SlideShare a Scribd company logo

Legal nuances to the cloud

Download as PPTX, PDF
Ritambhara Agrawal
Ritambhara Agrawal

Legal issues in Cloud Computing, like security and privacy of the data, confidentiality and ownership of the data, jurisdiction for resolution of the disputes, service level agreements between the parties, compliances like HIPPA, SOX and others, threats induced by attacks, risks in cloud computing and the mitigation strategy

Technology
1 of 15
LEGAL NUANCES TO THE CLOUD CLUBHACK 2012 RITAMBHARA AGRAWAL 01 DECEMBER 2012
ISSUES, RISKS & MITIGATION • Encryption of • Security & Data Privacy of Data • Define each • Confidentiality Risks Party’s liability • Ownership • Pre-contract due- • Liability • Loss of Data diligence, contra • Attacks ct • Choice of Law • Compliances negotiation, pos • Disclosure of • Contracts trade secrets t-contract • Termination & monitoring, ter • Recovery Exit mination • Data • Jurisdiction • Right to Audit to Segregation check location & • Portability compliances Legal Issues • Sharing of Data with 3rd Party Mitigation 2
LEGAL CHALLENGES IN CLOUD SECURITY COMPLIANCES JURISDICTION CONTRACTUAL LEGAL ISSUES TERMINATION LIMITATIONS & EXIT ATTACKS OWNERSHIP 3
SECURITY & PRIVACY Security & Privacy Physical Location of the data centers Encryption of Data Multi-tenant architecture Adversity and intrusion Data mining by the service provider Access rights management Different user data are usually stored on a single virtual server Multiple virtual servers run on a single physical server 4
SERVICE LEVEL AGREEMENTS Service Level Agreements Non-negotiable SLAs (often click wrap agreements) If the SLA is non-negotiable, higher degree of reporting should be integrated in the Agreement Additional options for termination should be available Little opportunity to conduct due diligence Strong limits on liability are included (including direct liability) Terms often subject to change without prior intimation Risk is usually shifted to user through provider friendly agreements 5
MULTIPLE PARTIES Involvement of multiple parties makes onus & liability shift on one another Multiple Parties Liability of sub-contractors is often limited or disclaimed in entirety Lack of contractual privity makes it difficult to make the provider accountable for any breach Liability of provider for the acts of the sub-contractor Right to conduct due diligence and to understand the model of delivery of services should be given to the customer. 6
DATA PROTECTION, RIGHTS & USAGE Data Protection & IP Rights Define data clearly, it’s not standard that all data belongs to the customer Specify ownership rights Define rights granted and the restrictions to monitor and access data by the provider Third-party access to the data Non-Disclosure Agreement with the service provider Ensuring no rights are transferred to the service provider Ensure if back up and transfer of data is permitted 7
JURISDICTION Cross-Border Data Flow Data flows across various borders Cloud servers located in different countries, location of data is uncertain Complications of conflicting laws Dispute can be subject to various countries legal system Jurisdictional Issues & Dispute Resolution Mechanism 8
COMPLIANCES Country and data specific compliances The owner is equally liable as the service provider to ensure compliance of law Compliances HIPPA, SOX, SAS 70 I & II, GLB, PCI DSS, FERPA and State Laws Eg. HIPPA mandates standard practices to ensure security, confidentiality and data integrity for healthcare-related data Default in the respective compliances can bring in legal implications 9
TERMINATION & EXIT Termination & Exit Interoperability of data after termination Data portability from one vendor another and bringing it entirely back-in house In case of exit, can the records be successfully accessed? Can data be extracted from the cloud Obligations of each party in case of exit 10
ATTACKS Hacking, virus, malware disruptions, browser attacks, tampering, network security attacks, SQL Injection Attacks Inducing threats, like data & network security, data locality, data integrity, data access, data segregation Authorization & authentication, data confidentiality, web application security, data breaches, availability & back-up 11
CASE STUDIES- SONY Attacks on Customers Dozen data Sony reusing breaches, ong Sony laid off Failure to PlayStation passwords, ris oing customer many of its protect over Network, Son ks from relations security 100 million y Online attackers fallout & personnel user records Entertainment accessing class-action & Sony their other lawsuits. Pictures accounts also 12
CASE STUDIES • Spear-phishing attack leading to breach affecting it’s clients and customer’s data EPSILON • Approximately 60 million customer email addresses were breached • Lesson: The Company outsourcing the job is equally responsible for security of the customer data • Hackers used SQL attack method to access the database that fed the server hosting the site • Exposing 4,50,000 usernames and passwords YAHOO • Yahoo didn’t store the data in cryptographic form and left it in plain text making it vulnerable to attack • Hackers breached the site, stealing more than 6million customer’s passwords, which were very lightly encrypted & posted them on a LINKEDIN Russian hacker forum 13
MITIGATION OF RISK • Evaluation of service provider’s security policy Security • Encryption to protect confidentiality & integrity of data • Suspected data breach must be addressed • Identifying relative risks between the parties, like ownership of data, data protection guidelines, trade secrets, indemnities, jurisdiction • Pre-contract due-diligence, negotiable SLA Contract • Planned & unplanned termination of the Agreement & return of data & assets • Liability of each party in the event of breach of contract • Ownership of data • Right to audit to check the compliances Audit • To check the location of the data to ensure compliance of legal & statutory provisions 14
Thank you INDIA A-42/6, Sector-62, Noida-201301 Tel: +91-0120-47040722, +91 -0120-4740700 Fax: + 91 11 2741 8595 USA Suite 119, 2 Davis Drive, Research Triangle Park, Durham (NC)-27709 Ph: 1 262 432 1718; Fax: 1 877 895 9706 E-mail: info@intelligere.in www.intelligere.in 15

