J M, profile picture
Uploaded byJ M
PPTX, PDF884 views

IS4233 Final Presentation

The document discusses legal issues surrounding service level agreements (SLAs) for Infrastructure as a Service (IaaS) vendors, highlighting contractual obligations, liability concerns, and case studies of breaches. It emphasizes the need for clear, performance-based SLAs and explores various legal challenges, including ambiguity in service uptime, vendor liability exclusions, and customer-defined security policies. Proposed solutions aim to address these issues while fostering trust between customers and vendors in the IaaS cloud services sector.

Embed presentation

Downloaded 12 times
Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors Clement Low Jun Xian Loh Soon Bock Kang Jie Min Tan Tze Jun
Introduction IaaS Cloud What is IaaS? 3rd Party Virtualization of Physical Hardware • Reduced Cost of Ownership • Elimination of Hardware Procurement Cloud Customer IaaS Vendor SLA Physical Assets << bound by >> Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 2
Considerations & Concerns about IaaS Geographi c Location Legal Aspects of Contractu al Obligation s all these How can Customer Data be addressed? • Confidentialit y • Integrity • Availability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 3
Presentation Agenda 1. IaaS Service Level Agreements (SLAs) 2. Relevance of IaaS SLA in Legal Context 3. Categories of Legal Issues in IaaS SLA 4. Categorical Elaboration of Legal Issues 5. Court Case Analysis 6. Vendor SLAs: Legal Issues & Solutions 7. Solutions to Unaddressed Legal Issues 8. Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 4
IaaS Service Level Agreements (SLAs) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 5
IaaS Service Level Agreements (SLAs) Binding negotiated document States the minimum level of service to be provided Entitlement to damages Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors www.themegallery.com 6 Company Logo
Relevance of IaaS SLA in Legal Context Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 7
Relevance of IaaS SLA in Legal Context • Legal dispute related to IaaS in the USA • Unavailable hours in ALL IaaS cloud service providers TRIPLED in 2012 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 8
Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 9
Categories of Legal Issues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 10
Categorical Elaboration of Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 11
Categorical Elaboration of Legal Issues Availability • Monitoring of Service Uptime • Service Uptime Percentage Ambiguity • Vendor’s Reluctance to Fix Problems • Delays in Server Maintenance • Availability Calculation Based on Contiguous Blocks of Downtime Periods Reliability • Security Mechanism Put in Place & Mean Time for Recovery (MTR) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 12
Categorical Elaboration of Legal Issues General Liability • Exclusion of Direct Liability • Personnel with Access to Customer Data & Security Of Hardware Containing Customer Data • Secure Erasure of Data from Decommissioned Resource Unit • Availability of Redundant Systems for Storing Customer Data • Involvement of Customer(s) in Investigating Breaches • Location Of Customer Data • Chained Liability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 13
Categorical Elaboration of Legal Issues Expressed Warranties • Reserving the right to Change Agreement Term • Vendor Service Credits as the Sole Remedy for any Contractual Breaches Implied Warranties • Granting of Compensation through Claim Submission • Time Zone for Time-Sensitive or Dependent Terms • Resolution of Software Bugs & Defects • Customer-Defined Security Policies • Notification of Services and Infrastructure Events or Breaches Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 14
Court Case Analysis Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 15
Court Case Analysis (Background) • Gimme The Best, L.L.C (Plaintiff) vs. Sungard Vericenter, INC. (Defendant) • Breach of contract due to numerous breakdown of Defendant systems in 3 separate occasions • Slow Performance • Data Loss • Hardware malfunctions • Worst breach happened in Dec 2006 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 16
Court Case Analysis (Legal Issues) • Material Misrepresentation • Breach of agreement term • Does the 3 breaches constitutes as a single breach or multiple breaches of contract? • Defendant’s Limited Liabilities • Plaintiff’s Remedies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 17
Vendor SLAs: Legal Issues & Solutions Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 18
Vendor SLAs: Legal Issues & Solutions Legal Issue: Monitoring of Percentage Uptime • Amazon and VMware • Measured based on IaaS vendor infrastructure • Uptime vs Availability • Excuse for them to escape liability Solution 1. External audit by certified company 2. Provision of common monitoring tools to customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 19
Vendor SLAs: Legal Issues & Solutions Legal Issue: Exclusion of Direct Liability • Amazon Specific Terms • Failures that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control) • Failures that result from failures of individual instances or volumes not attributable to Region Unavailability. • HP Cloud Compute Specific Terms • Reserve the rights to withhold credit if it cannot verify the downtime or customer cannot show that they were adversely affected in any way as a result of the downtime • Require to contact HP and make a report within 30 days of the end of the month in which availability was not met Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 20
Vendor SLAs: Legal Issues & Solutions … continued … Solution • Difficult to negotiate the SLA terms in the capacity of an individual • Corporate Customers have to negotiate if they feel that exclusions are unreasonable. • IaaS vendor have to weigh their exclusion against Customer’s interest to entice more customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 21
Vendor SLAs: Legal Issues & Solutions Legal Issue: Unilateral change of agreement terms by the IaaS Vendor • Amazon and VMware • Terms in the SLA are subjected to changes in accordance to agreements Solution • Provide clear and sufficient notice to customers • Continue to honour existing contract terms • Provide a chance for customers to repudiate contract • Change warranties (not conditions) and provide compensations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 22
Solutions to Unaddressed Legal Issues Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 23
Solutions to Unaddressed Legal Issues Issue: Vendor’s Reluctance to Fix Problem • Incapable of supporting request which cause downtime • Expensive to rectify • Prefer to pay service credit than to rectify the problem Solution • Treated as a breach of condition • Right to terminate contract • Legal action Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 24
Solutions to Unaddressed Legal Issues Issue: Missing SLA Clause for Service Performance • Critical to customers that process time-sensitive requests. • Monitoring Performance-related metrics • Burden of proof Solution • States the hardware specification clearly and concisely • Includes Performance-related metrics to measure the performance level • Includes the monitoring methods Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 25
Solutions to Unaddressed Legal Issues Issue: Customer-defined Security Policies • Critical to customers to implement their security policies • May clash with the vendor’s security policies Solution • The IaaS vendor can offer tiers of services that has various security profiles • Allow the customer to select their most suited security profile • The IaaS vendor’s policies will not interfere with customer’s security policies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 26
Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 27
Solutions to Unaddressed Legal Issues Issue: Notification of Events/Breaches Related to Services & Infrastructure • Customers should receive notifications of breaches or events even if it is unconfirmed • Allow customers to preempt for any possible impacts or damage Solution • Categorize different type of events that may occur • Allow customers to opt-in for notifications in addition to confirmed breaches or events • IaaS vendor can exclude any claims from customers arising from false notifications Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 28
Conclusion Let’s Re-Cap We Defined IaaS SLA • What it is • Service Level Quality • Why it is gaining traction • Warranties Legal Issues • Liabilities Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 29
Conclusion We found that… Few, if not NONE, offer performancebased SLAs Induce the inherent legal issues in SLAs by setting terms that are skewed to their interests IaaS Vendors Have a reactive approach towards SLA violations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 30
Conclusion Our perspectives… The solutions we proposed work in the interests of IaaS customers and simultaneously assist vendors in resolving their legal dilemmas. We believe that IaaS SLAs can be legally favorable to both customers and vendors alike. Well crafted SLAs help to foster customer-vendor trust & confidence in the IaaS cloud services industry. Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 31
Thank you for your attention! Any questions? Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 32

