Slides for talk by Prof Christopher Millard on "Cloud Computing: Opportunities and Risks" at the International Bar Association Annual Meeting 2010, Vancouver, Canada, October 2010
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
The document provides an executive briefing on strategic issues surrounding cloud services. It defines different types of cloud services and models. It also discusses the business drivers for cloud computing including cost optimization, risk optimization, and strategic agility. Additionally, it outlines some of the legal and security risks organizations should consider when using cloud services, such as data privacy and protection, contracting risks, and security vulnerabilities. It emphasizes the importance of having appropriate security policies, service level agreements, and terms in cloud contracts.
Slides for talk by Prof Christopher Millard on "Cloud computing: identifying and managing legal risks" at Google's Oxford Internet Institute Learned Lunches, Brussel, February 2011
This document discusses different types of cloud computing (private, public, hybrid), cloud service models (SaaS, PaaS, IaaS), and cloud network access choices. It aims to build understanding of the cloud market and impact of network access choices. Private cloud is located within a company's internal network, public cloud is accessed via the internet, and hybrid cloud combines private and public cloud options. Different cloud types and services are suited for different business needs. Network access is an important but often overlooked aspect of cloud strategy.
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
The document discusses cloud security and risks. It summarizes a presentation on this topic from Accenture and Ariba. The presentation addresses common concerns about cloud security from the perspective of CIOs and CSOs. It discusses different cloud models and the similarities and differences between cloud and conventional security approaches. It provides recommendations for how organizations can evaluate cloud providers and implement cloud services securely.
This document summarizes 10 key security concerns for cloud computing: 1) data location; 2) access controls; 3) regulatory requirements; 4) audit rights; 5) employee training; 6) data classification; 7) service level agreements; 8) long-term viability; 9) security breach response; and 10) disaster recovery plans. It also briefly outlines cloud computing models and benefits, as well as potential security attacks against cloud systems like denial of service attacks and authentication attacks.
Slides for talk by Prof Christopher Millard on "Cloud Computing: Opportunities and Risks" at the International Bar Association Annual Meeting 2010, Vancouver, Canada, October 2010
Slides for talk by Prof Chris Reed, Cloud Legal Project http://cloudlegalproject.org on who owns information in the cloud, at Cloud Computing: Legal, Organisational and Technological Issues conference, University of the West of England, on 23 February 2011, Bristol, UK.
The document provides an executive briefing on strategic issues surrounding cloud services. It defines different types of cloud services and models. It also discusses the business drivers for cloud computing including cost optimization, risk optimization, and strategic agility. Additionally, it outlines some of the legal and security risks organizations should consider when using cloud services, such as data privacy and protection, contracting risks, and security vulnerabilities. It emphasizes the importance of having appropriate security policies, service level agreements, and terms in cloud contracts.
Slides for talk by Prof Christopher Millard on "Cloud computing: identifying and managing legal risks" at Google's Oxford Internet Institute Learned Lunches, Brussel, February 2011
This document discusses different types of cloud computing (private, public, hybrid), cloud service models (SaaS, PaaS, IaaS), and cloud network access choices. It aims to build understanding of the cloud market and impact of network access choices. Private cloud is located within a company's internal network, public cloud is accessed via the internet, and hybrid cloud combines private and public cloud options. Different cloud types and services are suited for different business needs. Network access is an important but often overlooked aspect of cloud strategy.
Lions and Tigers and Cloud, Oh My! The Truth Behind Cloud Security and RisksSAP Ariba
The document discusses cloud security and risks. It summarizes a presentation on this topic from Accenture and Ariba. The presentation addresses common concerns about cloud security from the perspective of CIOs and CSOs. It discusses different cloud models and the similarities and differences between cloud and conventional security approaches. It provides recommendations for how organizations can evaluate cloud providers and implement cloud services securely.
This document summarizes 10 key security concerns for cloud computing: 1) data location; 2) access controls; 3) regulatory requirements; 4) audit rights; 5) employee training; 6) data classification; 7) service level agreements; 8) long-term viability; 9) security breach response; and 10) disaster recovery plans. It also briefly outlines cloud computing models and benefits, as well as potential security attacks against cloud systems like denial of service attacks and authentication attacks.
Windows Azure platform AppFabric provides a Service Bus and Access Control to enable connectivity and security in cloud applications. The Service Bus allows secure and interoperable communication across networks and firewalls. Access Control simplifies authorization management across organizations and identity providers. These services solve challenges of connecting cloud, mobile, and on-premises applications at scale through standards-based technologies.
The Nist definition of cloud computing cloud computing Research PaperFaimin Khan
This document discusses cloud computing and Google App Engine. It provides an overview of cloud computing concepts like service models, deployment models, and advantages/disadvantages. It then describes Google App Engine, including why Google built it, example apps, the application environment, and architecture. The architecture uses horizontal scaling across Google data centers to isolate and share resources for multiple applications. Quotas define fixed free limits and increased billable limits for resources like storage and bandwidth.