Recommended

Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
Yarko Petriw
 
Self-Protecting Information for De-Perimiterised Electronic Relationships
Self-Protecting Information for De-Perimiterised Electronic RelationshipsSelf-Protecting Information for De-Perimiterised Electronic Relationships
Self-Protecting Information for De-Perimiterised Electronic Relationships
Jeremy Hilton
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security Regulations
Source Conference
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottrea
Collaborative Health Consortium
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Ben Omoakin Oguntala, developingafrica(dot)net
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
Managing Bankruptcy And Restructuring More Effectively
Managing Bankruptcy And Restructuring More EffectivelyManaging Bankruptcy And Restructuring More Effectively
Managing Bankruptcy And Restructuring More Effectively
Alasdair Kilgour
 
Pay secure connect brochure
Pay secure connect brochurePay secure connect brochure
Pay secure connect brochure
scottamc26
 

Recommended

Under Lock And Key
Under Lock And KeyUnder Lock And Key
Under Lock And Key
Yarko Petriw
 
Self-Protecting Information for De-Perimiterised Electronic Relationships
Self-Protecting Information for De-Perimiterised Electronic RelationshipsSelf-Protecting Information for De-Perimiterised Electronic Relationships
Self-Protecting Information for De-Perimiterised Electronic Relationships
Jeremy Hilton
 
David Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security RegulationsDavid Snead - Nailing Down Security Regulations
David Snead - Nailing Down Security Regulations
Source Conference
 
E collaborationscottrea
E collaborationscottreaE collaborationscottrea
E collaborationscottrea
Collaborative Health Consortium
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
Ben Omoakin Oguntala, developingafrica(dot)net
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
Avirot Mitamura
 
Managing Bankruptcy And Restructuring More Effectively
Managing Bankruptcy And Restructuring More EffectivelyManaging Bankruptcy And Restructuring More Effectively
Managing Bankruptcy And Restructuring More Effectively
Alasdair Kilgour
 
Pay secure connect brochure
Pay secure connect brochurePay secure connect brochure
Pay secure connect brochure
scottamc26
 
USIP Presentation of ISR Mobile Land Dispute Resolution
USIP Presentation of ISR Mobile Land Dispute ResolutionUSIP Presentation of ISR Mobile Land Dispute Resolution
USIP Presentation of ISR Mobile Land Dispute Resolution
internetbar
 
Ariba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignaturesAriba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignatures
SAP Ariba
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric Overview
Centuric
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
Sebastien Taveau ஃ
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Customer in control
Customer in controlCustomer in control
Customer in control
Francisco J. Jariego, PhD.
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
KVH Co. Ltd.
 
