SlideShare a Scribd company logo

The Cloud Computing Contract Playbook: Contracting for Cloud Services

Download as PPTX, PDF
T
This account is closed

In this presentation, Paul Armitage discusses how to protect your company when negotiating cloud computing contracts.

Law
1 of 25
The Cloud Computing Contract Playbook - Contracting for Cloud Services June 23, 2015 Paul Armitage*, Partner * Law Corporation Doc #1761319
2 The Cloud is Everywhere The cloud is everywhere and for anything • SaaS (applications) • Customer accesses and uses cloud provider’s applications running on cloud provider’s infrastructure (e.g., Salesforce.com) • PaaS (platform) • Customer deploys and controls own (developed/licensed) applications running on cloud provider’s infrastructure (e.g., IBM Smartcloud, and also Salesforce.com!) • IaaS (infrastructure) • Customer deploys and controls applications, operating systems, storage, and networking components running on cloud provider’s infrastructure (e.g., AWS)
The Cloud is Everywhere Expanding use of the cloud – from consumer to the enterprise • The cloud is no longer just for free or low-cost consumer offerings • Mission critical functions: finance, billing, database storage, networks • Regulated industries (e.g., financial institutions, healthcare) 3
The Irresistible Force of the Cloud • Significant cost reductions • Lower total cost of ownership: no servers or licenses to be bought – just pay as you go • Cheaper to implement, customize and configure • No upgrade fees for ongoing maintenance to stay current with latest versions of the software and operating systems • Cost certainty • Predictable fees based on metrics (e.g., per user, log-in, record, device) • Renewal pricing: TIP - contractually ensure cost certainty on renewal! 4
The Irresistible Force of the Cloud • Speed of delivery • Greatly reduces time required to implement, customize and configure the solution, and to train users • Scalable and elastic (metered, on-demand service) • Increased connectivity and solution mobility (accessible anywhere and by any Internet enabled device) • Can allow an organization to achieve security standards which are difficult or expensive to achieve in-house (e.g., diversity or disaster recovery requirements) 5
We’re Moving Everything to the Cloud - Not so Fast! • OSFI, Guideline B-10: requires (among other things) federally-regulated financial institutions (FRFIs) to impose standards on the service provider in the areas of: (1) confidentiality, (2) security, (3) data segregation • OSFI, February 29, 2012 Memorandum: “New technology-based outsourcing arrangements” “Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks. As such, and in light of the proliferation of new technology-based outsourcing services, OSFI is reminding all FRFIs that the expectations contained in Guideline B-10 remain current and continue to apply in respect of such services.” 6
We’re Moving Everything to the Cloud - Not so Fast! • B.C. Privacy Commissioner, June 2012: “Cloud Computing Guidelines for Public Bodies” “Public bodies must consider s. 30.1 of FIPPA when making decisions about whether to store personal information in the cloud. With limited exceptions as set out in FIPPA, personal information, including information in computer logs and on backup tapes or drives cannot be stored or accessed outside of Canada.” 7
What’s Different about Contracting for Cloud Computing? “Cloud” solution • No on-premises installation at customer • No license to the solution • Instead, customer gets a subscription to access and use someone else’s solution, on someone else’s computer, hosted somewhere else, i.e., in the cloud • In lieu of an in-house IT department where you can structure your computing environment and know first-hand what security safeguards are in place, you now have… a contract with your cloud provider 8
Storing Personal Information in the Cloud • Storing personal information in the cloud is generally speaking permitted, so long as: • Socio-economic and legal environment of the hosting jurisdiction, and sensitivity of the information are taken into consideration • Individuals are provided with notice of the cloud storage, and that while their information is stored outside Canada it may be accessed by foreign courts, law enforcement and security authorities • The cloud provider is contractually required to safeguard the personal information against unauthorized use, access, collection, disclosure, copying modification, and destruction, having regard to the sensitivity of the information, and providing a comparable level of protection to (a) if processed in-house, and (b) as is legally required in Canada 9
Storing Personal Information in the Cloud • Additional Alberta requirements • Alberta Personal Information Protection Act: • An organization must have policies about its use of “service providers” (includes contractors and affiliates) outside of Canada to process personal information, including as to (a) which countries, and (b) the purposes of processing, and must make its policies available on request • An organization must, before or at the time of collecting or transferring the information outside Canada, notify the individual of (a) how to obtain information about the organization’s policies on use of service providers outside of Canada, and (b) the contact information of the person at the organization who is able to answer questions about those policies 10
Storing Personal Information in the Cloud • Exceptions: • B.C. public bodies - FIPPA, s. 30.1 • Personal information in the custody or control of a public body must be stored in Canada and accessed only in Canada, unless one of the following applies: (a) individual consent, (b) allowed under FIPPA (including by ministerial order), or (c) in connection with payments to or by a public body • Similar restrictions exist for Nova Scotia public bodies 11
Know Your Cloud Provider • Due diligence on cloud provider • Review financial statements / regulatory filings (SEC 10K) • Financial performance (look for positive growth) and self- disclosure of risks by cloud provider • Data security measures – look for (and include in the contract) the following types of protections: • Physical, e.g. restricted access to data centres • Organizational, e.g. security clearances, background checks, privacy and security policies, training • Technological, e.g. (a) firewall, (b) encryption (consider three data states for encryption: (1) at rest, (2) in transit, (3) in process), (c) identity and access management (password protection), (d) patch management and network maintenance, (e) secure data deletion, (f) intrusion monitoring, (g) virus filters 12
