This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
Cashing in on the public cloud with total confidenceCloudMask inc.
Banks have always been targets for attack. The year 2011 appears to have been a critical tipping point for bank related cybercrime. Attacks grew at a rate of nearly 300 to 400% that year, and innovative attacks cost banks and customers a lot of money.
legal issues in cloud computing,cloud computing and law,cyberlaw and cloud computing in india,prashant mali,cloud computing issues,cloud computing security
Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably
encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly
about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even
private-- they are also affected by where data resides and the impact of local, regional, and national regulations on
the privacy of that data--an issue known as data sovereignty.
Quick Start Guide to IT Security for BusinessesCompTIA
IT security is constantly changing, which means it can be hard for businesses to keep up. This guide from CompTIA educates IT solution providers on the importance of providing clients with up-to-date IT security, identifies the risks of inadequate or poor security, and examines the technology shifts and factors affecting security in in the workplace.
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Chad Lawler
Security & Compliance in the Cloud - Standards, Security & Proactively Managing Governance, Risk & Compliance
Key Note Address by Chad M. Lawler, Ph.D.
Cloud Security Alliance - North Texas Chapter
Friday, June 28, 2013
OASIS response to EU Digital Agenda January 2010-11 cloud computing survey. See: http://cordis.europa.eu/fp7/ict/ssai/events-20100126-cloud-computing_en.html
Legal challenges of cloud based enterprise 20Kasia Szkuta
Presentation given at the "Enterprise 2.0 in Europe" workshop where the results of the interim report of the “Enterprise 2.0 study were presented and discussed with experts
Brussels, 14th of September 2010
This presentation identifies and discusses certain ethical rules and opinions that apply to an Arizona lawyer's use of cloud computing in his or her practice. The concepts are generally applicable to lawyers in many other states as well.
From the FinTech Webinar Series. Explores:
1. Recent Federal Cybersecurity Developments: Executive Order, NIST Standards, Information-Sharing, Legislation
2. Privacy and Security Issues in Cloud Computing Contracts
3. International Privacy and Transferring Data Across Borders
4. Mobile Devices and Mobile Apps
5. Workplace and Corporate Governance Developments
6. The FTC’s New Rules Concerning Children’s Privacy
Cashing in on the public cloud with total confidenceCloudMask inc.
Banks have always been targets for attack. The year 2011 appears to have been a critical tipping point for bank related cybercrime. Attacks grew at a rate of nearly 300 to 400% that year, and innovative attacks cost banks and customers a lot of money.
legal issues in cloud computing,cloud computing and law,cyberlaw and cloud computing in india,prashant mali,cloud computing issues,cloud computing security
Organizations looking to benefit from the scalability, agility, and capital cost savings of cloud computing inevitably
encounter the issues of data privacy and security. In the corporate data center, data security and privacy are mostly
about protection from hackers and insiders. In the cloud, however—public, community, hybrid, and sometimes even
private-- they are also affected by where data resides and the impact of local, regional, and national regulations on
the privacy of that data--an issue known as data sovereignty.
Quick Start Guide to IT Security for BusinessesCompTIA
IT security is constantly changing, which means it can be hard for businesses to keep up. This guide from CompTIA educates IT solution providers on the importance of providing clients with up-to-date IT security, identifies the risks of inadequate or poor security, and examines the technology shifts and factors affecting security in in the workplace.
Today’s organizations give predominant importance to increased privacy regulations, stakeholder’s profitability demands and the ever so changing consumer privacy expectations. As a result, the emphasis on personal data is growing and the companies are facing complicated reputational, regulatory and data privacy risk environment. It’s a sad fact that the frequency of critical data breaches are increasing and as a result the management administration and the IT departments focus on safeguarding their data systems more than ever before. Our experienced and expertise data security, privacy and information governance experts in UAE helps you to reduce the risks associated with various privacy compliance frameworks along with recognizing the value of your personal data.
Security & Compliance in the Cloud - Proactively Managing Governance, Risk & ...Chad Lawler
Security & Compliance in the Cloud - Standards, Security & Proactively Managing Governance, Risk & Compliance
Key Note Address by Chad M. Lawler, Ph.D.