Cloud computing offers organizations scalability, flexibility, and speed while reducing costs. However, issues around security, data privacy, and regulatory compliance need to be addressed. While some organizations are piloting cloud computing services, widespread adoption is still 1-2 years away as only 10-30% of IT budgets are expected to be used for cloud services in the near future. Overall cloud computing has the potential to significantly change how IT services are delivered and used by businesses.
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
Slides for talk by Prof Christopher Millard on "Cloud Computing Contracts and Services: What’s Really Happening Out There?" at The University of Sheffield: School of Law, November 2010
This document discusses secure and practical outsourcing of linear programming in cloud computing. It introduces cloud computing and explains why security is important in the cloud. Linear programming is described as a technique for optimizing allocation of resources that is well-suited for the cloud. The document outlines deployment models, service models, and reasons why cloud computing benefits small businesses, including economies of scale, functionality, and security. Risks to cloud security from data breaches, hijacking, and malicious insiders are also summarized.
Tony Godfrey presented on cloud computing. He defined cloud computing as networked hardware, software, and infrastructure services provided over the internet. Cloud computing provides on-demand services that are always available from anywhere using a utility-based pay-for-use model. Challenges of cloud computing include security, loss of control over data, and lack of standardization. Forensics in the cloud is complicated by issues around jurisdiction, data access, and coordination between cloud service providers and customers. ownCloud was demonstrated as an example of setting up a private cloud storage system. TestDisk software can potentially help recover deleted files from the ownCloud data directory.
The document discusses opportunities for cloud computing in enterprises. It defines cloud computing and describes different types of clouds like internal, external, and hybrid clouds. It discusses concerns around cloud adoption like security, performance, loss of control, and transitioning production systems to the cloud. It also describes how enterprises can reduce IT bottlenecks by adopting internal clouds and using cloud bursting to leverage external cloud services during high demand periods. Adopting the cloud computing model can help enterprises improve IT efficiency and agility.
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
This document summarizes a presentation on data protection jurisdiction and international data transfers in cloud computing. It discusses how EU data protection laws apply based on the location of processing or establishment. It also examines how personal data can be legally transferred outside the EEA, such as through whitelisted countries, Safe Harbor, binding corporate rules, or model contract clauses. The challenges of ensuring adequate protection when data is stored in multiple locations or jurisdictions are also addressed.
1. The document discusses risks associated with cloud computing, including potential security breaches that could compromise sensitive customer data and lead to costly litigation and reputational damage.
2. It provides examples of large-scale breaches involving cloud services firms, where hackers accessed millions of customer account files and email addresses.
3. Businesses considering cloud computing need to carefully evaluate what types of sensitive data they will entrust to the cloud, and conduct thorough due diligence on cloud providers' security practices and controls. Developing a clear data-security strategy is important for protecting information.
The document defines cloud computing as using remote servers and the internet to maintain data and applications. It then discusses the history and concept of cloud computing dating back to the 1960s. Some key benefits mentioned are reduced costs, increased efficiency, and access from any device. The document also covers deployment models, applications, platforms, infrastructure, layers, uses, surveys of adoption rates, and criticisms around privacy, security, and legal issues. It concludes that cloud computing can have a big impact on businesses by freeing up resources to focus on innovation.
The document discusses a study that aimed to evaluate the transparency of cloud providers' security, privacy, auditability, and service level agreements. It developed a Cloud Provider Transparency Scorecard to assess information from cloud providers' websites. It conducted a preassessment of six cloud providers to evaluate available information and then performed a detailed assessment using the scorecard. The assessment focused on policies, procedures, certifications, audits and service level agreements published on providers' websites.
Brent Stineman is a national cloud solution specialist with nearly 20 years of IT experience. He gave a presentation on cloud computing that discussed what the cloud is, the different types and delivery models of cloud computing, the benefits of using the cloud for organizations and customers, factors to consider in determining when an organization is ready to use the cloud, how to identify cloud opportunities within an organization, and took questions at the end.
Getting an open systems cloud strategy right the first time linthicmDavid Linthicum
This presentation will take the mystery out of both cloud computing, and the proper fit and function of open systems technology when building a cloud computing strategy. Instead of mere theory, this session will guide you through a step-by-step process for understanding your own requirements, creating the business cases, and selecting the right technology that will lead your enterprise to success in the cloud.
This document is a seminar report on cloud computing submitted by Vishnuvarunan.T. It provides an introduction to cloud computing, discussing its key characteristics including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. It also covers cloud service models such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The document discusses cloud deployment models including private cloud, community cloud, public cloud, and hybrid cloud. It notes some benefits of cloud computing like cost savings and scalability, as well as challenges around security, privacy, lack of standards, and compliance concerns.