Know Your Cloud Provider • ISO 27001 standard for information security systems • Certification to demonstrate industry-minimum cyber security measures have been adopted 13
Know Your Cloud Provider • ISO 27018 standard for protection of personally identifiable information (PII) in the cloud • Requires cloud provider to (among other things): • Only process PII in accordance with the customer’s instructions • Only process PII for marketing or advertising purposes with the customer’s express consent • Disclose to the customer the identity of subcontractors and locations where PII is processed • Ensure that personnel who have access to PII enter into confidentiality agreements and receive appropriate training • Assist the customer in complying with notification obligations in the event of a security breach 14
Know Your Cloud Provider • PCI DSS (Payment Card Interface – Data Security Standard) for (1) payment card processing, (2) securing cardholder data (e.g., storage or encryption), (3) cardholder data environment (e.g., infrastructure, data centres), (4) application development with access to cardholder information / data environment • Standards for cardholder data security and consistent data security measures 15
Data Security Clause • Elements of a data security clause • Data remains owned and under the control of the organization while in the cloud provider’s possession • Cloud provider must only use the data for the purpose of performing its services • Cloud provider must provide notice of any data breach • Cloud provider must provide notice of any lawful access where legally permitted • Continued access to data is assured (restrict cloud provider’s ability to cut-off or suspend access, e.g., for non-payment) • Disaster recovery/business continuity plan to provide access to data under adverse conditions • Continued access to data for a period after subscription ends to allow for transitioning to another provider or service repatriation • Return of data on termination (specify cost and a format you can use) 16
Specifications and Service Levels • Specifications define what the cloud solution is supposed to do • A lot of cloud providers’ contracts don’t say anything about what the solution does! • Incorporate specifications and guard against future changes • Service levels set minimum performance standards for the cloud solution. Examples: • 99.999% uptime – but what’s “uptime”? • Time to perform a function • Support call response • Recovery time objectives 17
Audit • Right to audit cloud provider by client (and by client’s regulators if applicable) • Third party auditors to ensure compliance with cloud provider’s security program • SSAE 16 (Type I or Type II) 18
Bringing Territory Back The cloud is typically not tied to territory, but consider: • Statutory prohibitions (e.g., FIPPA, s. 30.1) • Sectoral laws requirements (e.g., Bank Act) • Your own policies and contracts – have you committed to persons that their data won’t be stored outside of Canada? • Which laws you must comply with – are they also binding on the cloud provider? • Specify in the contract what laws must be complied with, e.g., Canadian laws for personal information protection • Insurance – territorial limits on coverage 19
Bringing Territory Back • Export controls – four areas of concern: • US-origin technology (including technical data) • Controlled technology: encryption, dual-use (civilian), military, nuclear • Cloud provider or user is located in sanctioned countries • Designated persons subject to economic sanctions 20
Insurance Issues Gaps in traditional policies - general liability and E&O do not cover: • Business interruption due to your cloud provider suffering an outage as a result of computer or network security failure • Indemnification for security breach notification costs (including credit monitoring) • Defence and indemnification for regulatory action due to a breach of privacy laws • Liability for disclosure of electronic data, confidential information, and personal information • Liability for economic harm suffered by others due to failure of your computer or network security 21
Insurance Issues • Cyber security & privacy liability insurance may be used to fill-in these gaps. Conditions of coverage: • Maintain same or better level of security as when coverage was taken-out (may include audit of your and your cloud provider’s systems and security) • Compliance with legal regulations • Notice of claims – therefore, must contractually require cloud provider to provide notice of security breach • There must have been a security failure (e.g., poor planning or unforeseen usage levels are not covered) 22
Insurance Issues • Cyber security & privacy liability insurance – yours or your cloud provider’s? • Will your cloud provider’s coverage be there to protect you? • Cost of security breach based on number of records compromised: 100,000 records - $8.6m* (if the cloud provider has a 1,000 customers, that’s a $8.6b loss!) * Marsh, “Cyber & Privacy Liability” • Cloud provider business model is usually about reducing costs – providers therefore may have low insurance, high deductibles, and resist naming customers as additional insureds • Your insurance: covers data compromised in the hands of a cloud provider (with insurer subrogation against cloud provider) 23
What Happens if your Cloud Provider Goes Out of Business? • Third party cloud continuity solutions – the new software escrow • Short term (e.g., 30 - 90 days) solution to keep your cloud provider’s service running while you transition to a new provider or repatriate the service • Two main variations: • Basic: escrow company contracts with cloud provider’s IaaS hosting provider to allow escrow company to keep the solution “up” if cloud provider goes out of business • More advanced: escrow company runs a mirrored solution in its own environment that can be cut-to as a fail-over if cloud provider goes out of business (or just goes down – also a diversity service) • May be coupled with traditional source code escrow 24
Thank You montréal  ottawa  toronto  hamilton  waterloo region  calgary  vancouver  beijing  moscow  london Paul Armitage Tel: 604-891-2779 Email: paul.armitage@gowlings.com Doc # 1761319

