Demystifying the Cloud

Size: px
Start display at page:

Download "Demystifying the Cloud"

Transcription

1 Demystifying the Cloud Wednesday, October 23, 2013 Welcome and introduction Shawn Derby Senior Vice President, Western Canada 2 1

2 Overview of cloud computing Lynn Sutherland Director, Strategic Projects Canadian Cloud Council 3 Overview of cloud computing Conclusion History of cloud Where are we now? Conclusion again References 4 2

3 Overview of cloud computing Conclusion At the March 2013 national Canadian Cloud Conference: Do something now or be left behind The cloud is here There are no barriers remaining No more excuses Most individuals and small businesses are already in the cloud. Enterprises and governments need to catch up. 5 Overview of cloud computing Web GNU project to develop and promote Open Source Software launched by Richard Stallman 1990 HTTP protocol and first WorldWideWeb interface designed and released by Tim Berners-Lee, CERN 1991 Linux released by Linus Torvalds 1993 First browser Mosaic Marc Anderson NCSA, later became first commercial browser NetScape then open-sourced as Mozilla (now Firefox) Search engines 1990 Archie; 1993 Excite; 1994 Lycos, AltaVista, Webcrawler; 1996 Inktomi; 1997 Ask Jeeves (now ask.com); 1998 Google launched; 2004 Google went public 6 3

4 Overview of cloud computing Web User created content 2001: Wikipedia 2002: Friendster 2003: MySpace 2004: Facebook 2005: YouTube 2006: Blogger fully supported by Google (blogging started in 1980s- 1990s) 2006: Twitter started 7 Overview of cloud computing Web 3.0 cloud computing? This slide is from a presentation given in

5 Overview of cloud computing What is cloud computing? CLOUD: Common, Location-independent, Online Utility provisioned on-demand Common, in that it multiplexes demand from multiple customers and applications into a shared, common pool of computing resources. Location-independent, because data accessibility should follow you no matter where you are. Online, in the sense that it is accessible over an agile, geographically dispersed network, that is available anytime. A Utility because it provides value and offers usage-sensitive, pay-per-use pricing. on-demand in that the ability to provision capacity or service should be as fast as possible to meet variable demand requirements, enhancing business agility and providing capacity and scalability at the lowest total cost. - Adapted from original quote by Joe Weinman, VP Strategic Solutions, AT&T, November Overview of cloud computing Gartner Hype Cycle

6 Overview of cloud computing Gartner Hype Cycle Overview of cloud computing Gartner Hype Cycle for cloud

7 Overview of cloud computing September NIST reference architecture From National Institute of Standards and Technology Special Publication ; September Overview of cloud computing September Gartner says worldwide cloud services market to surpass $109 billion in 2012 BPaaS represents largest market segment, while IaaS is the fastest-growing area. The public cloud services market is forecast to grow 19.6 percent in 2012 to total $109 billion worldwide. Business process services (also known as business process as a service, or BPaaS) represent the largest segment, accounting for about 77 percent of the total market, while infrastructure as a service (IaaS) is the fastest-growing segment of the public cloud services market and is expected to grow 45.4 percent in

8 Overview of cloud computing Cloud-first policy US: Apps.gov is now Info.apps.gov and FedRamp provides cloud-accreditation and case studies (info.apps.gov) UK G-Cloud: has a process for companies to get accredited to provide cloud services (gcloud.civilservice.gov.uk) Canada s Action Plan on Open Government (open.gc.ca/index-eng.asp) Shared Services Canada Architecture Framework Advisory Committee meets monthly 15 Overview of cloud computing How to do cloud: Use standards Use open systems (data and APIs) where possible Evaluate your data and applications and prioritize which are best suited for the cloud Commit to moving at least one application to the cloud and then do another one Educate through use cases Start a cloud-first policy there is very little need to build your own systems any more Break down fiefdoms Collaborate with your customers Simplify Re-engineer business processes to use cloud to be more nimble Stop living in fear Move fast Get off your IT assets! and build your core business From ccc March 2013 national conference 16 8

9 Overview of cloud computing There are no barriers that cannot be overcome Security can be better in the cloud Privacy can be addressed with a little attention to it Bandwidth costs in Canada are too high, so we ll have to find creative solutions and continue to push for opening up our telecommunications systems 17 Overview of cloud computing Conclusion At the March 2013 national Canadian Cloud Conference: Do something now or be left behind The cloud is here There are no barriers remaining No more excuses Most individuals and small businesses are already in the cloud. Enterprises and government need to catch up. BUT Business Processes, Training and Culture have not yet adapted. Now the real transformational work begins. 18 9