This document discusses cloud computing and its benefits. Brent Stineman, a National Cloud Solution Specialist with nearly 20 years of IT experience, will be presenting on the topics of what cloud computing is, the different types and delivery models of cloud, and why organizations should consider cloud. The cloud allows organizations to access computing resources on-demand in a pay-as-you-go manner and gain benefits such as flexibility, scalability, and reducing the need for large up-front capital expenditures on infrastructure.
This document discusses how IT is transforming through trends like cloud computing and big data. It summarizes that EMC can help customers navigate these changes by providing solutions like hybrid cloud infrastructure and big data analytics to help businesses transform their applications and IT infrastructure. The document also emphasizes that EMC is committed to innovation through R&D investment and acquisitions to ensure it continues to lead customers on their journey to the cloud and with big data.
Cloud computing is a model that enables convenient access to a shared pool of configurable computing resources like networks, servers, storage, applications and services. Resources can be rapidly provisioned with minimal management effort. Cloud providers deliver applications via the internet which are accessed from a web browser, while software and data are stored on remote servers. Common cloud services include SaaS, PaaS, and IaaS. Clouds can be private, public, community or hybrid. Major advantages include flexibility, disaster recovery, automatic updates and cost savings. Top providers include Amazon, Microsoft, IBM and Salesforce. Government agencies and businesses are increasingly adopting cloud computing.
It has always been a challenge to explain and convince top management including the Chief Financial Officers to embark into Cloud Computing. Predominantly because many still unclear or not so very sure what is cloud computing. Is it managed hosting, co-location or managed services? While technology providers and vendors continue to confuse management technology jargon, the need to embark into cloud computing seems inevitable...just like any others before such as the need to have emails, websites, online transactions, web based applications etc.
This presentation provides layman's, easy to understand meaning of cloud computing, why is it important for management,especially the CFO to seriously consider embarking into and some statistics and trend of how the world will move toward cloud.
Windows Azure platform AppFabric provides a Service Bus and Access Control to enable connectivity and security in cloud applications. The Service Bus allows secure and interoperable communication across networks and firewalls. Access Control simplifies authorization management across organizations and identity providers. These services solve challenges of connecting cloud, mobile, and on-premises applications at scale through standards-based technologies.
The Nist definition of cloud computing cloud computing Research PaperFaimin Khan
This document discusses cloud computing and Google App Engine. It provides an overview of cloud computing concepts like service models, deployment models, and advantages/disadvantages. It then describes Google App Engine, including why Google built it, example apps, the application environment, and architecture. The architecture uses horizontal scaling across Google data centers to isolate and share resources for multiple applications. Quotas define fixed free limits and increased billable limits for resources like storage and bandwidth.
Cloud computing offers organizations scalability, flexibility, and speed while reducing costs. However, issues around security, data privacy, and regulatory compliance need to be addressed. While some organizations are piloting cloud computing services, widespread adoption is still 1-2 years away as only 10-30% of IT budgets are expected to be used for cloud services in the near future. Overall cloud computing has the potential to significantly change how IT services are delivered and used by businesses.
Cloud Computing Contracts and Services: What’s Really Happening Out There?Cloud Legal Project
Slides for talk by Prof Christopher Millard on "Cloud Computing Contracts and Services: What’s Really Happening Out There?" at The University of Sheffield: School of Law, November 2010
This document discusses secure and practical outsourcing of linear programming in cloud computing. It introduces cloud computing and explains why security is important in the cloud. Linear programming is described as a technique for optimizing allocation of resources that is well-suited for the cloud. The document outlines deployment models, service models, and reasons why cloud computing benefits small businesses, including economies of scale, functionality, and security. Risks to cloud security from data breaches, hijacking, and malicious insiders are also summarized.
Tony Godfrey presented on cloud computing. He defined cloud computing as networked hardware, software, and infrastructure services provided over the internet. Cloud computing provides on-demand services that are always available from anywhere using a utility-based pay-for-use model. Challenges of cloud computing include security, loss of control over data, and lack of standardization. Forensics in the cloud is complicated by issues around jurisdiction, data access, and coordination between cloud service providers and customers. ownCloud was demonstrated as an example of setting up a private cloud storage system. TestDisk software can potentially help recover deleted files from the ownCloud data directory.
The document discusses opportunities for cloud computing in enterprises. It defines cloud computing and describes different types of clouds like internal, external, and hybrid clouds. It discusses concerns around cloud adoption like security, performance, loss of control, and transitioning production systems to the cloud. It also describes how enterprises can reduce IT bottlenecks by adopting internal clouds and using cloud bursting to leverage external cloud services during high demand periods. Adopting the cloud computing model can help enterprises improve IT efficiency and agility.