Recommended

The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
This account is closed
 
Cloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issuesCloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issues
Lilian Edwards
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
lisaabe
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Martens - Intellectual Property Law
 
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller SolicitorCloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Brian Miller, Solicitor
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Brian Miller, Solicitor
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 

Recommended

The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
The Cloud Computing Contract Playbook - Contracting for Cloud Services, Sept. 30
This account is closed
 
Cloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issuesCloud computing : legal , privacy and contract issues
Cloud computing : legal , privacy and contract issues
Lilian Edwards
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
lisaabe
 
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Practice Webinar Series: Strategic Considerations for Non-Disclosure A...
Knobbe Martens - Intellectual Property Law
 
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller SolicitorCloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Cloud Computing: Legal Issues and Safety Risks by Brian Miller Solicitor
Brian Miller, Solicitor
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Brian Miller, Solicitor
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
TrustArc
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
wdsnead
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
Ikuo Takahashi
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
Ulf Mattsson
 
Misa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalMisa cloud computing workshop lhm final
Misa cloud computing workshop lhm final
Lou Milrad
 
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
Knobbe Martens - Intellectual Property Law
 
Cloud Computing: legal issues
Cloud Computing: legal issuesCloud Computing: legal issues
Cloud Computing: legal issues
ISPABelgium
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
rajab ssemwogerere
 
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
AltheimPrivacy
 
Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issues
Adv Prashant Mali
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
BrightPay Payroll and Auto Enrolment Software
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
Patrick Fowler
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
TrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
TrustArc
 
Intellectual Property: Legal Bootcamp, December 2013
Intellectual Property: Legal Bootcamp, December 2013Intellectual Property: Legal Bootcamp, December 2013
Intellectual Property: Legal Bootcamp, December 2013
This account is closed
 
Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
Canada's Privacy and New Anti-spam Laws: What You Need to Know to ComplyCanada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
This account is closed
 

More Related Content

What's hot

How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
TrustArc
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
wdsnead
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
TrustArc
 
Misa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalMisa cloud computing workshop lhm final
Misa cloud computing workshop lhm final
Lou Milrad
 
Cloud Computing: legal issues
Cloud Computing: legal issuesCloud Computing: legal issues
Cloud Computing: legal issues
ISPABelgium
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
BrightPay Payroll and Auto Enrolment Software
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
TrustArc
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
TrustArc
 

What's hot (20)

How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
 
12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated12 02-14 information security managers - unannotated
12 02-14 information security managers - unannotated
 
5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You5 Signs Your Privacy Management Program is Not Working for You
5 Signs Your Privacy Management Program is Not Working for You
 
Cloud Computing Legal Issues
Cloud Computing Legal IssuesCloud Computing Legal Issues
Cloud Computing Legal Issues
 
Isaca new delhi india privacy and big data
Isaca new delhi india privacy and big dataIsaca new delhi india privacy and big data
Isaca new delhi india privacy and big data
 
Misa cloud computing workshop lhm final
Misa cloud computing workshop lhm finalMisa cloud computing workshop lhm final
Misa cloud computing workshop lhm final
 
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
Understanding and Protecting Distributed Ledger Technology - Knobbe Practice ...
 