10 Overview of cloud computing References Fact Sheet: Introduction To Cloud Computing. Office of the Privacy Commissioner of Canada; October 2011 (http://www.priv.gc.ca/resource/fs-fi/02_05_d_51_cc_e.pdf) The NIST (National Institute of Standards and Technology) Definition of Cloud Computing; September 2011 (http://csrc.nist.gov/publications/nistpubs/ /sp pdf) US Government Cloud (http://info.apps.gov/) UK G-Cloud (http://gcloud.civilservice.gov.uk/) 19 Overview of cloud computing Latest Reference (September 6, 2013 Ottawa) Canada s cloud economy will directly employ more than 57,000 workers by 2018 according to a new report published by the Information and Communications Technology Council (ICTC) today. Among the report s top-line findings are that: Cloud professionals are difficult to recruit for because they require a combination of programming and administration skills a rare combination in the ICT industry. The Canadian cloud economy contributes $4.6 billion annually to Canadian GDP, and by 2018, this contribution will grow to become $8.2 billion. The Canadian cloud economy directly employs a total of 38,400, workers. Of these, 21,400 are estimated to be technical professionals. By 2018, direct employment in ICT occupations central to cloud computing will grow by 47%. Half of the 360 Canadian enterprises (IT and non-it) surveyed by ICTC have adopted identifiable cloud services. This figure is 71% for IT firms. 70% of cloud-using enterprises use some form of paid cloud service. 4/5 of paid users have recurring subscriptions to cloud services, and one-third (31%) have made a one-time purchase of cloud products/services. The report concludes that education efforts to address negative perceptions about cloud services and to highlight advantages would be beneficial to continued growth. Canada s Cloud Imperative: Improving Business Opportunities Through Enabling Services

11 Cloud computing: business issues and solutions Brian Cann Vice-President, Global Marketing, Cloud and Infrastructure Services 21 Cloud computing: business issues and solutions Enterprises and governments are being driven to the cloud Key drivers Cost Agility Access Pay for use Transparency Chargeback Speed Limitless Currency Anywhere Mobile Collaboration 22 11

12 Cloud computing: business issues and solutions however security/privacy still tops their concerns Top inhibitors Security / Privacy Business Case Maturity Data sovereignty Policy Controls Positive ROI Reliability Performance DR 23 Cloud computing: business issues and solutions Cloud Regional Adoption Maturity Rating & Trends Country Public Sector Maturity Public Sector Hot-Spots Non-critical SaaS (i.e. HR, F&A) Data center consolidation, interoperability, shared services Private IaaS, shared platforms for eservice delivery, disaster recovery Comments Studying UK, US initiatives for best practice, limited uptake so far, strict data privacy laws Few key initiatives so far, cloud not mentioned in Finland ICT strategy Activity limited until recently, major initiatives emerging & growing fast Private cloud data center services Private cloud for shared platforms, SaaS for back office apps Community cloud (in local government), SaaS (non-critical) IaaS shared services, SaaS (F&A, HR, CRM), BaaS (back office), collaboration SaaS (esp. collaboration), IaaS (including public), data center consolidation Strong captive data center services market in the German public sector Cloud part of the istrategy, central bank approves AWS use by banks Part of the government s Digital Agenda, but tough data regulations Cloud first policy is driving uptake, G- Cloud the shop window Cloud first policy driving uptake, FedRAMP too for private IaaS PAC - Pierre Audoin Consultants, Paris August

13 Cloud computing: business issues and solutions US Department of Homeland Security benefits from unlimited capacity and pay-for-use Cloud Results RestoretheGulf.gov and StudyintheStates sites deployed in IaaS in 6 weeks Moved all 33 citizen facing sites to the Cloud Rapid access to unlimited capacity 25 Cloud computing: business issues and solutions Canadian Federal Government Cloud Initiatives Transformation Data Center Transformation Web Renewal Initiative HR Transformation ERP Transformation 43 Agencies 600K Mailboxes 530 Data Centers 70K Servers 1500 Web sites 900 Web apps 70 HR Systems PeopleSoft 45 ERP Systems SAP Awarded - Bell/ July 2013 RFI August 2013 RFI August 2013 RFI August 2013 RFI August 2013 Modernization and Reducing the Back Office The Government is committed to streamlining, consolidation and standardizing administrative functions and operations within and across organizations

14 Cloud computing: business issues and solutions Many Canadian enterprises and government departments have asked for an in Canada solution Microsoft Solutions UNIFIED COMMS. COLLABORATION & DOC MGMT CRM/xRM ENTERPRISE PROJECT MGMT. Montreal Data Centre Toronto Data Centre 27 Cloud computing: business issues and solutions All Clouds are not created equal Public Cloud Internet connectivity Massive multi-tenancy Small & Medium Business focus Standard feature set No customization Virtual Private Cloud (Community) Private connectivity Trusted logical separation Tailored Security Enterprise relationship Vendor agnostic Private Cloud Single tenant Dedicated infrastructure On client premise or hosted Tailored Security Vendor agnostic 28 14

15 Cloud computing: business issues and solutions Chose the level of responsibility to meet your needs Client Managed Virtual machines Provider Managed VM s & Packaged Software SaaS Client Responsibility Application Application PaaS Line Web hosting & DB software Web hosting & DB software Security Boundary Operating system Operating system Cloud Provider Responsibility Hypervisor Physical Hypervisor Physical Hypervisor Physical 29 Cloud computing: business issues and solutions Cloud usage is evolving Current Cloud Usage Public facing web sites , CRM and Collaboration Technical environments for Testing and development Emerging Cloud Usage Line of business applications Mobile enterprise & analytics Cloud Brokerage 30 15