Data Protection Jurisdiction and International Transfers in Cloud ComputingCloud Legal Project
This document summarizes a presentation on data protection jurisdiction and international data transfers in cloud computing. It discusses how EU data protection laws apply based on the location of processing or establishment. It also examines how personal data can be legally transferred outside the EEA, such as through whitelisted countries, Safe Harbor, binding corporate rules, or model contract clauses. The challenges of ensuring adequate protection when data is stored in multiple locations or jurisdictions are also addressed.
1. The document discusses risks associated with cloud computing, including potential security breaches that could compromise sensitive customer data and lead to costly litigation and reputational damage.
2. It provides examples of large-scale breaches involving cloud services firms, where hackers accessed millions of customer account files and email addresses.
3. Businesses considering cloud computing need to carefully evaluate what types of sensitive data they will entrust to the cloud, and conduct thorough due diligence on cloud providers' security practices and controls. Developing a clear data-security strategy is important for protecting information.
The document defines cloud computing as using remote servers and the internet to maintain data and applications. It then discusses the history and concept of cloud computing dating back to the 1960s. Some key benefits mentioned are reduced costs, increased efficiency, and access from any device. The document also covers deployment models, applications, platforms, infrastructure, layers, uses, surveys of adoption rates, and criticisms around privacy, security, and legal issues. It concludes that cloud computing can have a big impact on businesses by freeing up resources to focus on innovation.
The document discusses a study that aimed to evaluate the transparency of cloud providers' security, privacy, auditability, and service level agreements. It developed a Cloud Provider Transparency Scorecard to assess information from cloud providers' websites. It conducted a preassessment of six cloud providers to evaluate available information and then performed a detailed assessment using the scorecard. The assessment focused on policies, procedures, certifications, audits and service level agreements published on providers' websites.
Brent Stineman is a national cloud solution specialist with nearly 20 years of IT experience. He gave a presentation on cloud computing that discussed what the cloud is, the different types and delivery models of cloud computing, the benefits of using the cloud for organizations and customers, factors to consider in determining when an organization is ready to use the cloud, how to identify cloud opportunities within an organization, and took questions at the end.
Getting an open systems cloud strategy right the first time linthicmDavid Linthicum
This presentation will take the mystery out of both cloud computing, and the proper fit and function of open systems technology when building a cloud computing strategy. Instead of mere theory, this session will guide you through a step-by-step process for understanding your own requirements, creating the business cases, and selecting the right technology that will lead your enterprise to success in the cloud.
This document is a seminar report on cloud computing submitted by Vishnuvarunan.T. It provides an introduction to cloud computing, discussing its key characteristics including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. It also covers cloud service models such as Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The document discusses cloud deployment models including private cloud, community cloud, public cloud, and hybrid cloud. It notes some benefits of cloud computing like cost savings and scalability, as well as challenges around security, privacy, lack of standards, and compliance concerns.
This document discusses cloud computing and its benefits. Brent Stineman, a National Cloud Solution Specialist with nearly 20 years of IT experience, will be presenting on the topics of what cloud computing is, the different types and delivery models of cloud, and why organizations should consider cloud. The cloud allows organizations to access computing resources on-demand in a pay-as-you-go manner and gain benefits such as flexibility, scalability, and reducing the need for large up-front capital expenditures on infrastructure.
This document discusses how IT is transforming through trends like cloud computing and big data. It summarizes that EMC can help customers navigate these changes by providing solutions like hybrid cloud infrastructure and big data analytics to help businesses transform their applications and IT infrastructure. The document also emphasizes that EMC is committed to innovation through R&D investment and acquisitions to ensure it continues to lead customers on their journey to the cloud and with big data.
Cloud computing is a model that enables convenient access to a shared pool of configurable computing resources like networks, servers, storage, applications and services. Resources can be rapidly provisioned with minimal management effort. Cloud providers deliver applications via the internet which are accessed from a web browser, while software and data are stored on remote servers. Common cloud services include SaaS, PaaS, and IaaS. Clouds can be private, public, community or hybrid. Major advantages include flexibility, disaster recovery, automatic updates and cost savings. Top providers include Amazon, Microsoft, IBM and Salesforce. Government agencies and businesses are increasingly adopting cloud computing.
It has always been a challenge to explain and convince top management including the Chief Financial Officers to embark into Cloud Computing. Predominantly because many still unclear or not so very sure what is cloud computing. Is it managed hosting, co-location or managed services? While technology providers and vendors continue to confuse management technology jargon, the need to embark into cloud computing seems inevitable...just like any others before such as the need to have emails, websites, online transactions, web based applications etc.
This presentation provides layman's, easy to understand meaning of cloud computing, why is it important for management,especially the CFO to seriously consider embarking into and some statistics and trend of how the world will move toward cloud.
