Legal issues in the Cloud
|
|
- Jeffry Antony Fitzgerald
- 8 years ago
- Views:
Transcription
1 Legal issues in the Cloud Renzo Marchini, Dechert LLP, London, UK Gene K. Landy, Ruberto, Israel & Weiner, PC Boston, MA, USA Portions 2010 Dechert LLP. Portions 2010 Ruberto, Israel & Weiner, PC.
2 Attorneys and Authors
3 Cloud Overview What is Cloud Computing? Setting the scene Data Protection and Information Security Who is responsible for data protection compliance? What are the security requirements? Does it matter where the data is? Issues in Cloud Contracts Comparison with other IT models Service changes Service level agreements Liability for data Ownership/use of data Other Cloud Legal Issues
4 Concepts of Cloud Computing Cloud computing is a simple idea with a huge impact. Instead of running your apps yourself, they run on a shared data center that s managed by the service provider. You just log in, customize, and start using an app. Source: SalesForce.com What [cloud computing] has come to mean now is a synonym for the return of the mainframe, and the mainframe is a set of computers. You never visit them, you never see them. But they're out there. They're in a cloud somewhere. They're in the sky, and they're always around. That's roughly the metaphor. Source: Google CEO Eric Schmidt
5 Why Cloud?
6 Many Business and Consumer Cloud Services Business Services e.g. Net Suite Media Services e.g. Bright Cove Online Application Add-Ins e.g. Google Maps Social Media e.g. Facebook, Twitter Small Business Services e.g. Constant Contact Consumer Services Gmail Development Platforms Microsoft Azure
7 Cloud Digital Media Issues Search Engine Issues Excerpts and thumbnails Google News Cases / Google Book Litigation and Settlement Notice and Takedown Rules Viacom v. YouTube Cartoon Network v. CSC Holdings, 536 F.3d 121 (2nd Cir. 2008)
8 Entrepreneurship in the Public Cloud No Server startups. Scaling up and scaling down in the cloud. Functionality that works best in the cloud. Operational advantages and challenges. The Customers: Consumer. Small business. Enterprise.
9 Some Types of Cloud Services Software as a Service (SaaS) (eg Salesforce.com) Platform as a Service (PaaS) (eg Microsoft Azure) Infrastructure as a Service (IaaS) (eg Amazon EC2) Storage Servers Networks Virtualisation
10 Typical SaaS Business Solution Hosted and Accessed Remotely via Internet or Mobile Specially Built for SaaS Web Technology Multi-Tenanted
11 Typical Cloud Solution - A Complex Environment Mobile Client Browser Presentation Data, Media, or Other Third Party Services Process Services Business or Consumer Services Security Services Directory Services Data / Media File System Databases Chart Adapted from Microsoft
12 Key Data Protection Issues Who is responsible for data protection compliance? Who is the controller? What are the security requirements? Can that be delegated to the cloud provider? Does it matter where the data is? Cross border issues
13 Controller or Processor? Directive 95/46 on protection of personal data data controller: person which alone or jointly with others determines the purposes and means of the processing of personal data data processor: person which processes personal data on behalf of the controller Controllers have obligations under the Directive; processors (in most member states) have none. of course, controllers take responsibility for processors controllers/processors may well want indemnities
14 SWIFT US Government Data Controller Bank Bank Data Controller
15 SWIFT Irrelevant what contract says SWIFT determined what personal data was processed. functionality eg determining standards as to the form and content of messages. security standard the location of its data centres SWIFT decided to negotiate with the US authorities in relation to the warrants. Article 29 Working Party (February 2010) technical decisions can be delegated but not the essential elements of the means ISP providing hosting services is in principle a processor
16 Who is the Data Controller in the Cloud? Services may be presented almost on a take it or leave it basis Purpose behind cloud is to shift data to locations where resources are available According to working party criteria: doesn t this sound like a controller? Still a risk that a cloud provider (an SaaS) will be found to be a controller. Perhaps less so for an IaaS provider
17 What if the provider is a controller? The provider has no contractual relationship with the individuals How can it comply with Directive obligations? Individuals (eg employee/customer) Of course, it may be outside of the EU, but if not. Article 7 legitimisation of processing Article 11 Information to be provided to the data subject Article 12 Rights of Access Cloud Customer SaaS Provider (eg Salesforce.com). and so on.
