Cloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader
|
|
- Lydia Robertson
- 8 years ago
- Views:
Transcription
1 Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September
2 Contents A. Introduction: a short walk in the cloud B. Samples of Cloud Solutions C. Conclusions Annex: Possible remediation and (Cloud) best practices 2
3 A. Introduction: a short walk in the cloud 3
4 A. Introduction Cloud Computing Definition Cloud computing is a collection of services delivered through the Net Cloud computing is about Business Agility and Time to Market 4
5 A. Introduction Key Drivers of Cloud Computing Data Access Globalization Cost Pressure Cloud Drivers Green IT Availability Global Talent Shortage 5
6 A. Introduction Cloud vs traditional IT On premise computing Traditional Outsourcing Cloud computing Single tenant No third parties dependency No contract Internal execution of controls Physical and logical protection Single tenant Dependence on outsourcing provider Long term annual contract Shared execution of controls Physical and logical protection Multi tenant Dependence on cloud provider, which might depend on other providers Short term standard contract Potentially unclear execution of controls Physical becomes logical 6
7 A. Introduction Types of cloud services Cloud computing technology is deployed in three general types, based on the level of internal or external ownership and technical architectures Vendor cloud (External) Cloud computing services from vendors that can be accessed across the Internet or a private network, using systems in one or more data centers, shared among multiple customers, with varying degrees of data privacy control. Sometimes called public cloud computing. Private cloud (Internal) Computing architectures modeled after vendor clouds, yet built, managed, and used internally by an enterprise; uses a shared services model with variable usage of a common pool of virtualized computing resources. Data is controlled within the enterprise. Hybrid cloud A mix of vendor cloud services, internal cloud computing architectures, and classic IT infrastructure, forming a hybrid model that uses the best-of-breed technologies to meet specific needs. 7
8 A. Introduction Key Risk Domains Governance and Business-IT alignment Cloud user organizations Cloud service providers Security SaaS IT organization readiness PaaS Vendor maturity and viability IaaS Control and compliance Availability and performance 8
9 A. Introduction Key Legal Risk Domains Confidentiality Cloud user organizations Liability Cloud service providers Privacy & Security SaaS PaaS IaaS Service Level Agreement Intellectual Property Rights Applicable Law Termination or Suspension of Service 9
10 A. Introduction Sample challenges to protect against Data Breaches Data Losses Account Hijacking Insecure APIs Denial of Service Attacks Malicious Insiders Shared Technology Flaws in one client s application could lead to breaches in other client s data as well. Permanent data losses can happen as a result of an attack on a cloud provider but also due to physical catastrophes at the data storage site. Malicious access to a cloud account can lead to attackers eavesdropping on all activities and transactions, manipulating data and/or redirecting clients to illegitimate sites. Insecure APIs expose organizations to various security issues related to confidentiality, integrity, availability and accountability. DoS attacks on cloud providers can lead to all accounts disabled and/or client services becoming too expensive to run that they are forced to take them down themselves. Malicious insiders are an increased risk for systems depending solely on cloud service providers. Flaws in an integral piece of shared technology exposes the entire community using it to compromise and breaches risk. 10
11 A. Introduction Preliminary Conclusion The Cloud allows for IT resources optimization, greater virtual scalability and important flexibility, at a contained cost. However, due to it open nature, Cloud computing raises new challenges and concerns in areas such as security, governance, compliance,... Especially in current changing regulatory environment (e.g. Draft EU Data Protection regulation, Draft EU Cyber Directive), need to obtain clarity regarding Accountability and to obtain Transparency It is possible even already today to have a Cloud environment in which (privacy) risks are contained but it requires : Well thought true pre-contract due diligence Adaption of internal policies and procedures to the Cloud environment A step by step approach in implementation and starting preferably small Attention should be paid to ensuring that (privacy) risk assessment is part of the initial consideration together with the strategic, economic and technical analysis (and not as an after-thought ) Knowing where the data will be hosted, who has access to it and how and where it goes after the contracts ends (how long does it stay in the cloud and (how) can it be removed) Require regular testing (and how), not only at beginning of contract (and actually do it ) Specific focus on contractual clauses such as (e.g. termination, transition, auditing, liability, incident response times and procedures,, sub contractors responsibilities and location) 11
12 B. Sample of cloud solutions 12
13 B. Sample of Cloud Solutions Approach DISCLAIMER: ONLY PUBLIC INFORMATION IS INCLUDED. Nothing in this presentation constitutes any legal opinion or legal advice. 13