The document provides an overview of cloud computing. It defines cloud computing as enabling on-demand access to configurable computing resources over the internet. There are five essential cloud characteristics: on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. There are three cloud service models: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). There are also four deployment models: private cloud, community cloud, public cloud, and hybrid cloud. The document discusses advantages and challenges of cloud computing as well as trends in data centers and cloud adoption.
The document summarizes key points from a presentation on cloud computing security best practices. It discusses auditing practices from several organizations, including ENISA, CSA, and Microsoft. ENISA recommendations include personnel security practices, supply chain assurance, operational security controls like change management and logging, and software integrity protections. The presentation provides an overview of cloud computing concepts and case studies on government and commercial cloud users.
This document summarizes a presentation on whether social housing is ready for cloud computing. The presentation examined the business drivers for cloud computing, discussed defining cloud computing and different cloud models. It also covered mitigating the risks of cloud computing, the top 10 questions to ask a cloud provider, and Viridian Housing Association's experience migrating their systems and infrastructure to the cloud with Exponential-e. The migration has provided Viridian with an enterprise-class IT environment, the ability to scale resources, and true 24/7 support at a total cost of ownership that is equal to their prior on-premise model after 3 years and cheaper beyond.
Cloud computing is a new technology that some people do not fully understand. Oracle CEO Larry Ellison has expressed confusion about cloud computing and what it would really change for companies. The document discusses an upcoming international conference on cloud computing that will bring together experts, providers, and users of cloud services.
This is a lightning presentation given by Nhan Nguyen to our team for the purpose of knowledge sharing in support of our efforts to create a culture of learning.
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Key characteristics of cloud computing include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Cloud computing provides opportunities for lower costs, improved performance and reliability, universal access, and collaboration. However, it also poses disadvantages such as reliance on a constant internet connection and potential security and performance issues.
This document provides an overview of cloud computing, including its evolution, definitions, characteristics, service models, deployment models, benefits, challenges, and case studies. It discusses the key technologies that enable cloud computing such as virtualization, web services, and software as a service. Several real-world examples of organizations using cloud computing are presented, including Google, Amazon, Facebook, IBM, Microsoft, Salesforce.com, and government agencies. The document also examines the economics of cloud computing and traditional data centers.
This document discusses different types of cloud computing (private, public, hybrid), cloud service models (SaaS, PaaS, IaaS), and cloud network access choices. It aims to build understanding of the cloud market and impact of network access choices. Private cloud is located within a company's internal network, public cloud is accessed via the internet, and hybrid cloud combines private and public cloud. Different cloud types and services are suited to different business needs. Network access is an important but often overlooked aspect of cloud computing.
The document provides an overview of cloud computing, including definitions of cloud, cloud characteristics, common cloud features, deployment models, service models, and examples of major cloud vendors like Amazon Web Services. It discusses how cloud computing provides on-demand access to shared computing resources over the internet and the business benefits of reduced costs and increased flexibility. However, some concerns include data security, latency issues for real-time applications, and lack of control over proprietary systems.
Iirdem a novel approach for enhancing security in multi cloud environmentIaetsd Iaetsd
This document discusses security issues in multi-cloud environments and proposes a novel approach called UEG-16 (User-End Generated 16 character key code) to enhance security. The approach aims to provide clients anonymity about passwords to cloud hosts by having clients generate their own 16 character security codes instead of using passwords handled by third parties. This reduces the role of third parties and increases security. The document then provides background on cloud computing and discusses some common security issues like shared access between tenants, virtualization exploits, authentication and access control challenges, availability risks if redundancy is not under a client's control, and unclear data ownership policies in cloud contracts.
Cloud computing for small law firms: background information, what is "Cloud", the benefits of Cloud computing and the risks of Cloud computing. Also includes 14 Best Practices to help small law firms find, vet, choose and implement Cloud solutions for their firm.
Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions.
Through our partnerships with leading cloud providers, we are able to offer hybrid, private and public cloud solutions. At Epoch Universal, we supply cloud the way you want it with deep control, extreme performance, and broad customization capabilities. When you join the Epoch Universal fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions.
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Key characteristics of cloud computing include on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Cloud computing provides opportunities for lower costs, improved performance and reliability, universal access, and collaboration. However, it also poses disadvantages such as reliance on a constant internet connection, potential security issues, and lack of local control.
Cloud computing is a model for enabling network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort. It has characteristics of on-demand self-service, broad network access, resource pooling, rapid elasticity, and measurable service. Common cloud service models are SaaS, PaaS, and IaaS, while deployment models include private, public, community, and hybrid clouds. Emerging technologies associated with cloud computing include big data, DevOps, and hybrid cloud solutions.
