysing Shot By Shot
Analysing Shot By ShotAnalysing Shot By Shot
Analysing Shot By ShotLucy McKenna
 
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassa
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassaMikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassa
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassaHeidi Harkonen
 
Proposal_Coutant_SW_Upgrade
Proposal_Coutant_SW_UpgradeProposal_Coutant_SW_Upgrade
Proposal_Coutant_SW_UpgradeKevin Wilson
 
74-2RHR-R059_Rev002
74-2RHR-R059_Rev00274-2RHR-R059_Rev002
74-2RHR-R059_Rev002Kevin Wilson
 
Assure unit plan
Assure unit planAssure unit plan
Assure unit planreavis2
 
Proposal Conemaugh Bottom Supports
Proposal Conemaugh Bottom SupportsProposal Conemaugh Bottom Supports
Proposal Conemaugh Bottom SupportsKevin Wilson
 
Government Enterprise Architecture for New Zealand v3.1
Government Enterprise Architecture for New Zealand v3.1Government Enterprise Architecture for New Zealand v3.1
Government Enterprise Architecture for New Zealand v3.1Regine Deleu
 
Raj Sekhar Sengupta - Resume -Final - Copy
Raj Sekhar Sengupta - Resume -Final - CopyRaj Sekhar Sengupta - Resume -Final - Copy
Raj Sekhar Sengupta - Resume -Final - CopyRajsekhar Sengupta
 
25 ways to reinvent your business sniukas
25 ways to reinvent your business sniukas25 ways to reinvent your business sniukas
25 ways to reinvent your business sniukasDr. Marc Sniukas
 
What is Business Model Innovation?
What is Business Model Innovation?What is Business Model Innovation?
What is Business Model Innovation?Dr. Marc Sniukas
 

Viewers also liked (18)

2-01A-312_Rev002
2-01A-312_Rev0022-01A-312_Rev002
2-01A-312_Rev002
 
MOD-20160222
MOD-20160222MOD-20160222
MOD-20160222
 
MOD-20160705s
MOD-20160705sMOD-20160705s
MOD-20160705s
 
Analysing Shot By Shot
Analysing Shot By ShotAnalysing Shot By Shot
Analysing Shot By Shot
 
2-62A-809_Rev002
2-62A-809_Rev0022-62A-809_Rev002
2-62A-809_Rev002
 
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassa
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassaMikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassa
Mikä sinua motivoi, ihmissuhteiden merkitys elämänhallinnassa
 
Proposal_Coutant_SW_Upgrade
Proposal_Coutant_SW_UpgradeProposal_Coutant_SW_Upgrade
Proposal_Coutant_SW_Upgrade
 
MOD-20160730
MOD-20160730MOD-20160730
MOD-20160730
 
74-2RHR-R059_Rev002
74-2RHR-R059_Rev00274-2RHR-R059_Rev002
74-2RHR-R059_Rev002
 
02964-4E9256-00
02964-4E9256-0002964-4E9256-00
02964-4E9256-00
 
Assure unit plan
Assure unit planAssure unit plan
Assure unit plan
 
Proposal Conemaugh Bottom Supports
Proposal Conemaugh Bottom SupportsProposal Conemaugh Bottom Supports
Proposal Conemaugh Bottom Supports
 
Government Enterprise Architecture for New Zealand v3.1
Government Enterprise Architecture for New Zealand v3.1Government Enterprise Architecture for New Zealand v3.1
Government Enterprise Architecture for New Zealand v3.1
 
Raj Sekhar Sengupta - Resume -Final - Copy
Raj Sekhar Sengupta - Resume -Final - CopyRaj Sekhar Sengupta - Resume -Final - Copy
Raj Sekhar Sengupta - Resume -Final - Copy
 
Understanding the agricultural value chain, stakeholders and ICT application ...
Understanding the agricultural value chain, stakeholders and ICT application ...Understanding the agricultural value chain, stakeholders and ICT application ...
Understanding the agricultural value chain, stakeholders and ICT application ...
 
25 ways to reinvent your business sniukas
25 ways to reinvent your business sniukas25 ways to reinvent your business sniukas
25 ways to reinvent your business sniukas
 
What is Business Model Innovation?
What is Business Model Innovation?What is Business Model Innovation?
What is Business Model Innovation?
 
Prospective Corporate
Prospective CorporateProspective Corporate
Prospective Corporate
 

Similar to @COISSA Cloud Computing and Privacy

Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxTRSrinidi
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Shawn Tuma
 
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)AltheimPrivacy
 
"Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation "Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation MorningstarLaw
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contractsMeera Kaul
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rulessaurnou
 
cloud-security
cloud-securitycloud-security
cloud-securityAsun Sada
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore Seclore
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortzitnewsafrica
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourYasser Mohammed
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your CloudthinkASG
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfEnov8
 
12 security policies
12 security policies12 security policies
12 security policiesSaqib Raza
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkIOSR Journals
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?INSZoom
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxLokNathRegmi1
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for CybersecurityShawn Tuma
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveJanine Anthony Bowen, Esq.
 