Cloud Computing: legal issues
Cloud Computing: legal issuesCloud Computing: legal issues
Cloud Computing: legal issues
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
Security and Privacy in Deals (altheim & mahajan)(6-3 -2015)
 
Cloud computing legal issues
Cloud computing legal issuesCloud computing legal issues
Cloud computing legal issues
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Legal ethics & cloud computing
Legal ethics & cloud computingLegal ethics & cloud computing
Legal ethics & cloud computing
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
 
Building Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR ManagementBuilding Consumer Trust through Individual Rights / DSAR Management
Building Consumer Trust through Individual Rights / DSAR Management
 

Viewers also liked

A Novel Technique for Image Steganography Based on DWT and Huffman Encoding
A Novel Technique for Image Steganography Based on DWT and Huffman EncodingA Novel Technique for Image Steganography Based on DWT and Huffman Encoding
A Novel Technique for Image Steganography Based on DWT and Huffman Encoding
CSCJournals
 
Worldwide IT Services Market - 2012
Worldwide IT Services Market - 2012Worldwide IT Services Market - 2012
Worldwide IT Services Market - 2012
Padma Vallury
 
Sales Segmentation & Qualification for B2B SaaS Companies
Sales Segmentation & Qualification for B2B SaaS CompaniesSales Segmentation & Qualification for B2B SaaS Companies
Sales Segmentation & Qualification for B2B SaaS Companies
Guillaume Lerouge
 
2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study
North Bridge
 
2016 Future of Cloud Computing Study
2016 Future of Cloud Computing Study2016 Future of Cloud Computing Study
2016 Future of Cloud Computing Study
North Bridge
 

Viewers also liked (18)

Intellectual Property: Legal Bootcamp, December 2013
Intellectual Property: Legal Bootcamp, December 2013Intellectual Property: Legal Bootcamp, December 2013
Intellectual Property: Legal Bootcamp, December 2013
 
Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
Canada's Privacy and New Anti-spam Laws: What You Need to Know to ComplyCanada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
Canada's Privacy and New Anti-spam Laws: What You Need to Know to Comply
 
Cloud Computing Standards and Use Cases (Robert Grossman) 09-v8p
Cloud Computing Standards and Use Cases (Robert Grossman) 09-v8pCloud Computing Standards and Use Cases (Robert Grossman) 09-v8p
Cloud Computing Standards and Use Cases (Robert Grossman) 09-v8p
 
A Novel Technique for Image Steganography Based on DWT and Huffman Encoding
A Novel Technique for Image Steganography Based on DWT and Huffman EncodingA Novel Technique for Image Steganography Based on DWT and Huffman Encoding
A Novel Technique for Image Steganography Based on DWT and Huffman Encoding
 
Worldwide IT Services Market - 2012
Worldwide IT Services Market - 2012Worldwide IT Services Market - 2012
Worldwide IT Services Market - 2012
 
Info hiding
Info hidingInfo hiding
Info hiding
 
IP License Agreements: Common Issues and Solutions
IP License Agreements: Common Issues and SolutionsIP License Agreements: Common Issues and Solutions
IP License Agreements: Common Issues and Solutions
 
Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788Cloud Computing - ISO/IEC 17788
Cloud Computing - ISO/IEC 17788
 
The Latest in Cloud Computing Standards
The Latest in Cloud Computing StandardsThe Latest in Cloud Computing Standards
The Latest in Cloud Computing Standards
 
Sales Segmentation & Qualification for B2B SaaS Companies
Sales Segmentation & Qualification for B2B SaaS CompaniesSales Segmentation & Qualification for B2B SaaS Companies
Sales Segmentation & Qualification for B2B SaaS Companies
 
ASEAN Business Outlook Survey 2016
ASEAN Business Outlook Survey 2016ASEAN Business Outlook Survey 2016
ASEAN Business Outlook Survey 2016
 
Trend and Future of Cloud Computing
Trend and Future of Cloud ComputingTrend and Future of Cloud Computing
Trend and Future of Cloud Computing
 
2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study2015 Future of Cloud Computing Study
2015 Future of Cloud Computing Study
 
2016 Cloud Computing Trends
2016 Cloud Computing Trends 2016 Cloud Computing Trends
2016 Cloud Computing Trends
 
Trends in Cloud Computing 2016
Trends in Cloud Computing 2016Trends in Cloud Computing 2016
Trends in Cloud Computing 2016
 