Cloud lockin and interoperability v2 indic threads cloud computing conferen...IndicThreads
This document discusses cloud lock-in and interoperability. It begins with recapping cloud computing concepts like deployment models and service models. It then defines cloud lock-in and discusses how portability and interoperability can help address lock-in concerns. Emerging standards from groups like DMTF, SNIA, and CSA that aim to improve interoperability are presented. Best practices for vendors and customers to reduce lock-in are outlined. While lock-in exists now due to proprietary systems, the future of interoperability is promising. Standards and informed customer decisions can help minimize negative impacts of lock-in.
Similar to The Complexities of Cloud Computing - The Rules are New, But is the Game (20)
The document provides an overview of cloud computing, defining it as data processing, storage, application development, and software hosting over the internet instead of on a personal computer. It discusses the essential characteristics of cloud computing including on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. The document also outlines the different cloud models including SaaS, PaaS, and IaaS and the deployment models of private, public, hybrid, and community clouds.
The document discusses the business case for cloud computing and provides critical legal, business, and diligence considerations. It outlines benefits like cost avoidance, improved agility, and focusing on core business functions. Evaluation considerations include functionality, security, disaster recovery, and contractual requirements. Privacy and regulatory compliance are also important factors to examine for a cloud migration.
1) Social media use by employees can pose risks to employers such as damage to reputation, disclosure of confidential information, and legal liability. 2) A survey found that some employers have terminated employees for social media policy violations such as using email or social networks inappropriately. 3) Employers should establish clear social media policies to educate employees on appropriate use and potential consequences of misuse. The policies should cover expectations for use on company time and personal time as well as examples of proper and improper online behavior.
The document summarizes a presentation on cloud computing from the customer's perspective. It defines cloud computing, distinguishes it from outsourcing and ASP models, and outlines various cloud contracting models including terms of use, privacy policies, and standard contracts. It also discusses key considerations for customers such as data privacy and security, commercial viability of cloud providers, and strategies for negotiating cloud contracts.
This document provides an overview of cloud computing presented by Janine Anthony Bowen. It begins with definitions of cloud computing and discusses essential characteristics, service models, and deployment models. It then covers various legal issues related to cloud computing like data privacy and security, jurisdiction, and commercial/business considerations. Finally, it discusses special topics such as the government's role in cloud adoption and industry standards. The presentation aims to provide a high-level understanding of cloud computing and important legal issues to consider for those evaluating cloud services.
1) Janine Bowen is an attorney who focuses on technology transactions including issues around cloud computing risks.
2) There are various cloud contracting models such as license agreements, services agreements, and click-wrap agreements that determine risk allocation. Privacy policies and terms of use specify privacy protections and service terms.
3) To minimize risks, consider data integrity, service level agreements, disaster recovery, and the viability of the cloud provider through bankruptcy, mergers and acquisitions, or escrow agreements. Industry standards also impact risk.
The document summarizes a presentation on maximizing cloud computing opportunities in the public sector. It discusses definitions of cloud computing, federal government initiatives supporting cloud adoption like Apps.gov, considerations around data privacy and security, and opportunities for organizations to get involved in government cloud projects. The presenter emphasizes that cloud computing offers significant opportunities for IT cost savings and service delivery but challenges around user confidence in data protection must be addressed.
The Complexities of Cloud Computing - The Rules are New, But is the Game
1. The Complexities of Cloud
Computing: The Rules are
New, But is the Game?
Janine Anthony Bowen, Esq., CIPP/US
jbowen@jack-law.com
(678) 823-6611
June 8, 2012
2. Seems like the inevitable…
Source: http://geekandpoke.typepad.com;
The Lighter Side of the Cloud by CloudTweaks –
David Fletcher. Used under Creative Commons
License
2
4. The Hype Then…
• “As enterprises seek to consume their IT services in the most cost-
effective way, interest is growing in drawing a broad range of services
(for example, computational power, storage and business
applications) from the "cloud," rather than from on-premises
equipment. The levels of hype around cloud computing in the IT
industry are deafening, with every vendor expounding its cloud
strategy and variations, such as private cloud computing and hybrid
approaches, compounding the hype.”
• Gartner Press Release, Gartner’s 2009 Hype Cycle Special Report Evaluates Maturity of
1,650 Technologies, August 11, 2009 http://www.gartner.com/it/page.jsp?id=1124212
4
5. And Now…
• According to Forbes…
“Interest in Cloud Computing Has Peaked”
• But Never Fear…its here to stay (for now anyway)
http://www.forbes.com/sites/reuvencohen/2012/05/24/interest-in-cloud-computing-has-peaked/
5
7. Cloud Computing
Plain English Definition
• From the User’s Perspective
– Data processing and storage, application development, and
software hosting over the Internet instead of on a personal
computer or over a business’ network
– Available on an ‘on demand’ basis
– Location of information stored ‘in the Cloud’ is potentially unknown
at any given point in time
– Relatively inexpensive
7
8. National Institute of
Standards & Technology’s Definition
• Cloud computing is a model for enabling ubiquitous, convenient, on-
demand network access to a shared pool of configurable computing
resources (e.g., networks, servers, storage, applications, and services)
that can be rapidly provisioned and released with minimal
management effort or service provider interaction. This cloud model
promotes availability and is composed of five essential characteristics,
three service models, and four deployment models.