18 Key Data Protection Issues Who is responsible for data protection compliance? Who is the controller? What are the security requirements? Can that be delegated to the cloud provider? Does it matter where the data is? Cross border issues
19 Article 17 Security of Processing.. the controller must implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. Data controller must: carry out diligence take reasonable steps to ensure compliance with those measures written contract under which (i) processor acts only upon instructions from controller and (ii) equivalent security obligation accepted by processor
20 Security in practice in the cloud (1) Due Diligence cloud providers inundated by questionnaires being more and more open; increasing use of FAQs Security Policy Physical Security - policy on access restrictions Network Security - firewalling technology and so on Server Security - how servers have been hardened against attack, policies for continuing improvement. Data Segregation policies multi-tenancy implies that no physical segregation but how is logical segregation achieved user (client) authentication policies, etc. Encryption - what algorithms and what strength data at rest data in transit
21 Security in practice in the cloud (2) Audit/Certification How can you undertake diligence of audit, when you don t know where the data is? Will regulators accept certification by accredited third parties as an alternative ISO (and series) Security standard Careful with Conforms with this is self-assessment Ensure it is certified by a recognised, third party accredited body SAS 70 Statement on Auditing Standards No. 70 (SAS 70) Accounting standard, not a security standard Need to see actual report (ensure it is a Type II report) Need to examine the controls which are in place and have been described and commented on.
22 Key Data Protection Issues Who is responsible for data protection compliance? Who is the controller? What are the security requirements? Can that be delegated to the cloud provider? Does it matter where the data is? Cross border issues
23 Transborder Issues Transfers out of the EEA Article 25 of Directive 95/46: The Member States shall provide that the transfer to a third country of personal data may take place only if the third country in question ensures an adequate level of protection Adequate countries Argentina, Canada, Switzerland, and Jersey, Guernsey and the Isle of Man, Faroe Islands Soon Andora and Israel Fundamental point here is that you need to know where the data is.
24 What to do if Transferee Country not Adequate? US Safe Harbor Model Contracts Controller to Controller (two sets) Controller to Processor (the new set makes it easier for outsourcing) BCRs not applicable except for private clouds perhaps Self-assessment OK in the UK
25 Problems of onward transfers Customer (in Europe) SaaS Provider (in a third country) IaaS Provider (in a third country) US Safe Harbor: onward transfers allowed to sub-processors under written contract. Model Clauses for controller to controller (set II): allows onward transfers to processors (with no additional formality) Model Clauses for controller to processor (new set): allowed if sub-processor signs own contract! (and many other hoops)
26 US Data Protection Issues Many Different Laws Federal Trade Commission Cases Children s Online Data Privacy Protection Act (COPPA) State Data Breach Notification Acts. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999 Federal Trade Commission Red Flag Rules regarding personal financial and payment data. Massachusetts Data Privacy Regulations
27 Comparison SaaS and Software Licensing Software as a Service Provider Infrastructure Remote Access Subscription Based Continuous Update Data with Provider (or Provider s Hosting Provider) Software Licence Customer s Server Physical Delivery (Media or Download) License Fee Release Schedules Data with Customer
28 Comparison SaaS and Managed Services Software as a Service Provider Infrastructure/ Remote Access Data with Provider Usage Based Fees Normally Virtualised Scalable On-Demand Managed Service Provider Infrastructure/ Remote Access Data with Provider Negotiable Fixed Infrastructure (may be Virtualized) Normally not Dynamically Scalable
29 Contracting Issues Pricing Models Google Maps Commercial Service Per User Per Access Per Transaction Try and Buy Terminable at Will? Configuration and Customization? Acceptance?