16 Cloud computing: business issues and solutions Some key takeaways CLEAR MESSAGES Transfer of risk on to Cloud Providers Capacity Planning and Management Development of service Capital Investment No long term contracts Focus on your Business Objectives vs. IT Rapid access to latest version of applications Flexible software licensing approaches Smaller organizations can access applications and resources equivalent to the large ones I don t need to keep buying more servers! I can turn capability up and down as I wish Once my application is in the Cloud, I can access it from any device making my people more productive. 31 Tony Morris Partner Norton Rose Fulbright 32 16

17 Risk perceptions of the cloud: survey We asked participants whether they used Cloud computing and what risks they associated with it Use of Cloud computing: suppliers Use of Cloud computing: combined customers Risks: suppliers Risks: combined customers 33 Who is using the cloud Recent Norton Rose Fulbright Survey: 70% of supplier said they used the Cloud with just 40% of customers Financial institutions sector (25%) Trending: Increased use of Cloud across many industry sectors Example: Global financial industry spending on Cloud computing $22 billion by end 2012 vs $4 billion in 2010 (per CEB Tower- Group research and advisory firm) 34 17

18 Cloud can deliver many benefits and advantages but what are the legal risks? and how do you mitigate these risks? 35 Lack of transparency in cloud arrangements Cloud simplifies deployment provides solutions without the complications of the details and can allow efficiency gains As a consequence, Cloud abstracts many of the details (technological and resulting legal relationships) Cloud providers will typically deliver specified functionality and requirements Little or no transparency of implementation details However, that lack of transparency creates potential for risks and issues that need careful consideration 36 18

19 Transparency of cloud arrangements scenario Perception: Customer enters into a services agreement with Cloud provider, Acme, which provides customer with specified functionality delivered over the internet example: an SaaS solution 37 Scenario - reality (often) 38 19

20 A note on context: Just like all non-cloud IT deals, you need to approach potential risks and issues in context. Every transaction is different. Many factors will contribute to risk analysis and business / technical requirements. Every Cloud provider is different. Very small companies can hobble together Cloud solutions with many 3 rd party bits Consider: Nature of proposed service arrangement. Importance to your organization (mission critical?). Risk of failure if problems occur. 39 Cloud computing - outsourcing by another name? OSFI's February 2012 Memorandum re: "Guideline B-10: Outsourcing of Business Activities, Functions and Processes" US Federal Financial Institutions Examination Council (FFIEC) "Statement on Outsourcing Cloud Computing" reminder to refer to its "Information Technology Examination Handbook" Key risk mitigation controls cited: due diligence vendor management and control audit rights ongoing access to information information / data security legal, regulatory and reputation considerations business continuity planning 40 20

21 Data Considerations 41 Risk: cloud provider will have your data Key internal due diligence preliminary questions: What data will reside with the Cloud provider? Consumer data? Business data? Personal Information? What applicable laws are you and your data subject to? E.g. PIPEDA or PIPA (Alberta) or European Data Protection Directive Other industry requirements (regulatory discussion below). If so: What requirements govern the outsourcing of data? Are any regulatory pre-approvals required? Do existing contracts / policies provide rights or restrictions to outsource data in manner proposed? What consents / notices are required (if any)? What access rights does the regulator require? 42 21

22 Risk: data location issues Where will your data be located for processing / storage / backup? One or multiple locations? Data movement rights to unilaterally change locations? Why important? The movement of data within the provider's Cloud may involve transfer from servers in one jurisdiction to servers in another. Raises different jurisdictional-dependent issues: discovery rules privacy laws and data-transfer restrictions. auditability and control Most data protection regimes place onus of compliance on data collector (i.e. customer) therefore you need to know these specifics in order to meet your own legal requirements. 43 Risk: data facility issues Facility used to host the data: Are adequate controls and safeguards in place to meet requirements? How do you know? likely no independent right to audit SAS 70 Type II (now SSAE 16) / CICA 5970 (now CSAE 3416) complaint? (independent verification of compliance with, and effectiveness of, security controls.) reputable Cloud providers do this. Who has access to the data? And for what purpose? Cloud provider only? Subcontractors? Other third parties? Does Cloud provider have appropriate contractual arrangements with third parties? Are there any "reach-through" rights to the subcontractors directly? In outsourcing, not unusual, to a degree

23 Risk: data access and processing issues Data segregation physical or logical? Use and Audit Is data use, movement and edit history auditable? Data backup & redundancy What data back-up processes and procedures are in place? Is data backed up to more than one server? Different locations (geographic risk mitigation for disasters)? How frequently are back-ups performed? Off-site storage of backups? Is any data stored off-line? Consider maintaining your own ghost back-up on interval basis Does contract permit deletion of data by supplier for example, in event of disputes? non-payment? (surprisingly common) 45 Data ownership and use rights Does contract clearly provide customer ownership of data? What scope of usage rights does Cloud provider have? What control over customer data does the customer actually have? Appropriate express prohibitions on use and disclosure? Privacy regulatory drivers. Will data be modified or processed in some way such that ownership of derived data is an issue? Does contract address any necessary rights assignments back to customer? Ownership and use of behaviour / aggregated / anonymous data derived from customer data? 46 23