More Related Content

PPTX
Continuous Compliance Monitoring
byControlCase
 
PPTX
Commercial Insurance Underwriting Business Process As Is Current State Diagra...
byTheresa Leopold
 
PPT
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
byMeyers Nave
 
PPTX
General Data Protection Regulation (GDPR)
byControlCase
 
PPTX
Vendor risk management webinar 10022019 v1
byControlCase
 
PDF
Managed services rla 2011 a (1)
byTapas Shome
 
PDF
NAIC MAR Compliance Solutions
byMetricStream Inc
 
PDF
Benefits of Software Asset Management
byIskandar Ahmat
 
Continuous Compliance Monitoring
byControlCase
 
Commercial Insurance Underwriting Business Process As Is Current State Diagra...
byTheresa Leopold
 
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
byMeyers Nave
 
General Data Protection Regulation (GDPR)
byControlCase
 
Vendor risk management webinar 10022019 v1
byControlCase
 
Managed services rla 2011 a (1)
byTapas Shome
 
NAIC MAR Compliance Solutions
byMetricStream Inc
 
Benefits of Software Asset Management
byIskandar Ahmat
 

What's hot

PPTX
Secrets for Successful Regulatory Compliance Projects
byChristopher Foot
 
PPT
Kathryn Wetherell
byArk Group Australia Pty Ltd
 
PDF
Newgen Insurance Spectrum
byRahul Bhatia
 
PPTX
PCI DSS and PA DSS Compliance
byControlCase
 
PPTX
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
byControlCase
 
PPTX
Vendor Management for PCI DSS, HIPAA, and FFIEC
byControlCase
 
PPTX
Docker container webinar final
byControlCase
 
PPT
Insurance Vertical Presentation
byMurty NSN
 
PPTX
Continuous Compliance Monitoring
byControlCase
 
PPTX
PCI DSS Business as Usual (BAU)
byControlCase
 
Secrets for Successful Regulatory Compliance Projects
byChristopher Foot
 
Kathryn Wetherell
byArk Group Australia Pty Ltd
 
Newgen Insurance Spectrum
byRahul Bhatia
 
PCI DSS and PA DSS Compliance
byControlCase
 
Vendor Management for PCI DSS; EI3PA; HIPAA and FFIEC
byControlCase
 
Vendor Management for PCI DSS, HIPAA, and FFIEC
byControlCase
 
Docker container webinar final
byControlCase
 
Insurance Vertical Presentation
byMurty NSN
 
Continuous Compliance Monitoring
byControlCase
 
PCI DSS Business as Usual (BAU)
byControlCase
 

Similar to IS4233 Final Presentation

PDF
Week 3 lecture material cc
byAnkit Gupta
 
PPT
Service level agreement in cloud computing
byletheya
 
PDF
A Study On Service Level Agreement Management Techniques In Cloud
byTracy Drey
 
PPT
Legal issues in cloud computing
byRitambhara Agrawal
 
PPT
Legal issues in cloud computing
bymovinghats
 
PPTX
Cloud sla
byShashank Pathak
 
PPT
Cloud computing & service level agreements
byCade Zvavanjanja
 
PPTX
Cloud SLAs: Present and Future
bySalman Baset
 
DOCX
Topic The top 5 details that should be included in your cloud SLA..docx
byjuliennehar
 
PDF
Reservoir sla@soi-interop-tech report
bypsanjeev
 
PDF
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
byNeil Ende
 
PPTX
SaaS U - Nine Burning Legal Issues
bymwhitener
 
PPTX
sla nptl.pptx
byMunmunSaha7
 
PPTX
Service level agreement in cloud computing an overview
byDr Neelesh Jain
 
PDF
A FRAMEWORK FOR SOFTWARE-AS-A-SERVICE SELECTION AND PROVISIONING
byIJCNCJournal
 
PDF
SHRI RAMSWAROOP MEMORIAL UNIVERSITY LUCKNOW-DEVA ROAD UTTAR PRADES (1).pdf
byAayushTiwari73
 
PPTX
Service Level Agreements INFMAN
byDaren Stratton
 
PDF
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
byChris Purrington
 
DOCX
We are going to explore the Web regarding cloud service level agre.docx
byendawalling
 
PDF
OverviewoflegallandscapeFirstinterimreport
byAleksander Wiatrowski
 
Week 3 lecture material cc
byAnkit Gupta
 
Service level agreement in cloud computing
byletheya
 
A Study On Service Level Agreement Management Techniques In Cloud
byTracy Drey
 
Legal issues in cloud computing
byRitambhara Agrawal
 
Legal issues in cloud computing
bymovinghats
 
Cloud sla
byShashank Pathak
 
Cloud computing & service level agreements
byCade Zvavanjanja
 
Cloud SLAs: Present and Future
bySalman Baset
 
Topic The top 5 details that should be included in your cloud SLA..docx
byjuliennehar
 
Reservoir sla@soi-interop-tech report
bypsanjeev
 
TLG Keep Your Head IN the Cloud Webinar (05-05-15)
byNeil Ende
 
SaaS U - Nine Burning Legal Issues
bymwhitener
 
sla nptl.pptx
byMunmunSaha7
 
Service level agreement in cloud computing an overview
byDr Neelesh Jain
 
A FRAMEWORK FOR SOFTWARE-AS-A-SERVICE SELECTION AND PROVISIONING
byIJCNCJournal
 
SHRI RAMSWAROOP MEMORIAL UNIVERSITY LUCKNOW-DEVA ROAD UTTAR PRADES (1).pdf
byAayushTiwari73
 
Service Level Agreements INFMAN
byDaren Stratton
 
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
byChris Purrington
 
We are going to explore the Web regarding cloud service level agre.docx
byendawalling
 