Cloud Security Alliance - North Texas Chapter
Friday, June 28, 2013
OASIS response to EU Digital Agenda January 2010-11 cloud computing survey. See: http://cordis.europa.eu/fp7/ict/ssai/events-20100126-cloud-computing_en.html
Legal challenges of cloud based enterprise 20Kasia Szkuta
Presentation given at the "Enterprise 2.0 in Europe" workshop where the results of the interim report of the “Enterprise 2.0 study were presented and discussed with experts
Brussels, 14th of September 2010
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
GDPR (EU 2016/679) and NIS are intended to strengthen data protection for people in the EU, replacing Directive 95/46/EC. Learn how HyTrust can help with compliance.
In the last few years, cloud computing has grown from being a promising business concept to one of the fastest growing segments of the IT industry. Now, recession-hit companies are increasingly realizing that simply by tapping into the cloud they can gain fast access to best-of-breed business applications or drastically boost their infrastructure resources, all at negligible cost. But as more and more information on individuals and companies is placed in the cloud, concerns are beginning to grow about just how safe an environment it is. This paper discusses security issues, requirements and challenges that cloud service providers (CSP) face during cloud engineering. Recommended security standards and management models to address these are suggested for technical and business community.
Cloud Computing a leading and getting widely adopted technology in industry, unveils some unprecedented challenges to security of company’s resources such as capital and knowledge based assets. Hither to no much attention has been paid by the governments and there is neither any universal standard adopted, nor any breakthrough to take up these challenges. Traditional contracts and licensing agreements may not provide adequate legal resources and remedies normally associated with the layers of protection for corporations. Intellectual Property, Foreign Direct Investments (FDI) and corporate governance issues have to be fully explored and practiced in domestic and international markets. So this paper discusses the need of establishment of Law and judicial framework of policies to the services embedding cloud computing technology, besides this it also addresses legal issues and existing policies adopted by different countries.
Securing data in the cloud: A challenge for UK Law FirmsCloudMask inc.
Authorities including the UK Information Commissioner, the Solicitors Regulation Authority
(SRA) and the Council of Bars and Law Societies of Europe (CCBE) are establishing
requirements which are conflicting with the main foundation of cloud computing and in
many cases making it impossible to implement
https://jst.org.in/index.html
Our Journals has a act as vehicles for the dissemination of knowledge, making research findings accessible to a wide audience. This accessibility is vital for the progress of education, as it allows students, educators, and professionals to stay informed about the latest developments in their respective fields.
Data Privacy And Security Issues In Cloud Computing.pdfCiente
In this blog post, we delve into the intricacies of data privacy and security issues in cloud computing, exploring the risks and offering insights on how businesses can navigate this complex terrain.
Security and Privacy Solutions in Cloud Computing at Openstack to Sustain Use...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
In this study, survey questions were sent to different non-profit and government organizations, which
assisted in collecting fundamental information. The data was acquired by conducting surveys in OpenStack
Company to identify the critical vulnerabilities in the cloud computing platform in order to provide the
recommended solutions.
So, analysis will be made on how the cloud’s characteristics such as the nature of the architecture,
attractiveness, as well as, vulnerability are tightly related to privacy and security issues. Privacy and
security are complex issues for which there is no standard and the relationship between them is necessarily
complicated. The study also highlight on the inherent challenge to data privacy because it typically results
in data to be presented in an encryption from the data owner. Thus, the study aimed at obtaining a common
goal to provide a comprehensive review of the existing security and privacy issues in cloud environments,
and identify and describe the most representative of the security and privacy attributes and present a
relationship among them.
Finally, in order to ensure that the standard measure of validity is achieved, validity test was conducted in
order to ensure that the study is free from errors. Various recommendations were provided. The study also
explored various areas that require future directions for each attribute, which comprise of multi-domain
policy integration and a secure service composition to design a comprehensive policy-based management
framework in the cloud environments.