24 Risk: termination data extraction and migration Does the Cloud platform allow easy extraction of data? Does customer have real-time access to data? What period of time will data be kept post-termination? How quickly can extraction be done? What is the downtime for the business? Can data extraction be scaled? Note the network bandwidth bottleneck. Data portability data formatting/compatibility/portability concerns. Where will the data go? Can it be taken back in-house? Data migration generally requires extraction and transformation will the new provider be able to perform the transformation activity? Cost? Time? Assistance from incumbent vendor? Much reluctance. Third party technology dependent? So, soft landing provisions are KEY! Never leave data contractually vulnerable 47 Security Considerations 48 24

25 Security issues Conduct security assessment - understand your organization s security requirements and constraints goal will be to map your organization s requirements to vendor s solution: risk management practices data handling policies rights and access management Note that: Reasonable arguments exist that (for many organizations) security is enhanced through the Cloud, rather than degraded. Coherently describing this is key for the business case. 49 Understand the security risks If you don t understand risks, you can t analyze Cloud provider s security offering or limitations. Top Cloud Risks see: Cloud Security Alliance Top Threats to Cloud Computing v. 1.0 cloudsecurityalliance.org/topthreats Gartner: Seven Cloud Security Risks networkworld.com/news/2008/ cloud.html?page=1 Security Guidance for Critical Areas of Focus in Cloud Computing v. 2.1 Cloud Security Alliance 2009 cloudsecurityalliance.org/guidance/csaguide.v2.1.pdf Cloud Computing: Business Benefits With Security, Governance and Assurances Perspectives - ISACA 2009 isaca.org Cloud Computing: Benefits, risks and recommendations for information security European Network and Information Security Agency enisa.europe.eu 50 25

26 General security due diligence Physical security of facilities Security systems (surveillance etc) Security procedures and practices Personnel of supplier and subcontractors Malicious insiders key security threat For sensitive / high risk applications what due diligence does vendor conduct on personnel? (background / criminal checks) Contractual restrictions on personnel changes? Interviews of key personnel? Restricted personnel security levels? Breaches Have there been any security breaches/incidents? If so, what steps has vendor taken to mitigate future risks? Difficulty in ascertaining details: Cloud provider s (understandable) reluctance to provide details necessary to assess adequacy of security in place. Consult "the Google" and litigation searches. 51 Security encryption and certifications Technological security: operational and programmatic security processes, technology (firewalls etc) in place? Data Encryption: What types of encryption methods are used? Data encrypted at rest and in transit? Often not encrypted at rest provider secures by spreading data across multiple locations so single servers cannot be targeted for attack What security certifications does Cloud provider have? Reputable Cloud providers have appropriate certifications Third party oversight (audits discussed above) ISO international standard / certification - systematic examination of data security risks and design / implementation of suite of information security controls to address risks 52 26

27 Incident response, notification and remediation Nature of Cloud environment - greatly increases monitoring of incident complexities. Understand incident monitoring / breach detection strategy, protocols and capabilities of proposed Cloud provider concerning incident identification and customer notification Understand that regulatory / jurisdictional requirements may complicate incident identification and reporting if in multiple locations. Example: An incident involving data in France may raise a regulatory legal issue; whereas if the same data were stored in Canada the same incident may not have been considered an issue. Ultimate responsibility lies with the Customer who carries much of the reputational and legal risk Example: Alberta's PIPA requires an assessment be made possibly requiring disclosure to the OIPC. 53 Regulatory considerations 54 27

28 Regulatory requirements and standards Consider if your particular industry regulatory requirements can be met when deploying to the Cloud Applicable federal and provincial laws e.g. privacy legislation, sectoral legislation Federally regulated institutions e.g. OSFI requirements Industry requirements Payment card industry - PCI DSS (Payment Card Industry Data Security Standard) industry consortium of payment card processors compliance critical for entities involved in credit card payment process security issues paramount Legal profession Provincial law society rules Ontario: no specific rules; Rules of Professional Conduct apply B.C. recent report examining impact of Cloud on legal profession leading to new rules? 55 Privacy considerations 56 28

29 Privacy commissioner's guidance Joint BC, Alberta and Federal guidance: "Cloud Computing for Small and Medium-sized Enterprises: Privacy Responsibilities and Considerations" Key recommendations pertain to: understanding legal obligations identifying current Cloud services risk/benefit assessment contract rigour security assessments and audit transparency and consents cross border implications information control mechanisms British Columbia: "Cloud Computing Guidelines for Public Bodies" Federal: "Introduction to Cloud Computing" "Reaching for the Clouds: Privacy Issues related to Cloud Computing" 57 General privacy thoughts PI can be accessed and exchanged internationally through a multi-national intranet, so same considerations as Cloud! Local law requirements touch on: collection / use / disclosure security breach notification access retention policies, procedure and training so, many companies need global policies and procedures Shuffling data between Canada, US and Europe requires: data transfer agreements mirroring privacy legislation if touching Europe, framework agreements with EU model clauses per the EU Data Protection Directive Several myths about the US Patriot Act, but numerous truths. Key myth: that it's unique 58 29