OverviewoflegallandscapeFirstinterimreport
byAleksander Wiatrowski
 

More from J M

PDF
Shodan
byJ M
 
PPTX
IS3242 Case Presentation
byJ M
 
PPTX
IS3102 Final Presentation [AY2013/2014 Sem 1]
byJ M
 
PPTX
IS4203 Case Presentation
byJ M
 
PPTX
IS3101 Tutorial Task 2
byJ M
 
PPTX
IS3101 Final Presentation
byJ M
 
PPTX
IS3220 Mid-Term Presentation
byJ M
 
PPTX
IS2101 Oral Presentation
byJ M
 
PPTX
IS3220 Final Presentation
byJ M
 
PPTX
IS1105 Final Presentation
byJ M
 
Shodan
byJ M
 
IS3242 Case Presentation
byJ M
 
IS3102 Final Presentation [AY2013/2014 Sem 1]
byJ M
 
IS4203 Case Presentation
byJ M
 
IS3101 Tutorial Task 2
byJ M
 
IS3101 Final Presentation
byJ M
 
IS3220 Mid-Term Presentation
byJ M
 
IS2101 Oral Presentation
byJ M
 
IS3220 Final Presentation
byJ M
 
IS1105 Final Presentation
byJ M
 

Recently uploaded

PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PPTX
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
PDF
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
Workflow and decision Automation with Flowable
bychakib ch
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
How AI Can Help Platform Engineers Build Better Platforms
byAll Things Open
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
GenerationAI Paris 2025 | AI in Tech: Beyond Expectations, Into Execution
byapidays
 
UiPath Modern Automation Playbook -Session 2
bysuhanisingh58689
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
How does MES(Manufacturing Execution System) work?
byakipii ogaoga
 
apidays New York 2025 | AI in Application Security
byapidays
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
Workflow and decision Automation with Flowable
bychakib ch
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 