• http://csrc.nist.gov/publications/nistpubs/800-145/SP800-145.pdf
8
10. Three Service Models
SaaS (Software as a Service)
The consumer uses the
provider’s applications running
on a cloud infrastructure. (e.g.
Google Apps)
PaaS (Platform as a Service)
The consumer has control over
the deployed applications and
possibly application hosting
environment configurations.
(e.g. Force.com)
IaaS (Infrastructure as a Service)
The consumer is able to deploy
and run arbitrary software. (e.g.
Amazon EC3)
10
13. Multi-Tenant
ABC Company
User
ABC Company XYZ Company
Purchasing Purchasing XYZ Company
Application Application User
Acme Atlas
Acme Company
Company Company User
Inventory Inventory
Application Application Internet
Connection Top-Notch
Top-Notch Small Biz Company User
Company Company
Logistics Payroll
Application Application Small Biz
Company User
Hypervisor
Atlas Company
Operating System User
Virtual Server with Tenants
Multiple Tenants
13
15. How’s cloud computing different?
• Geography – Data in the cloud can be anywhere; multiple copies can be in
multiple locations
• In current state of play cloud providers assume as little liability as possible
– bulk of contract risk resides with the user
• Difficult for a user to know where liability rests, even if it were properly
assigned (e.g. Global Payments data breach earlier this year)
• The nature of the potential legal issue depends on where a user plugs into
the cloud (issues with SaaS may be different than with IaaS)
• Virtually complete loss of control by data owner (who holds it and where
is it?)
• Relatively inexpensive OPEX instead of CAPEX
15
16. Cloud Contracting:
Comparing Cloud to What We Knew Before
Cloud Traditional Co- Hosting ASP
Computing Software location
Licensing
Location of unknown known known known known
Service/Data
Owner of provider/ company/ Company/ Provider/ Provider/
HW/SW provider company Company Company provider
(license) (license) (license)
Contract Virtually negotiated negotiated negotiated negotiated
non-
negotiable
Contract Risk company shared shared shared shared
Scalability yes maybe maybe maybe maybe
16
18. Why not just rely on the contract?
Who you are drives what you can expect
• Cloud users should clearly understand what they are getting and
getting into:
– Generally speaking, only the largest implementations get negotiated
contract terms (particularly wrt to SaaS)
– Minimum negotiation flexibility likely in most cases – risk mitigation
analysis should establish ‘business level’ comfort
• Where negotiation is possible, risk mitigation should drive negotiation
of key provisions
– The best bang for the buck is internal process risk mitigation
18
19. Most Significant Issue with Cloud
Computing: Privacy and Security
• Gramm-Leach-Bliley Act • Federal Trade Commission
(GLBA) Act (FTCA)
• Health Insurance Portability • ID Theft Red Flags
and Accountability Act • State Privacy Security Laws
(HIPAA) (Breach Notification — 46 States
• Health Information and Encryption (MA and NV),
Technology for Economic and use of SSN’s, etc.)
Clinical Health (HITECH) • Industry Standards (PCI)
• Fair Credit Reporting • Litigation and enforcement cases
Act/FACT Act
19
20. Case Study - Contract vs. What They Say
•Privacy Policy
•Terms of Use
•Security FAQ
•Pricing
20
22. 4 Immutable Laws of Cloud Security
• “These are things that will always be, things that will never change,
and it is a state of being.”
– First is an understanding that if your data is hosted in the cloud, you no
longer directly control its privacy and protection.
– when your data is burst into the cloud, you no longer directly control where
the data resides or is processed.
– if your security controls are not contractually committed to, then you may
not have any legal standing in terms of the control over your data or your
assets.
– if you don't extend your current security policies and controls in the cloud
computing platform, you're more than likely going to be compromised
– Tari Schreider, HP chief architect of HP Technology Consulting and IT
Assurance Practice.