30 Key privacy considerations - Alberta You can send your data out of the country, but: must impose "comparable level of protection" provide proper notice to PI owners (eg. PIPA s. 13.1, PC's Case Summaries #313 and #333) ensure contractual and technical safeguards are in place and that purposes do not change (eg. PIPEDA Principle 4.1.3, FOIP s. 38) Note that some provincial legislation is more prohibitive (eg. BC's FOIP) Take extra care for the public sector (see the OIPC's "Public Sector Outsourcing and Risks to Privacy") Key contract provisions: inspection and audit of security practices access to information by individual and company access to information by regulator use and disclose prohibitions binding arbitration per international rules known choice of law regimes 59 The cloud contract: some important contract considerations 60 30

31 Contract due diligence Early in process review terms and conditions offered to you and review for key risks and gaps against your: business requirements legal requirements regulatory constraints risk management requirements existing insurance coverages Engage in early discussions to assess likelihood of ability to negotiate. Due to standardized contract and delivery models, it may be difficult to negotiate significant changes. 61 The cloud contract Many Cloud contracts appear simple actual service delivery may be more complicated than it appears Many contracts have multiple elements: Terms of Service / Use Acceptable Use Policy Service Level Agreement Privacy Terms Third party terms / licenses / contracts flowed through Some elements may not be in actual contract but incorporated by reference Some terms are customized for particular jurisdictions 62 31

32 Performance issues What are your organizations performance requirements? Availability / Response times What are the implications of poor performance to your business? Low / no impact? Financial impact? Mission critical? Does the Cloud provider have reliable performance track record? History of outages? What SLs are available? Are they negotiable? (if you pay more?) Service desk where are your users & what are vendor local hours of operation, commitments to response times, process? Mismatches to existing processes? 63 Performance issues Measurement point of measurement important in Cloud computing (due to communications element) Where does Cloud provider measure performance (at vendor s server / Cloud termination point / customer location) How measure / what tools are used to measure? Does SL represent a bundled service or are individual application SL s provided? Measurement period and permitted maintenance windows impacts metrics calculations What are the implications of failure to meet service level? Service credits? If so, are they meaningful? Do liability provisions (caps on individual service failures or total liability) effectively eliminate recourse for failure? Force majeure clause breadth of clause, exclusions, third party failures etc

33 Understand and consider jurisdictional risks Nature of Cloud (Cloud = possibility of sending, storing and processing data in multiple jurisdictions) can lead to jurisdictional uncertainty pertaining to application of foreign laws Choice of law clause does not necessarily solve application of other laws e.g. application of local consumer laws, IP laws, tort claims etc. may continue to be governed by local laws notwithstanding parties agreement to choice of law provisions (i.e. you can t contract out) Choice of law: attornment to non-favourable / foreign jurisdictions careful consideration should be given to the choice of law that is provided for - as it can have profound implications for dispute resolution and regulatory obligations: creates legal uncertainty and cost of litigation. The particulars of a Cloud solution + contract terms will influence jurisdictional analysis and outcome. 65 Disputes How are disputes to be handled? Clear issues escalation process: informal executive process? Does dispute process take into account and address third party terms and subcontractors? If multiple contracts within the contract, do they provide for a common law to apply? Common dispute process involving all relevant parties? Consider Cloud providers that utilize Alternative Dispute Resolution (ADR). ADR is good dispute tool for international disputes particularly if there are multiple jurisdictions. International treaties provide well for international enforcement of arbitral decisions

34 Liability framework Consider proposed liability framework in context of your circumstances: What are the risks to your organization if failures / problems? Exclusions of liability for data loss and corruption Who bears costs of data replication? Indemnification for lost / deleted data? Exclusions of damages for service failures (credits = sole remedy) Exclusions on consequential and indirect loss: breaches of confidentiality and data protection, reputational risk, etc. Exclusions of responsibility / liability for 3 rd party components within Cloud solution Caps on total liability 67 Final thoughts Understand your business, technical and legal / regulatory constraints. Do your homework - understand vendor s offering and how it meets (or doesn t meet) those needs. Map your requirements against risks and vendor ability. Cloud computing is simply not for all applications or uses. Cloud models and services are constantly evolving on-going due diligence is required (of your vendor and market). Not all Cloud providers are equal choose Cloud partners that are prepared to work with you to explain their solution and address your concerns: You get what you pay for

35 Resources Norton Rose Fulbright Publication: Outsourcing in a Brave New World An International Survey of Current Outsourcing Practice and Trends (2011) Norton Rose Fulbright 2013 Publication: Cloud Computing 69 Panel discussion: practical considerations Robert Percival, Partner, Norton Rose Fulbright (Moderator) Brian Cann, VP, Global Marketing, Cloud and Infrastructure Services, Harpreet Dhillon, Program Manager - Cloud Computing and Open Source Services, City of Calgary Eric Notkin, Vice President, Legal Affairs, Lynn Sutherland, Director, Strategic Projects, Canadian Cloud Council Canadian Cloud Council 70 35

Cloud Computing: Legal Risks and Best Practices

Cloud Computing: Legal Risks and Best Practices Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent

More information

Cloud Computing Contracts. October 11, 2012

Cloud Computing Contracts. October 11, 2012 Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013

INFORMATION SECURITY GUIDE. Cloud Computing Outsourcing. Information Security Unit. Information Technology Services (ITS) July 2013 INFORMATION SECURITY GUIDE Cloud Computing Outsourcing Information Security Unit Information Technology Services (ITS) July 2013 CONTENTS 1. Background...2 2. Legislative and Policy Requirements...3 3.