Top 10 Cloud Trends for 2017
Top 10 Cloud Trends for 2017Top 10 Cloud Trends for 2017
Top 10 Cloud Trends for 2017
 
2016 Future of Cloud Computing Study
2016 Future of Cloud Computing Study2016 Future of Cloud Computing Study
2016 Future of Cloud Computing Study
 
Cloud computing simple ppt
Cloud computing simple pptCloud computing simple ppt
Cloud computing simple ppt
 

Similar to The Cloud Computing Contract Playbook: Contracting for Cloud Services

Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
accacloud
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
Livingstone Advisory
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
itnewsafrica
 
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemIT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
Meyers Nave
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
Kresimir Popovic
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
Graeme Wood
 

Similar to The Cloud Computing Contract Playbook: Contracting for Cloud Services (20)

093049ov4.pptx
093049ov4.pptx093049ov4.pptx
093049ov4.pptx
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Cloud Computing & IT in the Boardroom
Cloud Computing & IT in the BoardroomCloud Computing & IT in the Boardroom
Cloud Computing & IT in the Boardroom
 
SLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal AspectsSLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
SLALOM Project Legal Webinar Introduction 20151019 Legal Aspects
 
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
Safe Cloud Principles for the FSI Industry 2014, endorsed by the Asia Cloud C...
 
Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?
 
Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...
Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...
Critical Hong Kong Banking, Securities and Insurance Workloads on the Cloud –...
 
Cloud computing Risk management
Cloud computing Risk management Cloud computing Risk management
Cloud computing Risk management
 
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
UTSpeaks Public Lecture: Clearing up the Cloud -19th July 2011 - Rob Living...
 
Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014Mining IT Summit Nov 6 2014
Mining IT Summit Nov 6 2014
 
Contracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy BortzContracting in the Cloud by Tammy Bortz
Contracting in the Cloud by Tammy Bortz
 
Cloud Security.ppt
Cloud Security.pptCloud Security.ppt
Cloud Security.ppt
 
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid ThemIT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
IT Equipment and Services Agreements: Contractual Pitfalls and How to Avoid Them
 
Cloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from realityCloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from reality
 
Cloud computing security issues and challenges
Cloud computing security issues and challengesCloud computing security issues and challenges
Cloud computing security issues and challenges
 
CSA Introduction 2013 David Ross
CSA Introduction 2013 David RossCSA Introduction 2013 David Ross
CSA Introduction 2013 David Ross
 
Introduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David RossIntroduction to CSA Australia 2013 by David Ross
Introduction to CSA Australia 2013 by David Ross
 
Compliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA FrameworkCompliance in Public Cloud & CSA Framework
Compliance in Public Cloud & CSA Framework
 
Cloud security
Cloud securityCloud security
Cloud security
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 

More from This account is closed

Trans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual PropertyTrans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual Property
This account is closed
 
Cross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for BusinessCross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for Business
This account is closed
 
Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1
This account is closed
 

More from This account is closed (20)

Brands, Trademarks, and Advertising
Brands, Trademarks, and AdvertisingBrands, Trademarks, and Advertising
Brands, Trademarks, and Advertising
 
Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...Le gestion de crise : considérations juridiques et pratiques pour traverser l...
Le gestion de crise : considérations juridiques et pratiques pour traverser l...
 
CPD Professionalism Program for General Counsel
CPD Professionalism Program for General CounselCPD Professionalism Program for General Counsel
CPD Professionalism Program for General Counsel
 
Financing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel AzizFinancing nuclear projects — A. Abdel Aziz
Financing nuclear projects — A. Abdel Aziz
 
Nuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting ModelsNuclear Supply Chain Symposium - Canadian Contracting Models
Nuclear Supply Chain Symposium - Canadian Contracting Models
 
Trans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual PropertyTrans-Pacific Partnership Treaty & Intellectual Property
Trans-Pacific Partnership Treaty & Intellectual Property
 
Life Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and IssuesLife Sciences Licensing — Trends and Issues
Life Sciences Licensing — Trends and Issues
 
Legal issues associated with project management and consulting
Legal issues associated with project management and consultingLegal issues associated with project management and consulting
Legal issues associated with project management and consulting
 
Cross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for BusinessCross-Border M&A: Canada is Open for Business
Cross-Border M&A: Canada is Open for Business
 
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and UnderstandPLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
PLSAs, SEPs and PAEs: The Antitrust/IP Acronyms You Should Know and Understand
 
IP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practicesIP ownership for R&D companies: Cautionary tales and best practices
IP ownership for R&D companies: Cautionary tales and best practices
 
Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015Manufacturing Success Seminar - April 29, 2015
Manufacturing Success Seminar - April 29, 2015
 
Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015Employment and Labour Law Seminar - May 5, 2015
Employment and Labour Law Seminar - May 5, 2015
 
Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015Employment and Labour Law Seminar - May 6, 2015
Employment and Labour Law Seminar - May 6, 2015
 
Social Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New WorldSocial Media and the Workplace: Navigating in a New World
Social Media and the Workplace: Navigating in a New World
 
Top 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights LawTop 10 Developments in Employment, Labour & Human Rights Law
Top 10 Developments in Employment, Labour & Human Rights Law
 
Disability Accommodation in the Workplace
Disability Accommodation in the WorkplaceDisability Accommodation in the Workplace
Disability Accommodation in the Workplace
 
Enforceability of Termination Provisions
Enforceability of Termination ProvisionsEnforceability of Termination Provisions
Enforceability of Termination Provisions
 
Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015Employment & Labour Law Panel Discussion - April 29th, 2015
Employment & Labour Law Panel Discussion - April 29th, 2015
 
Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1Directors and fficers duties van law-1662964-v1
Directors and fficers duties van law-1662964-v1
 

Recently uploaded

一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
trryfxkn
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
Fir La
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
Types of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM ITypes of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM I
yogita9398
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
bd2c5966a56d
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
ss
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
Airst S
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
Airst S
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
mefyqyn
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
ZurliaSoop
 

Recently uploaded (20)

一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Understanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective BargainingUnderstanding the Role of Labor Unions and Collective Bargaining
Understanding the Role of Labor Unions and Collective Bargaining
 
Types of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM ITypes of Agricultural markets LLB- SEM I
Types of Agricultural markets LLB- SEM I
 
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
Sangyun Lee, Duplicate Powers in the Criminal Referral Process and the Overla...
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
一比一原版(Griffith毕业证书)格里菲斯大学毕业证如何办理
 
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
一比一原版(UNSW毕业证书)新南威尔士大学毕业证如何办理
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in Law
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
一比一原版(CQU毕业证书)中央昆士兰大学毕业证如何办理
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
一比一原版(BCU毕业证书)伯明翰城市大学毕业证成绩单原件一模一样
 
Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?Who is Spencer McDaniel? And Does He Actually Exist?
Who is Spencer McDaniel? And Does He Actually Exist?
 
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURYA SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
A SHORT HISTORY OF LIBERTY'S PROGREE THROUGH HE EIGHTEENTH CENTURY
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam TakersPhilippine FIRE CODE REVIEWER for Architecture Board Exam Takers
Philippine FIRE CODE REVIEWER for Architecture Board Exam Takers
 