30 Service Level Agreements (SLAs) Aspects of SLAs Downtime Response / Fix Remedies
31 Contracting Issues - Liability for Data One breach might affect several or all customers because of multi-tenancy Customer wants (but likely cannot get) indemnity for cost of breach of security including: Investigation and repair of data Notification of data subjects Advertising / public relations Customer ID theft insurance Help desks, etc. Claims from customers or shareholders Is security transparent and auditable?
32 Contracting Issues - Liability for Data, cont d Provider Normally Accepts no Liability for: Loss of data Breach of security of data Integrity of data US Provider may have SAS 70 Certification (Statement on Auditing Standards No. 70: Service Organizations of the AICPA) or the hosting provider may have this certification. Backup and Recovery Manner and frequency of backing-up? Access to data backups. Data recovery site Fail-over protection?
33 Contracting Issues Access to Data Data retrieval / migration to new vendor on termination (and lock in ). Where is the data? Customer contracts with a SaaS provider who in turn contracts with a PaaS provider who in turn contracts with an IaaS provider What happens if the SaaS provider is insolvent? Third party access to data via compulsory legal process. Customer Software as a Service Platform as a Service Infrastructure as a Service Data is somewhere The software escrow conundrum.
34 Bad User Data Infringing, libelous, obscene, threatening, stolen, restricted, etc. supplied by customer or users Mass mailings of unsolicited mail Spam Can provider use self-help without prior notice?
35 Issues in Partnering Between SaaS Vendors User data in multiple places in the cloud Additional security/data breach failure points Technical / business dependencies / more failure modes Integration - Do APIs exist or do they have to be built? At whose cost? Bottom line: need a workable technical and contingency strategy that is documented in the agreement
36 Other Cloud/Legal Issues to Note Taxation / Investment Expense vs. capital investment Continuous Improvement Model Shifting definition of the SaaS service, defined by online documentation that is continually updated. Multi-SaaS Vendor Solutions Who has service responsibility? IP / Infringement Risk Shift from Customer to Cloud Vendor. Open Source (Copy Left) Problems Providing cloud services can be a magic bullet solution. Trade Secret Protection Much easier if the vendor never ships the code. Reverse engineering rights don t apply. Vendor s Contractual Rights to Use Data. The value of data aggregation.
37 Questions?
38 Want to Know More? Just Contact: Renzo Marchini Dechert LLP 160 Queen Victoria Street London EC4V 4QQ Gene Landy Ruberto Israel & Weiner, PC 100 No. Washington Street Boston MA USA
Evolving Technology Issues: Cloud Computing
Evolving Technology Issues: Cloud Computing Michael Bennett October 16, 2011 2011 Edwards Wildman Palmer LLP & Edwards Wildman Palmer UK LLP Cloud Computing Does compliance with applicable laws fall to
More informationData Protection Act 1998. Guidance on the use of cloud computing
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationCloud Computing. Making legal aspects less cloudy. Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader
Cloud Computing Making legal aspects less cloudy Erik Luysterborg Partner Cyber Security & Privacy Belgium EMEA Data Protection & Privacy Leader 30 September 2014 1 Contents A. Introduction: a short walk
More informationCloud Computing An Auditor s Perspective
Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationCloud Security and Managing Use Risks
Carl F. Allen, CISM, CRISC, MBA Director, Information Systems Security Intermountain Healthcare Regulatory Compliance External Audit Legal and ediscovery Information Security Architecture Models Access
More informationLegal Issues in the Cloud: A Case Study. Jason Epstein
Legal Issues in the Cloud: A Case Study Jason Epstein Outline Overview of Cloud Computing Service Models (SaaS, PaaS, IaaS) Deployment Models (Private, Community, Public, Hybrid) Adoption Different types
More informationLegal Issues Associated with Cloud Computing. Laurin H. Mills May 13, 2009