More information

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin

Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director

More information

AskAvanade: Answering the Burning Questions around Cloud Computing

AskAvanade: Answering the Burning Questions around Cloud Computing AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,

More information

The HR Skinny: Effectively managing international employee data flows

The HR Skinny: Effectively managing international employee data flows The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study

More information

Cloud Services Overview

Cloud Services Overview Cloud Services Overview John Hankins Global Offering Executive Ricoh Production Print Solutions May 23, 2012 Cloud Services Agenda Definitions Types of Clouds The Role of Virtualization Cloud Architecture

More information

Risk Management of Outsourced Technology Services. November 28, 2000

Risk Management of Outsourced Technology Services. November 28, 2000 Risk Management of Outsourced Technology Services November 28, 2000 Purpose and Background This statement focuses on the risk management process of identifying, measuring, monitoring, and controlling the

More information

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING

CPNI VIEWPOINT 01/2010 CLOUD COMPUTING CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Cloud Security Introduction and Overview

Cloud Security Introduction and Overview Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious

More information

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005

Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad. Toronto, Ontario June 14, 2005 Data Management: Considerations for Integrating Compliance Requirements At Home and Abroad Toronto, Ontario June 14, 2005 Outsourcing Update: New Contractual Options and Risks Lisa K. Abe June 14, 2005

More information

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium

VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 1 VENDOR RISK MANAGEMENT UPDATE- ARE YOU AT RISK? Larry L. Llirán, CISA, CISM December 10, 2015 ISACA Puerto Rico Symposium 2 Agenda Introduction Vendor Management what is? Available Guidance Vendor Management

More information

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014

Welcome. Panel. Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Welcome Cloud Computing New Challenges in Data Integrity and Security 13 November 2014 Panel Tracy Lampula, Associate Director of GIS Compliance, Vertex Pharmaceuticals William Sanborn, Director of Information

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World

Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com

More information

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel

TO: Chief Executive Officers of National Banks, Federal Branches and Data-Processing Centers, Department and Division Heads, and Examining Personnel AL 2000 12 O OCC ADVISORY LETTER Comptroller of the Currency Administrator of National Banks Subject: Risk Management of Outsourcing Technology Services TO: Chief Executive Officers of National Banks,

More information

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1

Cloud Computing and Privacy Toolkit. Protecting Privacy Online. May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Cloud Computing and Privacy Toolkit Protecting Privacy Online May 2016 CLOUD COMPUTING AND PRIVACY TOOLKIT 1 Table of Contents ABOUT THIS TOOLKIT... 4 What is this Toolkit?... 4 Purpose of this Toolkit...

More information

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations

The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations The Use of Cloud Computing for the Storing and Accessing of Client Information: Some Practical and Ethical Considerations Jeffrey D. Scott Jeffrey D. Scott, Legal Professional Corporation Practice Advisors

More information

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP

SECURITY MODELS FOR CLOUD 2012. Kurtis E. Minder, CISSP SECURITY MODELS FOR CLOUD 2012 Kurtis E. Minder, CISSP INTRODUCTION Kurtis E. Minder, Technical Sales Professional Companies: Roles: Security Design Engineer Systems Engineer Sales Engineer Salesperson

More information

IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits

IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits Daniel D. Galorath, CEO Galorath Inc. Steven Woodward, CEO, Cloud Perspectives Portions Copyright Cloud Perspectives

More information

Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies

Canvassing the Cloud. An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Canvassing the Cloud An Eversheds LLP and PA Consulting Group study into the adoption of Cloud technologies Contents Foreword 1 Insights from the study 2 Defining the Cloud 3 Study results 4 General 4

More information

Wednesday, January 16, 2013

Wednesday, January 16, 2013 Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,

More information

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Cloud Computing: Contracting and Compliance Issues for In-House Counsel International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,

More information

LEGAL ISSUES IN CLOUD COMPUTING

LEGAL ISSUES IN CLOUD COMPUTING LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing

More information

Security and Privacy in Cloud Computing

Security and Privacy in Cloud Computing Security and Privacy in Cloud Computing - Study Report Sai Lakshmi General Manager Enterprise Security Solutions 2 Agenda Background & Objective Current Scenario & Future of Cloud Computing Challenges

More information

The Keys to the Cloud: The Essentials of Cloud Contracting

The Keys to the Cloud: The Essentials of Cloud Contracting The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb

More information

Key Considerations of Regulatory Compliance in the Public Cloud

Key Considerations of Regulatory Compliance in the Public Cloud Key Considerations of Regulatory Compliance in the Public Cloud W. Noel Haskins-Hafer CRMA, CISA, CISM, CFE, CGEIT, CRISC 10 April, 2013 w_haskins-hafer@intuit.com Disclaimer Unless otherwise specified,

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

Evolving Technology Issues: Cloud Computing

Evolving Technology Issues: Cloud Computing Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to

More information

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

The NREN s core activities are in providing network and associated services to its user community that usually comprises: 3 NREN and its Users The NREN s core activities are in providing network and associated services to its user community that usually comprises: Higher education institutions and possibly other levels of