Secure on demand from cdg
Secure on demand from cdgSecure on demand from cdg
Secure on demand from cdg
Shekar N.
 
First Data Trans Armor
First Data Trans ArmorFirst Data Trans Armor
First Data Trans Armor
Joshua Willis
 
Enterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal CommunityEnterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal Community
Alasdair Kilgour
 
Identity systems
Identity systemsIdentity systems
Identity systems
Jim Fenton
 
Postpay form-ts n-cs
Postpay form-ts n-csPostpay form-ts n-cs
Postpay form-ts n-cs
Walukhu Kituyi
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210
Alasdair Kilgour
 
Security for heterogeneous enviroments
Security for heterogeneous enviromentsSecurity for heterogeneous enviroments
Security for heterogeneous enviroments
Federman Hoyos
 
Rights Technologies for E-Publishing
Rights Technologies for E-PublishingRights Technologies for E-Publishing
Rights Technologies for E-Publishing
GiantSteps Media Technology Strategies
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
MMMTechLaw
 
Credexo IDM
Credexo IDMCredexo IDM
Credexo IDM
siadehghan
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
Ritambhara Agrawal
 
Trademark Registration
Trademark RegistrationTrademark Registration
Trademark Registration
Ritambhara Agrawal
 
Entry strategies for foreign companies
Entry strategies for foreign companiesEntry strategies for foreign companies
Entry strategies for foreign companies
Ritambhara Agrawal
 
Legal nuances to the cloud
Legal nuances to the cloudLegal nuances to the cloud
Legal nuances to the cloud
Ritambhara Agrawal
 
Greenfield airport
Greenfield airportGreenfield airport
Greenfield airport
Ritambhara Agrawal
 

More Related Content

What's hot

Ariba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignaturesAriba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignatures
SAP Ariba
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric Overview
Centuric
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
CloudPassage
 
Enterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal CommunityEnterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal Community
Alasdair Kilgour
 
Identity systems
Identity systemsIdentity systems
Identity systems
Jim Fenton
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210
Alasdair Kilgour
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
MMMTechLaw
 

What's hot (17)

USIP Presentation of ISR Mobile Land Dispute Resolution
USIP Presentation of ISR Mobile Land Dispute ResolutionUSIP Presentation of ISR Mobile Land Dispute Resolution
USIP Presentation of ISR Mobile Land Dispute Resolution
 
Ariba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignaturesAriba Knowledge Nuggets: eSignatures
Ariba Knowledge Nuggets: eSignatures
 
Centuric Overview
Centuric OverviewCenturic Overview
Centuric Overview
 
Taveau cartes2012 speaker
Taveau cartes2012 speakerTaveau cartes2012 speaker
Taveau cartes2012 speaker
 
What You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud GuidelinesWhat You Need To Know About The New PCI Cloud Guidelines
What You Need To Know About The New PCI Cloud Guidelines
 
Customer in control
Customer in controlCustomer in control
Customer in control
 
Cloud Security: Perception VS Reality
Cloud Security: Perception VS RealityCloud Security: Perception VS Reality
Cloud Security: Perception VS Reality
 
Secure on demand from cdg
Secure on demand from cdgSecure on demand from cdg
Secure on demand from cdg
 
First Data Trans Armor
First Data Trans ArmorFirst Data Trans Armor
First Data Trans Armor
 
Enterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal CommunityEnterprise Collaboration For The Legal Community
Enterprise Collaboration For The Legal Community
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Postpay form-ts n-cs
Postpay form-ts n-csPostpay form-ts n-cs
Postpay form-ts n-cs
 