14 B. Sample of cloud solutions Samples discussed Storage Desktop Apps Enterprise Software Media 14
15 B. Sample of Cloud Solutions Storage A few alternatives 15
16 B. Sample of Cloud Solutions Storage Offers 2 versions: Dropbox and Dropbox for Business Only offers its services only through internet: => click wrap agreements Available documentation: Terms of Service Privacy Policy Dropbox for Business Agreement DMCA Policy Acceptable Use Policy Here, we do not look at the Dropbox for Business Agreement! => next slides only apply to general Dropbox services Note: Dropbox uses Amazon for data storage. 16
17 B. Sample of Cloud Solutions Storage Topic SLA Liability Applicable Law Comments The services and software are provided as is, at your own risk, without express or implied warranty or condition of any kind. we also disclaim any warranties of merchantability, fitness for a particular purpose or noninfringement. In no event will Dropbox be liable for ( ) aggregate liability for all claims relating to the services more than the greater of $20 or the amounts paid by you to Dropbox for the past three months of the services in question California 17
18 B. Sample of Cloud Solutions Storage Topic Comments Privacy & Security Terms:? Privacy policy: We have a team dedicated to keeping your information secure and testing for vulnerabilities. We also continue to work on features to keep your information safe in addition to things like two-factor authentication, encryption of files at rest, and alerts when new devices and apps are linked to your account. SafeHarbor Certified. 18
19 B. Sample of Cloud Solutions Storage Topic Termination or suspension of service Confidentiality Intellectual Property Rights Comments We also reserve the right to suspend or end the Services at any time at our discretion and without notice. Except for Paid Accounts, we reserve the right to terminate and delete your account if you haven't accessed our Services for 12 consecutive months. We'll of course provide you with notice via the address associated with your account before we do so. Your Stuff is yours. These Terms don't give us any rights to Your Stuff except for the limited rights that enable us to offer the Services. Dropbox respects others intellectual property and asks that you do too. 19
20 B. Sample of Cloud Solutions Desktop Apps A few alternatives 20
21 B. Sample of Cloud Solutions Desktop Apps Offers several subscription plans for different needs. Offers its services through internet: => click wrap agreements Here, we look ONLY at the Microsoft Online Subscription Agreement for Office 365 for Small Business Premium 21
22 B. Sample of Cloud Solutions Desktop Apps Topic Comments SLA Detailed SLA (seperate 8 pages document) available Liability For software: the amount you were required to pay for the Product giving rise to that liability For online service: amount you were required to pay for the Online Service giving rise to that liability during the prior 12 months For free products: $5.000 Applicable Law Ireland 22
23 B. Sample of Cloud Solutions Desktop Apps Topic Termination or suspension of service Comments Termination by you at any time, but for subscription of 1 year, you re to pay up to 25% of the remaining fees. Suspension of service if ( ) fees are not paid, acceptable use policy is not respected; with 30 days notice. After 60 days without remedy, Microsoft can terminate. Buy-out option for software. 23
24 B. Sample of Cloud Solutions Desktop Apps Topic Comments Privacy & Security Annex Data Processing agreement included by default Security incident notification included. Certified for ISO Safe Harbor certified Offers EU Model Clauses for personal data transfers Much information publicly available (Transparency) Confidentiality Obligations on you in main agreement. Confidentiality clause included in Annex Data processing agreement Intellectual Property Rights Extensive software licensing clauses included. 24
25 B. Sample of Cloud Solutions Enterprise Software A few alternatives 25
26 B. Sample of Cloud Solutions Enterprise Software Offers several types of professional cloud services, such as Does not offer its services only through internet: Online subscription of free trial versions => click-wrap agreements Negotiations with Salesforce.com product experts => Contractual negotiations are similar to outsourcing. Implementation through partners => Salesforce.com often acts as subcontractor. Here, we look ONLY at Salesforce Master Subscription Agreement see: This is NEGOTIABLE! For all legal documents (e.g. 25 different customer agreements & user terms): see 26
27 B. Sample of Cloud Solutions Enterprise Software Topic Comments SLA Basic support: no additional charge; upgraded support if purchased. Commercially reasonable efforts for 24/7 availability (except planned downtime or force majeur) Liability Neither parties liability will exceed the amount paid by Customer hereunder in the 12 months preceding the incident Applicable law For EU: UK Confidentiality Bilateral confidentiality clause included. 27
28 B. Sample of Cloud Solutions Enterprise Software Topic Termination or suspension of service Comments When user subscriptions granted in accordance with this Agreement have expired or been terminated. Automatic renewal unless notice of non-renewal at least 30 days before the end. Bilateral termination for cause with 30 days notice & remediation period. SFC breach: Prepaid fees to be repaid by SFC. Your breach: to be pay fees for the remainder of the subscription. Data will be downloadable within 30 days after termination and deleted afterwards. Suspension of service if fees are not paid (7 days notice) 28