IS4233 Final Presentation

  • 1.
    Legal Issues Concerningthe Service Level Agreements (SLAs) of IaaS Vendors Clement Low Jun Xian Loh Soon Bock Kang Jie Min Tan Tze Jun
  • 2.
    Introduction IaaS Cloud What isIaaS? 3rd Party Virtualization of Physical Hardware • Reduced Cost of Ownership • Elimination of Hardware Procurement Cloud Customer IaaS Vendor SLA Physical Assets << bound by >> Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 2
  • 3.
    Considerations & Concernsabout IaaS Geographi c Location Legal Aspects of Contractu al Obligation s all these How can Customer Data be addressed? • Confidentialit y • Integrity • Availability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 3
  • 4.
    Presentation Agenda 1. IaaS ServiceLevel Agreements (SLAs) 2. Relevance of IaaS SLA in Legal Context 3. Categories of Legal Issues in IaaS SLA 4. Categorical Elaboration of Legal Issues 5. Court Case Analysis 6. Vendor SLAs: Legal Issues & Solutions 7. Solutions to Unaddressed Legal Issues 8. Conclusion Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 4
  • 5.
    IaaS Service Level Agreements (SLAs) Legal IssuesConcerning the Service Level Agreements (SLAs) of IaaS Vendors 5
  • 6.
    IaaS Service LevelAgreements (SLAs) Binding negotiated document States the minimum level of service to be provided Entitlement to damages Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors www.themegallery.com 6 Company Logo
  • 7.
    Relevance of IaaS SLAin Legal Context Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 7
  • 8.
    Relevance of IaaSSLA in Legal Context • Legal dispute related to IaaS in the USA • Unavailable hours in ALL IaaS cloud service providers TRIPLED in 2012 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 8
  • 9.
    Categories of Legal Issuesin IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 9
  • 10.
    Categories of LegalIssues in IaaS SLA Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 10
  • 11.
    Categorical Elaboration of Legal Issues LegalIssues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 11
  • 12.
    Categorical Elaboration ofLegal Issues Availability • Monitoring of Service Uptime • Service Uptime Percentage Ambiguity • Vendor’s Reluctance to Fix Problems • Delays in Server Maintenance • Availability Calculation Based on Contiguous Blocks of Downtime Periods Reliability • Security Mechanism Put in Place & Mean Time for Recovery (MTR) Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 12
  • 13.
    Categorical Elaboration ofLegal Issues General Liability • Exclusion of Direct Liability • Personnel with Access to Customer Data & Security Of Hardware Containing Customer Data • Secure Erasure of Data from Decommissioned Resource Unit • Availability of Redundant Systems for Storing Customer Data • Involvement of Customer(s) in Investigating Breaches • Location Of Customer Data • Chained Liability Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 13
  • 14.
    Categorical Elaboration ofLegal Issues Expressed Warranties • Reserving the right to Change Agreement Term • Vendor Service Credits as the Sole Remedy for any Contractual Breaches Implied Warranties • Granting of Compensation through Claim Submission • Time Zone for Time-Sensitive or Dependent Terms • Resolution of Software Bugs & Defects • Customer-Defined Security Policies • Notification of Services and Infrastructure Events or Breaches Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 14
  • 15.
    Court Case Analysis Legal IssuesConcerning the Service Level Agreements (SLAs) of IaaS Vendors 15
  • 16.
    Court Case Analysis(Background) • Gimme The Best, L.L.C (Plaintiff) vs. Sungard Vericenter, INC. (Defendant) • Breach of contract due to numerous breakdown of Defendant systems in 3 separate occasions • Slow Performance • Data Loss • Hardware malfunctions • Worst breach happened in Dec 2006 Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 16
  • 17.
    Court Case Analysis(Legal Issues) • Material Misrepresentation • Breach of agreement term • Does the 3 breaches constitutes as a single breach or multiple breaches of contract? • Defendant’s Limited Liabilities • Plaintiff’s Remedies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 17
  • 18.
    Vendor SLAs: Legal Issues& Solutions Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 18
  • 19.
    Vendor SLAs: LegalIssues & Solutions Legal Issue: Monitoring of Percentage Uptime • Amazon and VMware • Measured based on IaaS vendor infrastructure • Uptime vs Availability • Excuse for them to escape liability Solution 1. External audit by certified company 2. Provision of common monitoring tools to customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 19
  • 20.