Lastly, the recommendations will provide the potential for security and privacy approaches that can be
implemented to improve the cloud computing environment to ensure that a level of trust is achieved
SECURITY AND PRIVACY SOLUTIONS IN CLOUD COMPUTING AT OPENSTACK TO SUSTAIN USE...Zac Darcy
Cloud computing is an emerging model of service provision that has the advantage of minimizing costs
through sharing and storage of resources combined with a demand provisioning mechanism relying on
pay-per-use business model. Cloud computing features direct impact on information technology (IT)
budgeting but pose detrimental impacts on privacy and security mechanisms especially where sensitive
data is to be held offshore by third parties. Even though cloud computing environment promises new
benefits to organizations, it also presents its fair share of potential risks. It is considered as a double edge
sword considering the privacy and security standpoints. However, despite its potential to offer a low cost
security, customer organizations may increase the risks by storing their sensitive information in the cloud.
Therefore, this study focuses on privacy and security issues that pose a challenge in maintaining a level of
assurance that is sufficient enough to sustain confidence in potential users.
It is shocking to note that about 3.5 billion people saw their
personal data stolen in the top two of the 15 biggest breaches
of this century alone. With the average cost of a data breach
exceeding $8 million, it is no wonder that safeguarding
confidential business and customer information has become
more important than ever. Furthermore, with stricter laws and governance requirements, data security is now everyone’s
responsibility across the entire enterprise.
However, that is easier said than done, and for that reason, an
an increasing number of organizations are relying heavily on data masking to proactively protect their data, avoid the cost of security breaches, and ensure compliance.
Various cloud computing models are used to increase the profit of an organization. Cloud
provides a convenient environment and more advantages to business organizations to run their
business. But, it has some issues related to the privacy of data. User’s data are stored and
maintained out of user’s premises. The failure of data protection causes many issues like data
theft which affects the individual organization. The cloud users may be satisfied, if their data
are protected properly from unauthorized access. This paper presents a survey on different
privacy issues involved in the cloud service. It also provides some suggestions to the cloud users to select their suitable cloud services by knowing their privacy policies.
Cloud Services As An Enabler: The Strategic, Legal & Pragmatic ApproachSLA-Ready Network
Janneke Breeuwsma (Arthur’s Legal) @ SLA-Ready Workshop during Cloud Forward 2016 (19 October 2016, Madrid, Spain).
Be part of our next workshop in Brussels http://bit.ly/2fVcCG7 .
Janneke Breeuwsma (Arthur’s Legal) @ SLA-Ready Workshop in Madrid, Spain (15 November 2016).
Be part of our next workshop in Brussels http://bit.ly/2fVcCG7 .
These are the slides from my annual presentation to the Toronto computer Lawyers’ Group on “The year in review in Computer, Internet and E-Commerce Law”. It covered the period from June 2014 to June 2015. The developments included cases from Canada, the U.S. the U.K. and other Commonwealth countries.
Sookman law socity_12_minute_civil_litigatorbsookman
Last fall, the BC Supreme Court canvassed in great detail whether "web wrap" also known as "browse wrap" agreements are potentially enforceable. I gave a talk at the Law Society of Upper Canada that summarized the conclusions and reasoning of the court in the Century 21 Canada Limited Partnership v. Rogers Communications Inc., 2011 BCSC 1196 case. These are the slides from my talk.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Full-RAG: A modern architecture for hyper-personalizationZilliz
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Sookman law society_6_min_business_law
1. McCarthy Tétrault Advance™
Building Capabilities for Growth
The Six‐Minute Business Lawyer 2013, The Law
Society of Upper Canada, June 6, 2013
Current Issues in Negotiating IT
Contracts – Challenges of Cloud
Computing
Barry B. Sookman
Direct Line: (416) 601-7949
E-Mail: bsookman@mccarthy.ca June 6, 2012
McCarthy Tétrault LLP / mccarthy.ca / 12519801
2. What is cloud computing?
The US National Institute of Standards and Technology (NIST) Definition
of Cloud Computing, http://ow.ly/aRX1M/
“Cloud computing is a model for
enabling ubiquitous, convenient,
on-demand network access to a
shared pool of configurable computing
resources (e.g., networks, servers,
storage, applications, and services)
that can be rapidly provisioned
and released with minimal
management effort or service
provider interaction.”