The Cloud Computing Contract Playbook: Contracting for Cloud Services

  • 1. The Cloud Computing Contract Playbook - Contracting for Cloud Services June 23, 2015 Paul Armitage*, Partner * Law Corporation Doc #1761319
  • 2. 2 The Cloud is Everywhere The cloud is everywhere and for anything • SaaS (applications) • Customer accesses and uses cloud provider’s applications running on cloud provider’s infrastructure (e.g., Salesforce.com) • PaaS (platform) • Customer deploys and controls own (developed/licensed) applications running on cloud provider’s infrastructure (e.g., IBM Smartcloud, and also Salesforce.com!) • IaaS (infrastructure) • Customer deploys and controls applications, operating systems, storage, and networking components running on cloud provider’s infrastructure (e.g., AWS)
  • 3. The Cloud is Everywhere Expanding use of the cloud – from consumer to the enterprise • The cloud is no longer just for free or low-cost consumer offerings • Mission critical functions: finance, billing, database storage, networks • Regulated industries (e.g., financial institutions, healthcare) 3
  • 4. The Irresistible Force of the Cloud • Significant cost reductions • Lower total cost of ownership: no servers or licenses to be bought – just pay as you go • Cheaper to implement, customize and configure • No upgrade fees for ongoing maintenance to stay current with latest versions of the software and operating systems • Cost certainty • Predictable fees based on metrics (e.g., per user, log-in, record, device) • Renewal pricing: TIP - contractually ensure cost certainty on renewal! 4
  • 5. The Irresistible Force of the Cloud • Speed of delivery • Greatly reduces time required to implement, customize and configure the solution, and to train users • Scalable and elastic (metered, on-demand service) • Increased connectivity and solution mobility (accessible anywhere and by any Internet enabled device) • Can allow an organization to achieve security standards which are difficult or expensive to achieve in-house (e.g., diversity or disaster recovery requirements) 5
  • 6. We’re Moving Everything to the Cloud - Not so Fast! • OSFI, Guideline B-10: requires (among other things) federally-regulated financial institutions (FRFIs) to impose standards on the service provider in the areas of: (1) confidentiality, (2) security, (3) data segregation • OSFI, February 29, 2012 Memorandum: “New technology-based outsourcing arrangements” “Information technology plays a very important role in the financial services business and OSFI recognizes the opportunities and benefits that new technology-based services such as Cloud Computing can bring; however, FRFIs should also recognize the unique features of such services and duly consider the associated risks. As such, and in light of the proliferation of new technology-based outsourcing services, OSFI is reminding all FRFIs that the expectations contained in Guideline B-10 remain current and continue to apply in respect of such services.” 6
  • 7. We’re Moving Everything to the Cloud - Not so Fast! • B.C. Privacy Commissioner, June 2012: “Cloud Computing Guidelines for Public Bodies” “Public bodies must consider s. 30.1 of FIPPA when making decisions about whether to store personal information in the cloud. With limited exceptions as set out in FIPPA, personal information, including information in computer logs and on backup tapes or drives cannot be stored or accessed outside of Canada.” 7
  • 8. What’s Different about Contracting for Cloud Computing? “Cloud” solution • No on-premises installation at customer • No license to the solution • Instead, customer gets a subscription to access and use someone else’s solution, on someone else’s computer, hosted somewhere else, i.e., in the cloud • In lieu of an in-house IT department where you can structure your computing environment and know first-hand what security safeguards are in place, you now have… a contract with your cloud provider 8
  • 9. Storing Personal Information in the Cloud • Storing personal information in the cloud is generally speaking permitted, so long as: • Socio-economic and legal environment of the hosting jurisdiction, and sensitivity of the information are taken into consideration • Individuals are provided with notice of the cloud storage, and that while their information is stored outside Canada it may be accessed by foreign courts, law enforcement and security authorities • The cloud provider is contractually required to safeguard the personal information against unauthorized use, access, collection, disclosure, copying modification, and destruction, having regard to the sensitivity of the information, and providing a comparable level of protection to (a) if processed in-house, and (b) as is legally required in Canada 9
  • 10. Storing Personal Information in the Cloud • Additional Alberta requirements • Alberta Personal Information Protection Act: • An organization must have policies about its use of “service providers” (includes contractors and affiliates) outside of Canada to process personal information, including as to (a) which countries, and (b) the purposes of processing, and must make its policies available on request • An organization must, before or at the time of collecting or transferring the information outside Canada, notify the individual of (a) how to obtain information about the organization’s policies on use of service providers outside of Canada, and (b) the contact information of the person at the organization who is able to answer questions about those policies 10
  • 11. Storing Personal Information in the Cloud • Exceptions: • B.C. public bodies - FIPPA, s. 30.1 • Personal information in the custody or control of a public body must be stored in Canada and accessed only in Canada, unless one of the following applies: (a) individual consent, (b) allowed under FIPPA (including by ministerial order), or (c) in connection with payments to or by a public body • Similar restrictions exist for Nova Scotia public bodies 11
  • 12. Know Your Cloud Provider • Due diligence on cloud provider • Review financial statements / regulatory filings (SEC 10K) • Financial performance (look for positive growth) and self- disclosure of risks by cloud provider • Data security measures – look for (and include in the contract) the following types of protections: • Physical, e.g. restricted access to data centres • Organizational, e.g. security clearances, background checks, privacy and security policies, training • Technological, e.g. (a) firewall, (b) encryption (consider three data states for encryption: (1) at rest, (2) in transit, (3) in process), (c) identity and access management (password protection), (d) patch management and network maintenance, (e) secure data deletion, (f) intrusion monitoring, (g) virus filters 12