Construction Project Collaboration 030210
Construction Project Collaboration 030210Construction Project Collaboration 030210
Construction Project Collaboration 030210
 
Security for heterogeneous enviroments
Security for heterogeneous enviromentsSecurity for heterogeneous enviroments
Security for heterogeneous enviroments
 
Rights Technologies for E-Publishing
Rights Technologies for E-PublishingRights Technologies for E-Publishing
Rights Technologies for E-Publishing
 
Legal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and UsersLegal Issues Impacting Data Center Owners, Operators and Users
Legal Issues Impacting Data Center Owners, Operators and Users
 
Credexo IDM
Credexo IDMCredexo IDM
Credexo IDM
 

Viewers also liked

Entry strategies for foreign companies
Entry strategies for foreign companiesEntry strategies for foreign companies
Entry strategies for foreign companies
Ritambhara Agrawal
 
Valuation of intangible assets
Valuation of intangible assetsValuation of intangible assets
Valuation of intangible assets
Ritambhara Agrawal
 

Viewers also liked (9)

Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Trademark Registration
Trademark RegistrationTrademark Registration
Trademark Registration
 
Entry strategies for foreign companies
Entry strategies for foreign companiesEntry strategies for foreign companies
Entry strategies for foreign companies
 
Legal nuances to the cloud
Legal nuances to the cloudLegal nuances to the cloud
Legal nuances to the cloud
 
Greenfield airport
Greenfield airportGreenfield airport
Greenfield airport
 
Legal issues for start up
Legal issues for start upLegal issues for start up
Legal issues for start up
 
Advantages of pct filing
Advantages of pct filing Advantages of pct filing
Advantages of pct filing
 
Valuation of intangible assets
Valuation of intangible assetsValuation of intangible assets
Valuation of intangible assets
 
Trademark ppt by-pooja gurwani
Trademark ppt by-pooja gurwaniTrademark ppt by-pooja gurwani
Trademark ppt by-pooja gurwani
 

Similar to Legal nuances to the cloud

How to draft IT contracts?
How to draft IT contracts?How to draft IT contracts?
How to draft IT contracts?
Legal artviser
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
movinghats
 
Using the Hedera Consensus Service with Hyperledger Fabric
Using the Hedera Consensus Service with Hyperledger FabricUsing the Hedera Consensus Service with Hyperledger Fabric
Using the Hedera Consensus Service with Hyperledger Fabric
Hedera Hashgraph
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
wdsnead
 
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
Cloud Contract Terms - Kuan Hon, Queen Mary University of LondonCloud Contract Terms - Kuan Hon, Queen Mary University of London
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
Chris Purrington
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
itnewsafrica
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
Act-On Software
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
DATAVERSITY
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
jucaab
 
Informed consent and cloud computing
Informed consent and cloud computingInformed consent and cloud computing
Informed consent and cloud computing
Clio - Cloud-Based Legal Technology
 

Similar to Legal nuances to the cloud (20)

How to draft IT contracts?
How to draft IT contracts?How to draft IT contracts?
How to draft IT contracts?
 
Cloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar AssociationCloud Computing Legal for Pennsylvania Bar Association
Cloud Computing Legal for Pennsylvania Bar Association
 
Legal issues in cloud computing
Legal issues in cloud computingLegal issues in cloud computing
Legal issues in cloud computing
 
Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012Cloud Computing Webinar: Legal & Regulatory Update for 2012
Cloud Computing Webinar: Legal & Regulatory Update for 2012
 
Using the Hedera Consensus Service with Hyperledger Fabric
Using the Hedera Consensus Service with Hyperledger FabricUsing the Hedera Consensus Service with Hyperledger Fabric
Using the Hedera Consensus Service with Hyperledger Fabric
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
 
Information ownership in the cloud
Information ownership in the cloudInformation ownership in the cloud
Information ownership in the cloud
 