Similar to @COISSA Cloud Computing and Privacy (20)

Security and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptxSecurity and privacy in cloud computing.pptx
Security and privacy in cloud computing.pptx
 
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
Cybersecurity and Privacy for In-House Counsel: How the New Regulations and G...
 
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
 
Cloud security - Publication
Cloud security - Publication Cloud security - Publication
Cloud security - Publication
 
"Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation "Everything as a Service" Contracts - Presentation
"Everything as a Service" Contracts - Presentation
 
Cloud computing contracts
Cloud computing contractsCloud computing contracts
Cloud computing contracts
 
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model RulesData Confidentiality, Security and Recent Changes to the ABA Model Rules
Data Confidentiality, Security and Recent Changes to the ABA Model Rules
 
cloud-security
cloud-securitycloud-security
cloud-security
 
Data-Centric Security | Seclore
Data-Centric Security | Seclore Data-Centric Security | Seclore
Data-Centric Security | Seclore
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
 
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero HourEXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
EXTERNAL - Whitepaper - 5 Steps to Weather the Zero Hour
 
White Paper: Protecting Your Cloud
White Paper: Protecting Your CloudWhite Paper: Protecting Your Cloud
White Paper: Protecting Your Cloud
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdf
 
12 security policies
12 security policies12 security policies
12 security policies
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docx
 
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure FrameworkSecurity and Privacy Issues of Cloud Computing; Solutions and Secure Framework
Security and Privacy Issues of Cloud Computing; Solutions and Secure Framework
 
Are you GDPR ready?
Are you GDPR ready?Are you GDPR ready?
Are you GDPR ready?
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
Cutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers PerspectiveCutting To The Chase: Cloud From A Customers Perspective
Cutting To The Chase: Cloud From A Customers Perspective
 

Recently uploaded

Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书E LSS
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一st Las
 
How You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaHow You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaBridgeWest.eu
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书Sir Lt
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Oishi8
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》o8wvnojp
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGPRAKHARGUPTA419620
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxsrikarna235
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfMilind Agarwal
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxsrikarna235
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxnibresliezel23
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书SD DS
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书Fir L
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxPKrishna18
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一jr6r07mb
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书SS A
 

Recently uploaded (20)

Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书一比一原版利兹大学毕业证学位证书
一比一原版利兹大学毕业证学位证书
 
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
定制(BU文凭证书)美国波士顿大学毕业证成绩单原版一比一
 
How You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad VisaHow You Can Get a Turkish Digital Nomad Visa
How You Can Get a Turkish Digital Nomad Visa
 
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书 如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
如何办理(MSU文凭证书)密歇根州立大学毕业证学位证书
 
Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126Indemnity Guarantee Section 124 125 and 126
Indemnity Guarantee Section 124 125 and 126
 
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
Sensual Moments: +91 9999965857 Independent Call Girls Vasundhara Delhi {{ Mo...
 
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
国外大学毕业证《奥克兰大学毕业证办理成绩单GPA修改》
 
Offences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKINGOffences against property (TRESPASS, BREAKING
Offences against property (TRESPASS, BREAKING
 
Test Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptxTest Identification Parade & Dying Declaration.pptx
Test Identification Parade & Dying Declaration.pptx
 
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdfWhy Every Business Should Invest in a Social Media Fraud Analyst.pdf
Why Every Business Should Invest in a Social Media Fraud Analyst.pdf
 
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptxConstitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
Constitutional Values & Fundamental Principles of the ConstitutionPPT.pptx
 
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Serviceyoung Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
young Call Girls in Pusa Road🔝 9953330565 🔝 escort Service
 
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptxQUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
QUASI-JUDICIAL-FUNCTION AND QUASI JUDICIAL AGENCY.pptx
 
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
如何办理(UCD毕业证书)加州大学戴维斯分校毕业证学位证书
 
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
如何办理美国加州大学欧文分校毕业证(本硕)UCI学位证书
 
A Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptxA Short-ppt on new gst laws in india.pptx
A Short-ppt on new gst laws in india.pptx
 
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
定制(WMU毕业证书)美国西密歇根大学毕业证成绩单原版一比一
 
一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书 一比一原版旧金山州立大学毕业证学位证书
一比一原版旧金山州立大学毕业证学位证书
 
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Greater Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 