  • 13. Know Your Cloud Provider • ISO 27001 standard for information security systems • Certification to demonstrate industry-minimum cyber security measures have been adopted 13
  • 14. Know Your Cloud Provider • ISO 27018 standard for protection of personally identifiable information (PII) in the cloud • Requires cloud provider to (among other things): • Only process PII in accordance with the customer’s instructions • Only process PII for marketing or advertising purposes with the customer’s express consent • Disclose to the customer the identity of subcontractors and locations where PII is processed • Ensure that personnel who have access to PII enter into confidentiality agreements and receive appropriate training • Assist the customer in complying with notification obligations in the event of a security breach 14
  • 15. Know Your Cloud Provider • PCI DSS (Payment Card Interface – Data Security Standard) for (1) payment card processing, (2) securing cardholder data (e.g., storage or encryption), (3) cardholder data environment (e.g., infrastructure, data centres), (4) application development with access to cardholder information / data environment • Standards for cardholder data security and consistent data security measures 15
  • 16. Data Security Clause • Elements of a data security clause • Data remains owned and under the control of the organization while in the cloud provider’s possession • Cloud provider must only use the data for the purpose of performing its services • Cloud provider must provide notice of any data breach • Cloud provider must provide notice of any lawful access where legally permitted • Continued access to data is assured (restrict cloud provider’s ability to cut-off or suspend access, e.g., for non-payment) • Disaster recovery/business continuity plan to provide access to data under adverse conditions • Continued access to data for a period after subscription ends to allow for transitioning to another provider or service repatriation • Return of data on termination (specify cost and a format you can use) 16
  • 17. Specifications and Service Levels • Specifications define what the cloud solution is supposed to do • A lot of cloud providers’ contracts don’t say anything about what the solution does! • Incorporate specifications and guard against future changes • Service levels set minimum performance standards for the cloud solution. Examples: • 99.999% uptime – but what’s “uptime”? • Time to perform a function • Support call response • Recovery time objectives 17
  • 18. Audit • Right to audit cloud provider by client (and by client’s regulators if applicable) • Third party auditors to ensure compliance with cloud provider’s security program • SSAE 16 (Type I or Type II) 18
  • 19. Bringing Territory Back The cloud is typically not tied to territory, but consider: • Statutory prohibitions (e.g., FIPPA, s. 30.1) • Sectoral laws requirements (e.g., Bank Act) • Your own policies and contracts – have you committed to persons that their data won’t be stored outside of Canada? • Which laws you must comply with – are they also binding on the cloud provider? • Specify in the contract what laws must be complied with, e.g., Canadian laws for personal information protection • Insurance – territorial limits on coverage 19
  • 20. Bringing Territory Back • Export controls – four areas of concern: • US-origin technology (including technical data) • Controlled technology: encryption, dual-use (civilian), military, nuclear • Cloud provider or user is located in sanctioned countries • Designated persons subject to economic sanctions 20
  • 21. Insurance Issues Gaps in traditional policies - general liability and E&O do not cover: • Business interruption due to your cloud provider suffering an outage as a result of computer or network security failure • Indemnification for security breach notification costs (including credit monitoring) • Defence and indemnification for regulatory action due to a breach of privacy laws • Liability for disclosure of electronic data, confidential information, and personal information • Liability for economic harm suffered by others due to failure of your computer or network security 21
  • 22. Insurance Issues • Cyber security & privacy liability insurance may be used to fill-in these gaps. Conditions of coverage: • Maintain same or better level of security as when coverage was taken-out (may include audit of your and your cloud provider’s systems and security) • Compliance with legal regulations • Notice of claims – therefore, must contractually require cloud provider to provide notice of security breach • There must have been a security failure (e.g., poor planning or unforeseen usage levels are not covered) 22
  • 23. Insurance Issues • Cyber security & privacy liability insurance – yours or your cloud provider’s? • Will your cloud provider’s coverage be there to protect you? • Cost of security breach based on number of records compromised: 100,000 records - $8.6m* (if the cloud provider has a 1,000 customers, that’s a $8.6b loss!) * Marsh, “Cyber & Privacy Liability” • Cloud provider business model is usually about reducing costs – providers therefore may have low insurance, high deductibles, and resist naming customers as additional insureds • Your insurance: covers data compromised in the hands of a cloud provider (with insurer subrogation against cloud provider) 23
  • 24. What Happens if your Cloud Provider Goes Out of Business? • Third party cloud continuity solutions – the new software escrow • Short term (e.g., 30 - 90 days) solution to keep your cloud provider’s service running while you transition to a new provider or repatriate the service • Two main variations: • Basic: escrow company contracts with cloud provider’s IaaS hosting provider to allow escrow company to keep the solution “up” if cloud provider goes out of business • More advanced: escrow company runs a mirrored solution in its own environment that can be cut-to as a fail-over if cloud provider goes out of business (or just goes down – also a diversity service) • May be coupled with traditional source code escrow 24
  • 25. Thank You montréal  ottawa  toronto  hamilton  waterloo region  calgary  vancouver  beijing  moscow  london Paul Armitage Tel: 604-891-2779 Email: paul.armitage@gowlings.com Doc # 1761319