29 B. Sample of Cloud Solutions Enterprise Software Topic Comments Privacy & Security General security clause in MSA Specific requirements such as audit rights and breach notification are negotiable. No privacy clauses included, though this is negotiable. SafeHarbor Certified. TRUSTe certified Several global audit compliance, incl. ISO27001 Highlights listed on website Intellectual Property Rights Clear restrictions on client to SFC IP. No acquisition of client s IP. Client only authorizes SFC to host, copy, transmit, display and adapt applications and program code, solely as necessary to provide the services 29
30 B. Sample of Cloud Solutions Media A few alternatives 30
31 B. Sample of Cloud Solutions Media Only offered through internet Legal documents: YouTube Terms of Service (Google) Privacy Policy YouTube Community Guidelines These slides only cover the basic YouTube service (uploading videos), not advertising. 31
32 B. Sample of Cloud Solutions Media Topic Comments SLA The Service is provided "as is YouTube does not represent or warrant to you that: your use of the Service will meet your requirements, your use of the Service will be uninterrupted, timely, secure or free from error, any information obtained by you as a result of your use of the Service will be accurate or reliable, and that defects in the operation or functionality of any software provided to you as part of the Service will be corrected 32
33 B. Sample of Cloud Solutions Media Topic Comments Liability YouTube shall not be liable to you for any changes which YouTube may make to the Service, or for any permanent or temporary cessation in the provision of the Service (or any features within the Service); the deletion of, corruption of, or failure to store, any Content and other communications data maintained or transmitted by or through your use of the Service your failure to provide YouTube with accurate account information your failure to keep your password or YouTube account details secure and confidential. 33
34 B. Sample of Cloud Solutions Media Topic Comments Applicable Law UK Privacy & Security The Google privacy policy is part of the YouTube Terms of Service General security clause included. Safe Harbor Certified Confidentiality You understand that whether or not Content is published, YouTube does not guarantee any confidentiality with respect to Content. 34
35 B. Sample of Cloud Solutions Media Topic Intellectual Property Rights Comments You retain all of your ownership rights You grant to YouTube, a worldwide, non-exclusive, royalty-free, transferable license (with right to sublicense) to use, reproduce, distribute, prepare derivative works of, display, and perform that Content in connection with the provision of the Service and otherwise in connection with the provision of the Service and YouTube's business, including without limitation for promoting and redistributing part or all of the Service (and derivative works thereof) in any media formats and through any media channels; The license ends when you remove your content. 35
36 C. Conclusions 36
37 C. Conclusions What to take with you Cloud legal risks are comparable to outsourcing legal risks. Cloud legal risks will differ per type of cloud service. If the service is free, it will likely be reflected in the T&C. Review your contractual framework carefully (external but also internal) and involve not only legal department but also Business and IT groups. Contact the cloud provider to negotiate in order to establish a contractual (control) framework adapted to your business/risk needs. Legal risks are only one part of cloud computing. Also take into account: Fit for business IT alignment IT department transformation 37
38 Erik Luysterborg Partner, CIPP EMEA Data Protection & Privacy Leader Deloitte Enterprise Risk Services Direct: Mobile: David Lenaerts Manager, CIPP/E, CIPM dlenaerts@deloitte.com Deloitte Enterprise Risk Services Direct: Mobile: Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ( DTTL ), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as Deloitte Global ) does not provide services to clients. Please see for a more detailed description of DTTL and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 150 countries and territories, Deloitte brings world-class capabilities and high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte s more than 200,000 professionals are committed to becoming the standard of excellence. This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities (collectively, the Deloitte Network ) is, by means of this communication, rendering professional advice or services. No entity in the Deloitte network shall be responsible for any loss whatsoever sustained by any person who relies on this communication For information, contact Deloitte Belgium
39 Annex: Possible remediation and (Cloud) best practices 39