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Cloud Computing in Banking

Cloud Computing in Banking Financial Services the way we see it Cloud Computing in Banking What banks need to know when considering a move to the cloud Contents 1 Overview 3 2 Why Cloud Computing for Banks? 4 2.1 Cost Savings and

More information

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

2014 HIMSS Analytics Cloud Survey

2014 HIMSS Analytics Cloud Survey 2014 HIMSS Analytics Cloud Survey June 2014 2 Introduction Cloud services have been touted as a viable approach to reduce operating expenses for healthcare organizations. Yet, engage in any conversation

More information

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred

More information

Insights into Cloud Computing

Insights into Cloud Computing This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid

More information

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader

Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September 2014 1 Contents A. Introduction: a short walk

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

Cloud Security and Managing Use Risks

Cloud Security and Managing Use Risks Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

WhitePaper. Private Cloud Computing Essentials

WhitePaper. Private Cloud Computing Essentials Private Cloud Computing Essentials The 2X Private Cloud Computing Essentials This white paper contains a brief guide to Private Cloud Computing. Contents Introduction.... 3 About Private Cloud Computing....

More information

Cloud Computing: Compliance and Client Expectations

Cloud Computing: Compliance and Client Expectations Cloud Computing: Compliance and Client Expectations February 15, 2012 MOSS ADAMS LLP 1 TODAY S PRESENTERS Moderator Kevin Villanueva, CPA, CISA, CISM, CITP, CRISC Sr. Manager, Infrastructure and Security

More information

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World

Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

Cloud Computing. What is Cloud Computing?

Cloud Computing. What is Cloud Computing? Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014

Why Migrate to the Cloud. ABSS Solutions, Inc. 2014 Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

In-House Counsel Day Priorities for 2012

In-House Counsel Day Priorities for 2012 In-House Counsel Day Priorities for 2012 Cloud Computing the benefits, potential risks and security for the future Presented by Anthony Willis Group Head IP and Technology Thursday 1 March 2012 WIN: What

More information

Contracting for Cloud Computing

Contracting for Cloud Computing Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal

More information

The Business Case for Cloud: Critical Legal, Business & Diligence Considerations

The Business Case for Cloud: Critical Legal, Business & Diligence Considerations The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US

More information

How to ensure control and security when moving to SaaS/cloud applications

How to ensure control and security when moving to SaaS/cloud applications How to ensure control and security when moving to SaaS/cloud applications Stéphane Hurtaud Partner Information & Technology Risk Deloitte Laurent de la Vaissière Directeur Information & Technology Risk

More information

Cloud Computing. Bringing the Cloud into Focus

Cloud Computing. Bringing the Cloud into Focus Cloud Computing Bringing the Cloud into Focus November 2011 Introduction Ken Cochrane CEO, IT/NET Partner, KPGM Performance and Technology National co-leader IT Advisory Services KPMG Andrew Brewin Vice

More information

Why You Should Consider the Cloud

Why You Should Consider the Cloud INTERSYSTEMS WHITE PAPER Why You Should Consider the Cloud In 2014, we ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities, and fiercely battle for the hearts

More information

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.

What Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model

More information

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1 CLOUD COMPUTING (outsourcing records storage) TATTA SRINIVASA RECORDS MANAGER 11 December 2013 TOWNSHIP OF KING TATTA 1 Cloud computing A style of computing where scalable and elasticity ITenabled capabilities

More information

Cloud Computing: Background, Risks and Audit Recommendations

Cloud Computing: Background, Risks and Audit Recommendations Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For

More information

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week

Cloud Security Panel: Real World GRC Experiences. ISACA Atlanta s 2013 Annual Geek Week Cloud Security Panel: Real World GRC Experiences ISACA Atlanta s 2013 Annual Geek Week Agenda Introductions Recap: Overview of Cloud Computing and Why Auditors Should Care Reference Materials Panel/Questions

More information

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect

OWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud

More information

Legal Issues in the Cloud: A Case Study. Jason Epstein

Legal Issues in the Cloud: A Case Study. Jason Epstein Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types

More information

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future. Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your

More information

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL

Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Computing Security Issues

Cloud Computing Security Issues Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,

More information

Cloud Computing. Introduction

Cloud Computing. Introduction Cloud Computing Introduction This information leaflet aims to advise organisations which are considering engaging cloud computing on the factors they should consider. It explains the relationship between

More information

Best Practices for Sourcing Cloud Computing Services

Best Practices for Sourcing Cloud Computing Services Best Practices for Sourcing Cloud Computing Services Marc Lindsey Partner Levine, Blaszak, Block & Boothby, LLP MLindsey@LB3Law.com Disclaimer This presentation is for informational purposes only and does

More information

Why you should ConsIder The Cloud

Why you should ConsIder The Cloud I N T E R S Y S T E M S D I S C U S S I O N P A P E R Why you should ConsIder The Cloud "In 2014, we' ll see every major player make big investments to scale up Cloud, mobile, and big data capabilities,

More information

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham

Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or

More information

(a) the kind of data and the harm that could result if any of those things should occur;

(a) the kind of data and the harm that could result if any of those things should occur; Cloud Computing This information leaflet aims to advise organisations on the factors they should take into account in considering engaging cloud computing. It explains the relevance of the Personal Data