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
Cloud Contract Terms - Kuan Hon, Queen Mary University of LondonCloud Contract Terms - Kuan Hon, Queen Mary University of London
Cloud Contract Terms - Kuan Hon, Queen Mary University of London
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
 
The New Data Protection Regulation and Cookie Compliance
The New Data Protection Regulation and Cookie ComplianceThe New Data Protection Regulation and Cookie Compliance
The New Data Protection Regulation and Cookie Compliance
 
Bird&Bird
Bird&BirdBird&Bird
Bird&Bird
 
Legal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landyLegal issues in the cloud renzo marchini & gene landy
Legal issues in the cloud renzo marchini & gene landy
 
Electronic Transactions Law - Lecture 3: contracts
Electronic Transactions Law - Lecture 3: contractsElectronic Transactions Law - Lecture 3: contracts
Electronic Transactions Law - Lecture 3: contracts
 
Cloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to KnowCloud Privacy Update: What You Need to Know
Cloud Privacy Update: What You Need to Know
 
Cloud Privacy
Cloud PrivacyCloud Privacy
Cloud Privacy
 
Integrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLCIntegrating Information Protection Into Data Architecture & SDLC
Integrating Information Protection Into Data Architecture & SDLC
 
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to CloudLegal/technical strategies addressing data risks as perimeter shifts to Cloud
Legal/technical strategies addressing data risks as perimeter shifts to Cloud
 
What to look for in a hosted supplier
What to look for in a hosted supplierWhat to look for in a hosted supplier
What to look for in a hosted supplier
 
OOW 2009 EBS Security R12
OOW 2009 EBS Security R12OOW 2009 EBS Security R12
OOW 2009 EBS Security R12
 
Informed consent and cloud computing
Informed consent and cloud computingInformed consent and cloud computing
Informed consent and cloud computing
 

Recently uploaded

Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
Expeed Software
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 

Recently uploaded (20)

The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
In-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT ProfessionalsIn-Depth Performance Testing Guide for IT Professionals
In-Depth Performance Testing Guide for IT Professionals
 
How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024IoT Analytics Company Presentation May 2024
IoT Analytics Company Presentation May 2024
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
ODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User GroupODC, Data Fabric and Architecture User Group
ODC, Data Fabric and Architecture User Group
 
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
Exploring UiPath Orchestrator API: updates and limits in 2024 🚀
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 