40 Possible remediation and (Cloud) best practices Have a look under the hood of your cloud provider See to it that its service engagements (policies) meet (and /or exceed ) your own security requirements (policies) (e.g. what are the logs that are generated to show that information in the cloud has been accessed, copied, modified or otherwise used?) Consider (availability of) independent security audit report and use of security standards such as e.g. ISO27001 or ISO 27018:2014 (ensure it is certified by recognized third party accredited body) or SSAE16 (need to see actual report, need to examine controls in place as described in report). Look carefully at Cloud provider s (exception, risk & performance) indicators & monitoring as well as any incident management procedures Obtain overview/listing of all third party subcontractors of Cloud provider Do not rely solely on contracts but check Cloud provider s real procedures and processes and do ensure that contract clauses are both flexible, dynamic and precise (e.g. liability, intellectual property, back up and recovery processes, exit and change management) 40
41 Possible remediation and (Cloud) best practices Have a look under the hood of your cloud provider Develop appropriate contractual terms to ensure protection, especially as it relates to: Records retention and lawful access Data sharing risks/commingling Applicable law risks Timing of incident management procedures Requirements relating to audit/monitoring/evidence of compliance of subcontractors Have a close look at Cloud provider s actual security measures and policies: Physical security: policy on access restrictions Network security: firewalling technology etc. Server security: how servers have been protected against attack, policies for continued improvement Data segregation policies: Multi tenancy implies no segregation but how is logical segregation achieved User (client) authentication policies etc. Encryption: what algorithms and what strength? 41
42 Possible remediation and (Cloud) best practices Avoid the Paper Tiger Syndrome Avoid paper tiger syndrome and have a risk based approach to privacy compliance in the Cloud: Understand & identify Cloud provider s (personal) data handling practices, especially re. cross border data transfer/storage (legal) framework, (secondary) usage of data, data breach notification/remediation process, request for information procedures, etc. Consider differentiating (Cloud) treatment of personal data (e.g. sensitive personal data versus nonsensitive, anonymisation of data) Take appropriate measures to ensure adequate application security, development processes and penetration / vulnerability testing. Require regular (independent/third party) testing at the start of the vendor relationship. Consider strategies based on encryption/data obfuscation. Assess privacy obligations of your clients, yourself and Cloud provider, identify any discrepancies/conflicts and accept/deal with them (both contractually as well as operationally) Implement a risk based and scalable privacy program taking into account cost, risk-appetite and effectiveness (and based on people, process & technology) as well as the specific Cloud environment Your policies and procedures must explicitly address cloud privacy risks. But bear in mind that is very dangerous to have nice policies and contractual language if you do not have staff to do it/follow it through. 42
43 Possible remediation and (Cloud) best practices Avoid the Paper Tiger Syndrome Avoid paper tiger syndrome and have a risk based approach to privacy compliance in the Cloud (continued): Train employees and staff accordingly to mitigate security/privacy risks in cloud computing (multidepartmental approach) Be clear as to ownership of the Cloud transformation within your organization. Document ownership of risks/mitigation. Identify types of personal information in flow, as well as what systems, entities and jurisdictions that data flow through. Information governance must be put in place and must provide tools and procedures for classifying information and assessing risks. Specific policies must be established for cloud based processing based upon risk and value of asset/data. 43
44 Possible remediation and (Cloud) best practices Consider Main Menu vs à la Carte Choose carefully between security main menu and à la carte solutions: Consider both the Cloud provider s as your own security environment and risk management practices and detect dependencies/interconnectivity and conflicts Ensure that Cloud provider s role is clearly outlined and that contractual obligations are in line with reality. Does Cloud provider act merely as custodian, instead of a controller of data? (e.g. through use of advanced encryption) Focus specifically on existence of strong authentication, encryption requirements and key management, user access and delegation as well as data storage & sanitization procedures. Provider should have comprehensive disaster recovery, incident response (e.g. logging tools) and compartmentalization practices (e.g. systems, networks, provisioning, staff etc.) 44
1. Understanding Big Data
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. 2016 Deloitte
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationCloud Security Introduction and Overview
Introduction and Overview Klaus Gribi Senior Security Consultant klaus.gribi@swisscom.com May 6, 2015 Agenda 2 1. Cloud Security Cloud Evolution, Service and Deployment models Overview and the Notorious
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationHIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT
HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT A Review List This paper was put together with Security in mind, ISO, and HIPAA, for guidance as you move into a cloud deployment Dr.
More informationCLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM
CLOUD STORAGE SECURITY INTRODUCTION Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members may use this material
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationContracting for Cloud Computing
Contracting for Cloud Computing Geofrey L Master Mayer Brown JSM Partner +852 2843 4320 geofrey.master@mayerbrownjsm.com April 5th 2011 Mayer Brown is a global legal services organization comprising legal
More informationAddressing Cloud Computing Security Considerations
Addressing Cloud Computing Security Considerations with Microsoft Office 365 Protect more Contents 2 Introduction 3 Key Security Considerations 4 Office 365 Service Stack 5 ISO Certifications for the Microsoft
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationBy using the Cloud Service, Customer agrees to be bound by this Agreement. If you do not agree to this Agreement, do not use the Cloud Service.
1/9 CLOUD SERVICE AGREEMENT (hereinafter Agreement ) 1. THIS AGREEMENT This Cloud Service Agreement ("Agreement") is a binding legal document between Deveo and you, which explains your rights and obligations
More informationCloud Computing: Background, Risks and Audit Recommendations
Cloud Computing: Background, Risks and Audit Recommendations October 30, 2014 Table of Contents Cloud Computing: Overview 3 Multiple Models of Cloud Computing 11 Deployment Models 16 Considerations For
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationCAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING?
CAN NUCLEAR INSTALLATIONS AND RESEARCH CENTERS ADOPT CLOUD COMPUTING? Ameer Pichan School of Electrical Engineering & Computing Curtin University, Australia What is it? Similar to other services net r
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationNegotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham
Negotiating Contracts That Will Keep our Clouds Afloat: You re going to put THAT in a cloud? Meteorologist: Daniel T. Graham The dynamic provisioning of IT capabilities, whether hardware, software, or
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationOrchestrating the New Paradigm Cloud Assurance
Orchestrating the New Paradigm Cloud Assurance Amsterdam 17 January 2012 John Hermans - Partner Current business challenges versus traditional IT Organizations are challenged with: Traditional IT seems
More informationLegal issues in the Cloud
Legal issues in the Cloud Renzo Marchini, Dechert LLP, London, UK Gene K. Landy, Ruberto, Israel & Weiner, PC Boston, MA, USA Portions 2010 Dechert LLP. Portions 2010 Ruberto, Israel & Weiner, PC. Attorneys
More informationThird Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationWhat Every User Needs To Know Before Moving To The Cloud. LawyerDoneDeal Corp.
What Every User Needs To Know Before Moving To The Cloud LawyerDoneDeal Corp. What Every User Needs To Know Before Moving To The Cloud 1 What is meant by Cloud Computing, or Going To The Cloud? A model
More informationSoftware Hosting and End-User License Subscription Agreement
Software Hosting and End-User License Subscription Agreement (Last Updated October 31, 2015) IMPORTANT! The Contrail software (the "SOFTWARE") that you seek to use was developed by OneRain Incorporated
More informationCloud computing Alessandro Galtieri Pavel Klimov Severin Loeffler
Cloud computing Alessandro Galtieri, Senior Lawyer, Colt Technology Services, London, UK Pavel Klimov, General Counsel EMEA, Unisys, London, UK Severin Loeffler, Assistant General Counsel, Central Eastern
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org
Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More informationSTATE MODEL CLOUD COMPUTING SERVICES SPECIAL PROVISIONS (Software as a Service)
SHI THESE SPECIAL PROVISIONS ARE ONLY TO BE USED FOR SOFTWARE AS A SERVICE (SaaS), AS DEFINED BELOW. THESE SPECIAL PROVISIONS ARE TO BE ATTACHED TO THE GENERAL PROVISIONS INFORMATION TECHNOLOGY AND ACCOMPANIED
More informationOn Premise Vs Cloud: Selection Approach & Implementation Strategies
On Premise Vs Cloud: Selection Approach & Implementation Strategies Session ID#:10143 Prepared by: Praveen Kumar Practice Manager AST Corporation @Praveenk74 REMINDER Check in on the COLLABORATE mobile
More informationPublic Clouds. Krishnan Subramanian Analyst & Researcher Krishworld.com. A whitepaper sponsored by Trend Micro Inc.