McCarthy Tétrault LLP / mccarthy.ca / 12519801
2
3. Service Models
NIST Cloud Computing Reference Architecture http://ow.ly/aRYoy
¬ SaaS: The capability provided to the consumer is to use the provider‟s applications
running on a cloud infrastructure.
¬ PaaS: The capability provided to the consumer is to deploy onto the cloud infrastructure
consumer-created or acquired applications created using programming languages,
libraries, services, and tools supported by the provider. The consumer does not manage
or control the underlying cloud infrastructure including network, servers, operating
systems, or storage, but has control over the deployed applications and possibly
configuration settings for the
application-hosting environment.
¬ IaaS: The capability provided to the consumer is
to provision processing, storage, networks,
and other fundamental computing resources
where the consumer is able to deploy and run
arbitrary software, which can include operating
systems and applications. The consumer does
not manage or control the underlying cloud
infrastructure but has control over operating
systems, storage, and deployed applications; and
possibly limited control of select networking components (e.g., host firewalls).
ICS Solutions Azure Advantage http://ow.ly/aRVSB
McCarthy Tétrault LLP / mccarthy.ca / 12519801
3
4. Deployment Models
Sam Johnston, http://ow.ly/aRWs2
Private: cloud infrastructure operated solely for an organization.
Community: cloud infrastructure shared by several organizations and
supports specific community with shared concerns.
Public: cloud infrastructure made
available to general public or large
industry group.
Hybrid: cloud infrastructure comprised
of two or more clouds that remain
unique entities but have data or
application portability.
Note: Public clouds are more
problematic from compliance
perspectives.
McCarthy Tétrault LLP / mccarthy.ca / 12519801
4
6. SaaS Ecosystem is Expanding
Top PaaS, SaaS and IaaS Cloud Companies by CloudTimes, Cloud Times, 2011,
http://cloudtimes.org/2011/11/30/top-paas-saas-and-iaas-cloud-companies-by-cloudtimes/
McCarthy Tétrault LLP / mccarthy.ca / 12519801
6
7. SaaS Deployment is Mainstream
The Growing Importance of SaaS as an Application Deployment Model, Aberdeen Group, 2013,
http://blogs.aberdeen.com/it-infrastructure/the-growing-importance-of-saas-as-an-application-
deployment-model/
McCarthy Tétrault LLP / mccarthy.ca / 12519801
7
8. OSFI Feb 29, 2012: New technology-
based outsourcing arrangements
¬ “Information technology plays a very important role in the financial services
business and OSFI recognizes the opportunities and benefits that new
technology-based services such as Cloud Computing can bring; however, FRFIs
should also recognize the unique features of such services and duly consider the
associated risks.
¬ As such, and in light of the proliferation of new technology-based outsourcing
services, OSFI is reminding all FRFIs that the expectations contained in Guideline
B-10 remain current and continue to apply in respect of such services. In
particular, FRFIs should consider their ability to meet the expectations contained
in Guideline B-10 in respect of a material arrangement, with an emphasis on i)
confidentiality, security and separation of property, ii) contingency planning, iii)
location of records, iv) access and audit rights, v) subcontracting, and vi)
monitoring the material outsourcing arrangements.
¬ OSFI considers the management of outsourcing risks important to ensuring that
FRFIs continue to be managed prudently and OSFI will be monitoring this issue
as part of its ongoing supervisory work.” (emphasis added)
McCarthy Tétrault LLP / mccarthy.ca / 12519801
8
9. PIPEDA
¬ Organizations are accountable for personal information under their
control.
¬ PIPEDA Sch., Principle 4.1.3 requires organizations to use contractual
or other means to provide a “comparable level of protection” while the
information is being processed.
¬ OPC Guidelines “Comparable level of protection‟ means that the third
party processor must provide protection that can be compared to the
level of protection the personal information would receive if it had not
been transferred. It does not mean that the protection must be the
same across the board but it does mean that they should be generally
equivalent, p.4.