More information

Cloud Service Rollout. Chapter 9

Cloud Service Rollout. Chapter 9 Cloud Service Rollout Chapter 9 Cloud Service Topics Cloud service rollout plans vary depending on the type of cloud service SaaS, PaaS, or IaaS and the vendor. Unit Topics Identifying vendor roles and

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

COMMUNICATIONS ALLIANCE LTD

COMMUNICATIONS ALLIANCE LTD COMMUNICATIONS ALLIANCE LTD Communications Alliance Response to ACS Discussion Paper on a Potential Cloud Computing Consumer Protocol - 1 - TABLE OF CONTENTS INTRODUCTION 2 SECTION 1 OVERVIEW OF RESPONSE

More information

{Moving to the cloud}

{Moving to the cloud} {Moving to the cloud} plantemoran.com doesn t mean outsourcing your security controls. Cloud computing is a strategic move. Its impact will have a ripple effect throughout an organization. You don t have

More information

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities

More information

Big Data and the Internet of Things

Big Data and the Internet of Things Financial institutions Energy Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Big Data and the Internet of Things Protecting rights, controlling

More information

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013

SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 SRG Security Services Technology Report Cloud Computing and Drop Box April 2013 1 Cloud Computing In the Industry Introduction to Cloud Computing The term cloud computing is simply the use of computing

More information

Common Student Information System for Schools and School Boards. Project Summary

Common Student Information System for Schools and School Boards. Project Summary for Schools and School Boards May 2007 Table of Contents 1. Executive Summary...... 3 2. Project Background, Rationale, Benefits and Scope... 4 3. Procurement Process... 8 4. The Final Agreement. 10 5.

More information

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director

Moving your enterprise systems to the cloud? What do you need to know to manage the risks? Jamie Levitt, Director www.pwc.com Moving your enterprise systems to the cloud? What do you need to know to manage the risks? November 2015 Jamie Levitt, Director Disclaimer Certain matters reviewed today may represent services

More information

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst

Clouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment

More information

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs

Cloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren

More information

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS

CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE GUIDELINES ON THE USE OF CLOUD COMPUTING SERVICES BY LAWYERS CCBE guidelines on the use of cloud computing services by lawyers TABLE OF CONTENTS I. INTRODUCTION... 3 1. Scope of the guidelines...

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

Cloud Computing and HIPAA Privacy and Security

Cloud Computing and HIPAA Privacy and Security Cloud Computing and HIPAA Privacy and Security This is just one example of the many online resources Practical Law Company offers. Christine A. Williams, Perkins Coie LLP, with PLC Employee Benefits &

More information

SaaS A Product Perspective

SaaS A Product Perspective SaaS A Product Perspective Software-as-a-Service (SaaS) is quickly gaining credibility and market share against traditional packaged software. This presents new opportunities for product groups and also

More information

Cloud Security Trust Cisco to Protect Your Data

Cloud Security Trust Cisco to Protect Your Data Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive

More information

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud

Cloud Security. DLT Solutions LLC June 2011. #DLTCloud Cloud Security DLT Solutions LLC June 2011 Contact Information DLT Cloud Advisory Group 1-855-CLOUD01 (256-8301) cloud@dlt.com www.dlt.com/cloud Your Hosts Van Ristau Chief Technology Officer, DLT Solutions

More information

Adopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud

Adopting Cloud Apps? Ensuring Data Privacy & Compliance. Varun Badhwar Vice President of Product Strategy CipherCloud Adopting Cloud Apps? Ensuring Data Privacy & Compliance Varun Badhwar Vice President of Product Strategy CipherCloud Agenda Cloud Adoption & Migration Challenges Introduction to Cloud Computing Cloud Security

More information

MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing

MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT. Western Student E-Communications Outsourcing MICROSOFT OFFICE 365 PRIVACY IMPACT ASSESSMENT Western Student E-Communications Outsourcing Paul Eluchok - University Privacy Officer David Ghantous - Associate Director of Technical Services Dated: August

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

Quick guide: Using the Cloud to support your business

Quick guide: Using the Cloud to support your business Quick guide: Using the Cloud to support your business This Quick Guide is one of a series of information products targeted at small to medium sized enterprises (SMEs). It is designed to help businesses

More information

The cloud - ULTIMATE GAME CHANGER ===========================================

The cloud - ULTIMATE GAME CHANGER =========================================== The cloud - ULTIMATE GAME CHANGER =========================================== When it comes to emerging technologies, there is one word that has drawn more controversy than others: The Cloud. With cloud

More information

Information Technology: This Year s Hot Issue - Cloud Computing

Information Technology: This Year s Hot Issue - Cloud Computing Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.

More information

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter

Cloud Security considerations for business adoption. Ricci IEONG CSA-HK&M Chapter Cloud Security considerations for business adoption Ricci IEONG CSA-HK&M Chapter What is Cloud Computing? Slide 2 What is Cloud Computing? My Cloud @ Internet Pogoplug What is Cloud Computing? Compute

More information

Recommendations for companies planning to use Cloud computing services

Recommendations for companies planning to use Cloud computing services Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation

More information