Legal nuances to the cloud

  • 1. LEGAL NUANCES TO THE CLOUD CLUBHACK 2012 RITAMBHARA AGRAWAL 01 DECEMBER 2012
  • 2. ISSUES, RISKS & MITIGATION • Encryption of • Security & Data Privacy of Data • Define each • Confidentiality Risks Party’s liability • Ownership • Pre-contract due- • Liability • Loss of Data diligence, contra • Attacks ct • Choice of Law • Compliances negotiation, pos • Disclosure of • Contracts trade secrets t-contract • Termination & monitoring, ter • Recovery Exit mination • Data • Jurisdiction • Right to Audit to Segregation check location & • Portability compliances Legal Issues • Sharing of Data with 3rd Party Mitigation 2
  • 3. LEGAL CHALLENGES IN CLOUD SECURITY COMPLIANCES JURISDICTION CONTRACTUAL LEGAL ISSUES TERMINATION LIMITATIONS & EXIT ATTACKS OWNERSHIP 3
  • 4. SECURITY & PRIVACY Security & Privacy Physical Location of the data centers Encryption of Data Multi-tenant architecture Adversity and intrusion Data mining by the service provider Access rights management Different user data are usually stored on a single virtual server Multiple virtual servers run on a single physical server 4
  • 5. SERVICE LEVEL AGREEMENTS Service Level Agreements Non-negotiable SLAs (often click wrap agreements) If the SLA is non-negotiable, higher degree of reporting should be integrated in the Agreement Additional options for termination should be available Little opportunity to conduct due diligence Strong limits on liability are included (including direct liability) Terms often subject to change without prior intimation Risk is usually shifted to user through provider friendly agreements 5
  • 6. MULTIPLE PARTIES Involvement of multiple parties makes onus & liability shift on one another Multiple Parties Liability of sub-contractors is often limited or disclaimed in entirety Lack of contractual privity makes it difficult to make the provider accountable for any breach Liability of provider for the acts of the sub-contractor Right to conduct due diligence and to understand the model of delivery of services should be given to the customer. 6
  • 7. DATA PROTECTION, RIGHTS & USAGE Data Protection & IP Rights Define data clearly, it’s not standard that all data belongs to the customer Specify ownership rights Define rights granted and the restrictions to monitor and access data by the provider Third-party access to the data Non-Disclosure Agreement with the service provider Ensuring no rights are transferred to the service provider Ensure if back up and transfer of data is permitted 7
  • 8. JURISDICTION Cross-Border Data Flow Data flows across various borders Cloud servers located in different countries, location of data is uncertain Complications of conflicting laws Dispute can be subject to various countries legal system Jurisdictional Issues & Dispute Resolution Mechanism 8
  • 9. COMPLIANCES Country and data specific compliances The owner is equally liable as the service provider to ensure compliance of law Compliances HIPPA, SOX, SAS 70 I & II, GLB, PCI DSS, FERPA and State Laws Eg. HIPPA mandates standard practices to ensure security, confidentiality and data integrity for healthcare-related data Default in the respective compliances can bring in legal implications 9
  • 10. TERMINATION & EXIT Termination & Exit Interoperability of data after termination Data portability from one vendor another and bringing it entirely back-in house In case of exit, can the records be successfully accessed? Can data be extracted from the cloud Obligations of each party in case of exit 10
  • 11. ATTACKS Hacking, virus, malware disruptions, browser attacks, tampering, network security attacks, SQL Injection Attacks Inducing threats, like data & network security, data locality, data integrity, data access, data segregation Authorization & authentication, data confidentiality, web application security, data breaches, availability & back-up 11
  • 12. CASE STUDIES- SONY Attacks on Customers Dozen data Sony reusing breaches, ong Sony laid off Failure to PlayStation passwords, ris oing customer many of its protect over Network, Son ks from relations security 100 million y Online attackers fallout & personnel user records Entertainment accessing class-action & Sony their other lawsuits. Pictures accounts also 12
  • 13. CASE STUDIES • Spear-phishing attack leading to breach affecting it’s clients and customer’s data EPSILON • Approximately 60 million customer email addresses were breached • Lesson: The Company outsourcing the job is equally responsible for security of the customer data • Hackers used SQL attack method to access the database that fed the server hosting the site • Exposing 4,50,000 usernames and passwords YAHOO • Yahoo didn’t store the data in cryptographic form and left it in plain text making it vulnerable to attack • Hackers breached the site, stealing more than 6million customer’s passwords, which were very lightly encrypted & posted them on a LINKEDIN Russian hacker forum 13
  • 14. MITIGATION OF RISK • Evaluation of service provider’s security policy Security • Encryption to protect confidentiality & integrity of data • Suspected data breach must be addressed • Identifying relative risks between the parties, like ownership of data, data protection guidelines, trade secrets, indemnities, jurisdiction • Pre-contract due-diligence, negotiable SLA Contract • Planned & unplanned termination of the Agreement & return of data & assets • Liability of each party in the event of breach of contract • Ownership of data • Right to audit to check the compliances Audit • To check the location of the data to ensure compliance of legal & statutory provisions 14
  • 15. Thank you INDIA A-42/6, Sector-62, Noida-201301 Tel: +91-0120-47040722, +91 -0120-4740700 Fax: + 91 11 2741 8595 USA Suite 119, 2 Davis Drive, Research Triangle Park, Durham (NC)-27709 Ph: 1 262 432 1718; Fax: 1 877 895 9706 E-mail: info@intelligere.in www.intelligere.in 15