    Vendor SLAs: LegalIssues & Solutions Legal Issue: Exclusion of Direct Liability • Amazon Specific Terms • Failures that result from your equipment, software or other technology and/or third party equipment, software or other technology (other than third party equipment within our direct control) • Failures that result from failures of individual instances or volumes not attributable to Region Unavailability. • HP Cloud Compute Specific Terms • Reserve the rights to withhold credit if it cannot verify the downtime or customer cannot show that they were adversely affected in any way as a result of the downtime • Require to contact HP and make a report within 30 days of the end of the month in which availability was not met Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 20
  • 21.
    Vendor SLAs: LegalIssues & Solutions … continued … Solution • Difficult to negotiate the SLA terms in the capacity of an individual • Corporate Customers have to negotiate if they feel that exclusions are unreasonable. • IaaS vendor have to weigh their exclusion against Customer’s interest to entice more customers Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 21
  • 22.
    Vendor SLAs: LegalIssues & Solutions Legal Issue: Unilateral change of agreement terms by the IaaS Vendor • Amazon and VMware • Terms in the SLA are subjected to changes in accordance to agreements Solution • Provide clear and sufficient notice to customers • Continue to honour existing contract terms • Provide a chance for customers to repudiate contract • Change warranties (not conditions) and provide compensations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 22
  • 23.
    Solutions to Unaddressed Legal Issues LegalIssues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 23
  • 24.
    Solutions to UnaddressedLegal Issues Issue: Vendor’s Reluctance to Fix Problem • Incapable of supporting request which cause downtime • Expensive to rectify • Prefer to pay service credit than to rectify the problem Solution • Treated as a breach of condition • Right to terminate contract • Legal action Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 24
  • 25.
    Solutions to UnaddressedLegal Issues Issue: Missing SLA Clause for Service Performance • Critical to customers that process time-sensitive requests. • Monitoring Performance-related metrics • Burden of proof Solution • States the hardware specification clearly and concisely • Includes Performance-related metrics to measure the performance level • Includes the monitoring methods Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 25
  • 26.
    Solutions to UnaddressedLegal Issues Issue: Customer-defined Security Policies • Critical to customers to implement their security policies • May clash with the vendor’s security policies Solution • The IaaS vendor can offer tiers of services that has various security profiles • Allow the customer to select their most suited security profile • The IaaS vendor’s policies will not interfere with customer’s security policies Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 26
  • 27.
    Conclusion Legal Issues Concerningthe Service Level Agreements (SLAs) of IaaS Vendors 27
  • 28.
    Solutions to UnaddressedLegal Issues Issue: Notification of Events/Breaches Related to Services & Infrastructure • Customers should receive notifications of breaches or events even if it is unconfirmed • Allow customers to preempt for any possible impacts or damage Solution • Categorize different type of events that may occur • Allow customers to opt-in for notifications in addition to confirmed breaches or events • IaaS vendor can exclude any claims from customers arising from false notifications Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 28
  • 29.
    Conclusion Let’s Re-Cap We Defined IaaS SLA • Whatit is • Service Level Quality • Why it is gaining traction • Warranties Legal Issues • Liabilities Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 29
  • 30.
    Conclusion We found that… Few,if not NONE, offer performancebased SLAs Induce the inherent legal issues in SLAs by setting terms that are skewed to their interests IaaS Vendors Have a reactive approach towards SLA violations Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 30
  • 31.
    Conclusion Our perspectives… The solutionswe proposed work in the interests of IaaS customers and simultaneously assist vendors in resolving their legal dilemmas. We believe that IaaS SLAs can be legally favorable to both customers and vendors alike. Well crafted SLAs help to foster customer-vendor trust & confidence in the IaaS cloud services industry. Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 31
  • 32.
    Thank you foryour attention! Any questions? Legal Issues Concerning the Service Level Agreements (SLAs) of IaaS Vendors 32