McCarthy Tétrault LLP / mccarthy.ca / 12519801
9
10. Can Data be Transferred Outside of
Canada for Cloud Computing
OPC, Report on the 2010 OPC’s Consultations on Online Tracking, Profiling and
Targeting, and Cloud Computing
¬ PIPEDA is largely modeled on the principles outlined in the OECD Guidelines,
and is intended to balance an individual's right to privacy with the need of an
organization to collect, use or disclose that information for an appropriate
purpose. We have long stated that we believe that privacy does not hinder
innovation and economic progress. The organization-to-organization approach
that underscores PIPEDA supports transborder flows and data protection by
holding organizations to account for their personal information protection
practices. Information is accessible to authorities regardless of where it resides.
As noted in our Guidelines, we do, however, maintain our view that a
careful risk assessment needs to be undertaken prior to any arrangement
that involves the outsourcing of personal data to other organizations that
operate globally, and that this assessment should consider the legal
requirements of the jurisdiction in which the third-party processor operates, as
well as some of the political, economic and social conditions, and any additional
risk factors, in that jurisdiction.
McCarthy Tétrault LLP / mccarthy.ca / 12519801
10
11. Potential Problems
Major areas of focus:
¬ Privacy and data protection/location of data/cross border issues
¬ Information security/data integrity issues
¬ Compliance e.g. OSFI B-10, audit
¬ Dependence on service provider in increasingly complex
environments, e.g., service
interruptions, SLA/availability, controls, change management
¬ Access to data/lock-in
¬ One sided provider friendly T&Cs including limits of liability
¬ Ownership and protection of IP and trade secrets
¬ Electronic discovery obligations
McCarthy Tétrault LLP / mccarthy.ca / 12519801
11
12. Contract for services
¬ W Kwon Hon et al Negotiating Cloud Contracts – Looking at Clouds from Both Sides Now, Queen
Mary School of Law, http://ow.ly/aSGS0
¬ “Despite any perception that providers' standard terms are non-negotiable, cloud contracts can be,
and have been, negotiated by customers such as financial institutions… This paper concludes that
there are indeed signs of change.
¬ Based on our research, users consider that providers‟ standard contract terms or offerings do not
sufficiently accommodate customer needs in various respects. The top six types of terms most
negotiated, according to our sources, were as follows, with the third and fourth issues ranking
roughly equally in importance (depending on type of user/service):
¬ 1. exclusion or limitation of liability and remedies, particularly regarding data integrity and
disaster recovery;
¬ 2. service levels, including availability;
¬ 3. security and privacy, particularly regulatory issues under the EU Data Protection Directive
(„DPD‟);
¬ 4. lock-in and exit, including term, termination rights and return of data on exit;
¬ 5. providers' ability to change service features unilaterally and
¬ 6. intellectual property rights ('IPRs').”
¬ Contracts frequently permit service providers to unilaterally amend terms.
McCarthy Tétrault LLP / mccarthy.ca / 12519801
12
14. VANCOUVER
Suite 1300, 777 Dunsmuir Street
P.O. Box 10424, Pacific Centre
Vancouver BC V7Y 1K2
Tel: 604-643-7100
Fax: 604-643-7900
Toll-Free: 1-877-244-7711
CALGARY
Suite 3300, 421 7th Avenue SW
Calgary AB T2P 4K9
Tel: 403-260-3500
Fax: 403-260-3501
Toll-Free: 1-877-244-7711
TORONTO
Box 48, Suite 5300
Toronto Dominion Bank Tower
Toronto ON M5K 1E6
Tel: 416-362-1812
Fax: 416-868-0673
Toll-Free: 1-877-244-7711
MONTRÉAL
Suite 2500
1000 De La Gauchetière Street West
Montréal QC H3B 0A2
Tel: 514-397-4100
Fax: 514-875-6246
Toll-Free: 1-877-244-7711
QUÉBEC
Le Complexe St-Amable
1150, rue de Claire-Fontaine, 7e étage
Québec QC G1R 5G4
Tel: 418-521-3000
Fax: 418-521-3099
Toll-Free: 1-877-244-7711
UNITED KINGDOM & EUROPE
125 Old Broad Street, 26th Floor
London EC2N 1AR
UNITED KINGDOM
Tel: +44 (0)20 7489 5700
Fax: +44 (0)20 7489 5777
McCarthy Tétrault LLP / mccarthy.ca / 12519801
14