Public Clouds Krishnan Subramanian Analyst & Researcher Krishworld.com A whitepaper sponsored by Trend Micro Inc. Introduction Public clouds are the latest evolution of computing, offering tremendous value
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationClouds on the Horizon Cloud Security in Today s DoD Environment. Bill Musson Security Analyst
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
More informationZIMPERIUM, INC. END USER LICENSE TERMS
ZIMPERIUM, INC. END USER LICENSE TERMS THIS DOCUMENT IS A LEGAL CONTRACT. PLEASE READ IT CAREFULLY. These End User License Terms ( Terms ) govern your access to and use of the zanti and zips client- side
More informationCloud Computing: What needs to Be Validated and Qualified. Ivan Soto
Cloud Computing: What needs to Be Validated and Qualified Ivan Soto Learning Objectives At the end of this session we will have covered: Technical Overview of the Cloud Risk Factors Cloud Security & Data
More informationSATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks
SATURDAY, FEBRUARY 28, 2015 CLE 10 (Ethics) 9:30 a.m. 10:30 a.m. Moving to the Cloud - Identifying & Managing Legal, Ethical and Compliance Risks Moving to the Cloud - Identifying & Managing Legal, Ethical
More informationVirtual Private Server Services Specific Terms and Conditions
Virtual Private Server Services Specific Terms and Conditions These Specific Terms and Conditions and ROOT General Terms and Conditions shall be interpreted and applied together as a single instrument
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationSTORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM
STORAGE SECURITY TUTORIAL With a focus on Cloud Storage Gordon Arnold, IBM SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA. Member companies and individual members
More informationTerms of Service. Permitted uses You may use the Services for your own internal business purposes only in accordance with these Terms.
Terms of Service Description of services Through its network of Web properties, Nintex UK Ltd and its global affiliates ( Nintex or We ) provides a variety of resources, including but not limited to hosted
More informationUniversal Terms of Service Agreement Moodle Clients
Universal Terms of Service Agreement Moodle Clients The relationship between ELEARNING EXPERTS LLC and its clients is governed by this Universal Terms of Service Agreement. ELEARNING EXPERTS LLC BOX 1055
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationService Description: Dell Backup and Recovery Cloud Storage
Service Description: Dell Backup and Recovery Cloud Storage Service Providers: Dell Marketing L.P. ( Dell ), One Dell Way, Round Rock, Texas 78682, and it s worldwide subsidiaries, and authorized third
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationWhat Is The Cloud And How Can Your Agency Use It. Tom Konop Mark Piontek Cathleen Christensen
What Is The Cloud And How Can Your Agency Use It Tom Konop Mark Piontek Cathleen Christensen Video Computer Basics: What is the Cloud What is Cloud Computing Cloud Computing Basics The use of the word
More informationCloud Computing Security Issues and Controls
Cloud Computing Security Issues and Controls ACC 626 Information System Assurance & Computer-Assisted Auditing Peter Shih-Hsien Chen June 30th, 2013 Table of Contents Introduction... 1 History of Cloud
More informationHow To Protect Your Cloud Computing Resources From Attack
Security Considerations for Cloud Computing Steve Ouzman Security Engineer AGENDA Introduction Brief Cloud Overview Security Considerations ServiceNow Security Overview Summary Cloud Computing Overview
More informationD. L. Corbet & Assoc., LLC
Demystifying the Cloud OR Cloudy with a Chance of Data D. L. Corbet & Assoc., LLC thelinuxguy@donet.com Why 'The Cloud' Common Clouds Considerations and Risk Why 'The Cloud' Distributed Very Large / Very
More informationExhibit 3 to Appendix D to Contract (per Amendment 6) SaaS Module
1. INTRODUCTION Exhibit 3 to Appendix D to Contract (per Amendment 6) SaaS Module 1.1. This Module for Software as a Service ( SaaS Module ) between CA and Customer, effective December 15, 2015, specifies
More informationAuditing Software as a Service (SaaS): Balancing Security with Performance
Auditing Software as a Service (SaaS): Balancing Security with Performance Goals for Today Defining SaaS (Software as a Service) and its importance Identify your company's process for managing SaaS solutions
More informationCloud Computing. Cloud Computing An insight in the Governance & Security aspects
Cloud Computing An insight in the Governance & Security aspects AGENDA Introduction Security Governance Risks Compliance Recommendations References 1 Cloud Computing Peter Hinssen, The New Normal, 2010
More informationSTANDING CLOUD, INC. ( SC ) TERMS OF SERVICE
STANDING CLOUD, INC. ( SC ) TERMS OF SERVICE These Terms of Service ( Terms ) govern your use of Standing Cloud s online deployment platform for application software (the Services ). By using the Services,
More informationYa-YaOnline Platform ( Service ).