“Security and the Cloud: The Great Reconciliation”, eCommerce Times, 14 May 2012
http://www.ecommercetimes.com/story/Security-and-the-Cloud-The-Great-
Reconciliation-75094.html
22
23. Quick List of Potential Diligence
Considerations
Functionality of solution Pricing
Uptime Response time
Quality of service Data Security/Privacy
Backup and disaster recovery Integration with existing systems
Data access Customer service/support
Insurance coverage
Adapted from “Evaluating SaaS Solutions: A Checklist for Small and Mid-sized Enterprises”
http://www.saugatech.com/thoughtleadership/TL_October2009_Eval_SAP.pdf
23
24. Some Areas of Concern
•Service
quality/SLAs/Availability
•Disaster recovery
•Provider competence
•Provider Viability
24
25. Diligence Considerations:
SLAs
• Control-oriented
– System availability
– System response time
– Fail-over for disaster recovery
• Operations-oriented
– Data retrieval
– Data integrity
– Transition assistance
• Business-oriented
– Error resolution time
– Timeliness re: professional services around cloud solutions
25
26. Diligence Considerations:
Backup & Disaster Recovery
• How are backup systems architected?
– Complete redundancy? Multiple redundancies? Duplicate systems? Real-
time backup?
• Where are backup systems located geographically?
• Are third party backup systems utilized (partially/totally)?
• How long would a catastrophic event at a data center affect system
availability?
• Concerns for physical assets based on geography (exactly where is
that data center located?)
• Ultimately, whose responsibility is it anyway?
26
27. Diligence Considerations:
Competence Issues
• Provider track record of success?
• Views of commentators/bloggers
• Is the pricing right for the breadth of offering?
• Perceived level of sophistication of the vendor
– Knowledge of industry vertical
– Mastery of technology
• If vendor is an early stage company, who is supporting it financially?
(speaks to both competence and viability)
• For SaaS in particular, are there integration partners?
27
28. Diligence Considerations:
Viability of the Cloud Provider
• Viability matters. Why? A cloud user makes an investment when
choosing cloud provider. For example:
– Integrating cloud services into business processes
– Migrating data from its environment
• Lack of industry standardization makes moving to a new cloud
provider difficult
• What happens to a cloud user’s data in the event of:
– Bankruptcy
– M&A
– Escrow
28
30. Benefits of Cloud Computing
•Cost Avoidance/Deferral
•Improved Organizational
Agility
•Focus on Core Business
rather than IT
30
31. Cost Avoidance/Deferral – You Decide
• Gartner says…IaaS isn’t less expensive, but it increases operational
agility (1)
• Computerworld says…Prepare for the real costs of cloud computing
(2)
– Moving and storing data, integrating apps from multiple vendors,
testing software, rent & utilities
• CIO says…CFOs and cloud computing have a love-hate relationship (3)
– Variable pricing messes up cash flow projections
– Capex vs. Opex
• Booz Allen Hamilton says…savings range from 50% to 75% (4)
• CloudU says…savings from 13% to 25% (5)
31
32. Cost Avoidance/Deferral – You Decide
(cites)
• (1) Lydia Leong, research VP at Gartner Group
– http://www.formtek.com/blog/?p=2696, January 12th, 2012
• (2) “Preparing for the real costs of cloud computing” Computerworld
http://www.computerworld.com/s/article/359383/The_Real_Costs_of_Cloud_Com
puting
• (3) “Why CFOS and Cloud Computing Have a Love-Hate Relationship” CIO
Magazine
– www.cio.com/article/print/702074
• (4) “The Economics of Cloud Computing”
http://www.boozallen.com/media/file/Economics-of-Cloud-Computing.pdf
• (5) “Cloudonomics: The Economics of Cloud Computing”
http://broadcast.rackspace.com/hosting_knowledge/whitepapers/Cloudonomics-
The_Economics_of_Cloud_Computing.pdf
33. Improved Organizational Agility
•Use of Public Clouds or Virtual Private Clouds give
organizations the ability to scale up or down when
necessary
•IT expense can be matched to:
– Seasonal or cyclical requirements
– Organizational growth or decline
•Mobile workforce/workplace solutions may improve
organizational productivity
•Cloud environments support experimentation and ability
to fail with low penalty
33
34. Focus on Core Business
•Organizations can focus on building the business they
know
•Organizations can leverage the best of breed in IT (and not
try to be best of breed themselves)
•Potentially better disaster recovery strategies utilizing
cloud-based options
34
36. Take Aways
• Be thoughtful about which parts
of your business are cloud-worthy.
All business processes are not
suitable.
• Have a plan to deal with mistakes
that will happen in the cloud
(business, technology, legal).
What level of risk can you
tolerate?
• Work with your key internal and
external advisors to think through
your cloud strategy. A cross-
functional strategy is in order.
36
37. Q&A
Contact Me
•Janine Anthony Bowen, Esq., CIPP/US
jbowen@jack-law.com
www.visualcv.com/jdabowen
www.linkedin.com/in/jdabowen
•678-823-6611
•Twitter - @cloudlawyer
•www.jack-law.com
JACK Attorneys & Advisors: Technology/IP Law & the Business of Technology - Quite Simply, We Get It. 37