Editor's Notes

  • #15 ----- Meeting Notes (15/11/13 21:23) -----ded
  • #25 Thank you Clement. I will now touch on the Solutions to Unaddressed Legal IssuesFirstly, we have the vendor’s Reluctance to Fix ProblemsThis issue arises when the vendors are not willing to fix the problems that may causes downtime or unsatisfactory performance in their services. One of the possible reason is that the problem might be too expensive to rectify or the problem is too remote to justify the reason for fixing it.The vendors will then rather to pay service credits than fixing the problems since the costs outweighs the benefits.In order for the customers to prevent such issue to happen,They have to ensure that there is a condition clause in the SLA that the vendors must ensure that they will do their best in resolving any known issues that is publicly/commercially available. Otherwise, they have the rights to terminate the contracts and sue them for breach of contract. This will ensure that the vendors will try to resolve the issue that is within their capability
  • #26 Moving on, that is Missing SLA Clause for Service Performance.In most of the SLAs today including the above mentioned SLAs, there is no Performance clauses in the SLA. For time-sensitive requests, performance is critical to the customers to ensure that the response are timely and accurate.Average Response time and Network bandwidth are some of the Performance-related metrics. The questions now lies on how to monitor this metrics by the customers or vendors and who is required to prove the breach?To resolve such issueThe customers have to negotiate with the vendors to add in the performance clause in the SLA. If the customer expects to have certain hardware specification to be provided for the service, it is recommended to put in the SLA or other contract agreement.This is to prevent the same legal issue that happened in the fore mentioned legal case where the hardware provided are not in good working condition.It is best to quantify the performance level that is required for the service clearly and concisely using the specific metrics.Methods of performance measurement tools or software is best to be stated so that there will be no dispute when presenting the proofs.
  • #27 Following on, Customer-Defined Security PoliciesIt is imperative to have effective security policies and implementation nowadays to protect our information and processes. Likewise, customers will want to have their own security policies rather than the vendors to protect their instances.However, vendors security policies might not complement with the customers security policies.This may caused the customers not able to implement it and worst of all, it might have security loophole due to the incompatibility.To rectify such a problem,IaaS can offer different tiers of services that has various security profiles.At each service level, the customers can choose the most suited security profiles to their needs.Most importantly, the IaaS vendors security policies should not interfere with the customer’s security policies. It should be able to complement with each other and close as much security loopholes as possible.
  • #29 Lastly, Notification of Events/Breaches Related to Services &amp; InfrastructureIn an event of security breach, vendors can remain silent and try to resolve the issue in their own hands so as to protect their reputation since it is not stated in the SLA that the vendors must notify the customers about such incidentsCustomers data might have been compromised due to the breach and they are left not notified.It could be possible that the customers able to preempt any possible impacts or damage if they are notified early by the vendors even if it is unconfirmed.However, customers may want to just receive specific breaches so that they are not spammed by the notification for every minor breachesTo address this issueThe vendors can firstly classify the different type of event and breaches and allow customers to choose what type of breaches they wish to be notified.This will help the customers to able to get the notification timely and accurately. Thus, this will provide them ample time to put in more strict security measures to protect their information.To protect the IaaS vendor’s interest, they should exclude any claims from customers arising from false alarms as it is very likely to happen. This notification is sent for the benefits of the customers. It is their sole responsibility on how to act in regards to the notification.