SOFTWARE AS A SERVICE AGREEMENT FOR THE USE OF: Ya-YaOnline Platform ( Service ). NOW IT IS HEREBY AGREED by and between the parties hereto as follows:- Definitions "Agreement" means this Agreement and
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationFRANZ SOFTWARE LICENSE AGREEMENT
NOTICE TO USER: BY INSTALLING THIS SOFTWARE YOU ACCEPT ALL OF THE FOLLOWING TERMS AND CONDITIONS AND THOSE CONTAINED IN THE ATTACHED LICENSE AGREEMENT. PLEASE READ IT CAREFULLY. THE ATTACHED SOFTWARE LICENSE
More informationWhat s the Path? Information Life-cycle part of Vendor Management
Disclaimer The materials provided in this presentation and any comments or information provided by the presenter are for educational purposes only and nothing conveyed or provided should be considered
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationTERMS and CONDITIONS OF USE - NextSTEPS TM
TERMS and CONDITIONS OF USE - NextSTEPS TM DATED MARCH 24, 2014. These terms and conditions of use (the Terms and Conditions ) govern your use of the website known as NextSTEPS TM, https://www.stepsonline.ca/
More informationCyber intelligence exchange in business environment : a battle for trust and data
Cyber intelligence exchange in business environment : a battle for trust and data Experiences of a cyber threat information exchange research project and the need for public private collaboration Building
More informationService Description: Cisco Prime Home Hosted Services. This document describes the Cisco Prime Home Hosted Services.
Service Description: Cisco Prime Home Hosted Services This document describes the Cisco Prime Home Hosted Services. Related Documents: The following documents also posted at www.cisco.com/go/servicedescriptions/
More information05.0 Application Development
Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationCFOs and CIOs: How do you know when to reach for the clouds?
CFOs and CIOs: How do you know when to reach for the clouds? I would like to have a way to allow many different users to have access to data and to have better analytic capabilities should we just move
More informationData Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture
Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction
More informationJeanne Kelly, Partner Cloud Computing: The Legal Issues
Jeanne Kelly, Partner Cloud Computing: The Legal Issues 14 June 2010 One of the things we really need to watch out for is that we don t hold cloud deployment back because we have some storyline about how
More informationThis Agreement was last updated on November 21, 2015. It is effective between You and Us as of the date of You accepting this Agreement.
SOFTWARE AS A SERVICE (SaaS) AGREEMENT This Software as a Service Agreement ( SaaS Agreement ) is by and between Advantiv Solutions LLC ( Advantiv ) and You, as defined in Your SaaS Subscription Order
More informationSaaS Terms & Conditions
SaaS Terms & Conditions TERMS OF USE: BY CLICKING THE REGISTER BUTTON DISPLAYED AS PART OF THE REGISTRATION PROCESS, YOU AGREE TO THE FOLLOWING TERMS AND CONDITIONS (THE AGREEMENT ) GOVERNING YOUR USE
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationResidual risk. 3 Compliance challenges (i.e. right to examine, exit clause, privacy acy etc.)