@COISSA Cloud Computing and Privacy

  • 1. Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Updates on Cloud, Contracting, Privacy, Security, and International Privacy Issues Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com
  • 2. Outline 1. Cloud Contracting 2. Cloud Security 3. Government Access to Data in the Cloud 4. EU Safe Harbor and Transfers of Personal Data from Europe
  • 7. Contracting • Indemnification –Intellectual property –Violation of laws –Violation of agreement –Gross negligence
  • 8. Contracting • Service Levels –Availability, scheduled maintenance, emergency maintenance –Performance, response time, latency • Security –Certification –Encryption in transit, at rest, in backups
  • 9. Contracting • Vulnerabilities –Treat vulnerabilities like security breaches –Demand: • Notification • Action plan • Remediation • Mitigation
  • 10. Security in Practice • Major cloud providers implement reasonable or appropriate measure. • You are responsible for your configuration. • You get Service Levels, but no other warranties. • Liability is limited, typically to 12-month’s fees.
  • 11. Security in Practice • Major cloud providers implement reasonable or appropriate measure. • You are responsible for your configuration. • You get Service Levels, but no other warranties. • Liability is limited, typically to 12-month’s fees.
  • 12.
  • 13. Security in Practice - AWS • 3.1 AWS Security. Without limiting Section 10 or your obligations under Section 4.2, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
  • 14. Security in Practice - AWS • 4.2 Other Security and Backup. You are responsible for properly configuring and using the Service Offerings and taking your own steps to maintain appropriate security, protection and backup of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routine archiving Your Content.
  • 15. Security in Practice - AWS THE SERVICE OFFERINGS ARE PROVIDED “AS IS.” WE AND OUR AFFILIATES AND LICENSORS MAKE NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE REGARDING THE SERVICE OFFERINGS OR THE THIRD PARTY CONTENT, INCLUDING ANY WARRANTY THAT THE SERVICE OFFERINGS OR THIRD PARTY CONTENT WILL BE UNINTERRUPTED, ERROR FREE OR FREE OF HARMFUL COMPONENTS, OR THAT ANY CONTENT, INCLUDING YOUR CONTENT OR THE THIRD PARTY CONTENT, WILL BE SECURE OR NOT OTHERWISE LOST OR DAMAGED. EXCEPT TO THE EXTENT PROHIBITED BY LAW, WE AND OUR AFFILIATES AND LICENSORS DISCLAIM ALL WARRANTIES, INCLUDING ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, OR QUIET ENJOYMENT, AND ANY WARRANTIES ARISING OUT OF ANY COURSE OF DEALING OR USAGE OF TRADE.
  • 16. Security in Practice - Azure We maintain appropriate technical and organizational measures, internal controls, and data security routines intended to protect Customer Data against accidental loss or change, unauthorized disclosure or access, or unlawful destruction. Current information about our security practices can be found within the Trust Center. You are wholly responsible for configuring your Customer Solution to ensure adequate security, protection, and backup of Customer Data.
  • 17. Security in Practice - Azure We will comply with all laws applicable to our provision of the Services, including applicable security breach notification laws, but not including any laws applicable to you or your industry that are not generally applicable to information technology services providers. You will comply with all laws applicable to your Customer Solution, Customer Data, and your use of the Services, including any laws applicable to you or your industry.
  • 18. Security in Practice - Azure Limited warranty. We warrant that the Services will meet the terms of the SLAs during the Term. Your only remedies for breach of this warranty are those in the SLAs.
  • 19. Security in Practice - Azure DISCLAIMER. Other than this warranty, we provide no warranties, whether express, implied, statutory, or otherwise, including warranties of merchantability or fitness for a particular purpose. These disclaimers will apply except to the extent applicable law does not permit them.
  • 20. Privacy in the Cloud - AWS You may specify the AWS regions in which Your Content will be stored and accessible by End Users. We will not move Your Content from your selected AWS regions without notifying you, unless required to comply with the law or requests of governmental entities. You consent to our collection, use and disclosure of information associated with the Service Offerings in accordance with our Privacy Policy...
  • 22. Government Access to Data • Cybersecurity Information Sharing Act • Allows sharing of cybersecurity threat data with the DHS • Passed in Senate and House, in reaction to Sony, Anthem, and OPM breaches • Broad sharing of personal information with the government with few privacy protection in place
  • 24. Possible Alternatives • Standard Contractual Clauses (Model Clauses) • Binding Corporate Rules • Derogations in Law –Necessary for performance of contract –Unambiguous, informed, freely given, specific consent • January 31, 2016 deadline by European privacy regulators
  • 25. General Data Protection Regulation • EU member states in final stages of negotiations • Expected in the next year or so • Includes data breach notification obligation • Fines as high as 2% of annual turnover
  • 26. Dino Tsibouris (614) 360-3133 Dino@Tsibouris.com Mehmet Munur (614) 859-6962 Mehmet.Munur@Tsibouris.com Questions & Answers

Editor's Notes

  1. Dino
  2. Lets move to cloud contracting…