Organizational risks 1 Lock-in Risk of not being able to migrate easily from one provider to another 2 Loss of Governance Control and influence on the cloud providers, and conflicts between customer hardening
More informationCloud Agreements: Do s, Don ts, and Cautions
Cloud Agreements: Do s, Don ts, and Cautions 4 th Annual Grand Rapids IT Symposium June 11, 2015 Nate Steed & Ken Coleman 2015 Warner Norcross & Judd LLP. All rights reserved. WNJ.com Disclaimer 2015 Warner
More informationStrategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security
Strategic Compliance & Securing the Cloud Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security Complexity and Challenges 2 Complexity and Challenges Compliance Regulatory entities
More informationHow To Use Etechglobal Online Store
5204 S. Sand Cherry Circle, Sioux Falls SD 57108 www.etechglobal.com Phone: (605) 339-4529 Merchant Service and Licensing Agreement AGREEMENT The EtechGlobal Online Store service ("EtechGlobal Online Store"
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationEmerging legal issues in Cloud Computing Clouds on the horizon?
Emerging legal issues in Cloud Computing Clouds on the horizon? id law partners / BGMA Malcolm Bain WHO AM I? Malcolm Bain English Solicitor, Spanish lawyer Founding partner id law partners, boutique IP/IT
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationLibrary Systems Security: On Premises & Off Premises
Library Systems Security: On Premises & Off Premises Guoying (Grace) Liu University of Windsor Leddy Library Huoxin (Michael) Zheng Castlebreck Inc. CLA 2015 Annual Conference, Ottawa, June 5, 2015 Information
More informationCloud Computing Risks & Reality. Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com
Cloud Computing Risks & Reality Sandra Liepkalns, CRISC sandra.liepkalns@netrus.com What is Cloud Security The quality or state of being secure to be free from danger & minimize risk To be protected from
More informationDedicated Server Services Specific Terms and Conditions
Dedicated Server Services Specific Terms and Conditions These Specific Terms and Conditions and ROOT General Terms and Conditions shall be interpreted and applied together as a single instrument (the Agreement
More informationSecurity Considerations for Public Mobile Cloud Computing
Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationSecuring and Auditing Cloud Computing. Jason Alexander Chief Information Security Officer
Securing and Auditing Cloud Computing Jason Alexander Chief Information Security Officer What is Cloud Computing A model for enabling convenient, on-demand network access to a shared pool of configurable
More informationACOT WEBSITE PRIVACY POLICY
ACOT WEBSITE PRIVACY POLICY Our commitment to privacy acot.ca (the Website ) is a website owned and operated by The Alberta College of Occupational Therapists ( ACOT ), also referred to as we, us, or our
More informationRunning head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1
Running head: TAKING A DEEPER LOOK AT THE CLOUD: SOLUTION OR 1 Taking a Deeper Look at the Cloud: Solution or Security Risk? LoyCurtis Smith East Carolina University TAKING A DEEPER LOOK AT THE CLOUD:
More informationAXIS12 DRUPAL IN A BOX ON THE CLOUD
SERVICE LEVEL AGREEMENT AXIS12 DRUPAL IN A BOX ON THE CLOUD version 1.0 Page 1 of 6 This Axis12 Drupal in a box on the cloud Service Level Agreement ( SLA ) is a policy governing the use of the Axis12
More informationEnsuring Enterprise Data Security with Secure Mobile File Sharing.
A c c e l l i o n S e c u r i t y O v e r v i e w Ensuring Enterprise Data Security with Secure Mobile File Sharing. Accellion, Inc. Tel +1 650 485-4300 1804 Embarcadero Road Fax +1 650 485-4308 Suite
More informationTerms and conditions 2011
Terms and conditions 2011 MailPerformance UK Ltd is engaged in the business of, amongst other things, providing certain email distribution services, including delivering content generated by MailPerformance
More informationSelect Internet. Standard Terms and Conditions relating to the supply of online backup services by Select Internet
Select Internet Standard Terms and Conditions relating to the supply of online backup services by Select Internet Select Internet, PO Box 317 Kidlington, Oxford. OX5 3WZ www.selectinternet.co.uk Page 1
More informationSecurity & Trust in the Cloud
Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer
More informationData In The Cloud: Who Owns It, and How Do You Get it Back?
Data In The Cloud: Who Owns It, and How Do You Get it Back? Presented by Dave Millier, Soban Bhatti, and Oleg Sotnikov 2013 Sentry Metrics Inc. Agenda Reasons for Cloud Adoption How Did My Data Get There?
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More information