Legal Issues Associated with Cloud Computing Laurin H. Mills May 13, 2009 What Is Cloud Computing? The cloud is a metaphor for the Internet Leverages the connectivity of the Internet to optimize the utility
More informationCloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World
Cloud Computing Risks in Financial Services Companies: How Attorneys Can Best Help In An Increasingly SaaS-ified World July 30, 2015 Sutherland Webinar Michael Steinig 202.383.0804 Michael.Steinig@sutherland.com
More informationData Protection and Cloud Computing: an Overview of the Legal Issues
Data Protection and Cloud Computing: an Overview of the Legal Issues Christopher Kuner Partner, Hunton & Williams, Brussels Research Assistant, University of Copenhagen Nordic IT Law Conference Copenhagen,
More informationTop 10 Cloud Risks That Will Keep You Awake at Night
Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com
More informationHarnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011
2011 Morrison & Foerster LLP All Rights Reserved mofo.com Harnessing The Cloud: Managing Risks and Governance in a Cloud Environment Russell G. Weiss November 9, 2011 Presenter Russell Rusty Weiss Partner
More informationCloud Computing: Legal Risks and Best Practices
Cloud Computing: Legal Risks and Best Practices A Bennett Jones Presentation Toronto, Ontario Lisa Abe-Oldenburg, Partner Bennett Jones LLP November 7, 2012 Introduction Security and Data Privacy Recent
More informationCloud Computing In a Post Snowden World. Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs
Cloud Computing In a Post Snowden World Guy Wiggins, Kelley Drye & Warren LLP Alicia Lowery Rosenbaum, Microsoft Legal and Corporate Affairs Guy Wiggins Director of Practice Management Kelley Drye & Warren
More informationCloud Computing - Starting Points for Privacy and Transparency
Computing - Starting Points for Privacy and Transparency Ina Schiering Ostfalia University of Applied Science Wolfenbüttel, Germany IFIP Summerschool: Privacy and Identity Management for Life, Helsingborg,
More informationMicrosoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10
Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID This Microsoft Online Services Security Amendment ( Amendment ) is between
More informationWrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors
1 Wrapping Audit Arms around the Cloud Georgia 2013 Conference for College and University Auditors Scott Woodison Executive Director, Compliance and Enterprise Risk Office of Internal Audit and Compliance
More informationCloud Computing. What is Cloud Computing?
Cloud Computing What is Cloud Computing? Cloud computing is where the organization outsources data processing to computers owned by the vendor. Primarily the vendor hosts the equipment while the audited
More informationTop 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World
Top 10 Tips and Tools for Meeting Regulatory Requirements and Managing Cloud Computing Providers in the United States and Around the World Web Hull Privacy, Data Protection, & Compliance Advisor Society
More informationCloud Computing: Contracting and Compliance Issues for In-House Counsel
International In-house Counsel Journal Vol. 6, No. 23, Spring 2013, 1 Cloud Computing: Contracting and Compliance Issues for In-House Counsel SHAHAB AHMED Director Legal and Corporate Affairs, Microsoft,
More informationOverview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin
Overview of Cloud Computing and Cloud Computing s Use in Government Justin Heyman CGCIO, Information Technology Specialist, Township of Franklin Best Practices for Security in the Cloud John Essner, Director
More informationEnrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES17 --------------
w Microsoft Volume Licensing Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 Enrollment for Education Solutions number Microsoft to complete --------------
More informationKey privacy / data protection questions
Illuminating the Cloud: the What, Who and Where of Privacy Compliance Professor IAPP Europe Data Protection Intensive, London, April 2012 Key privacy / data protection questions What information in clouds
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More informationCloud Computing and Privacy Laws! 17.7. 22.7. 2011 Prof. Dr. Thomas Fetzer, LL.M. Technische Universität Dresden Law School
DEUTSCH-FRANZÖSISCHE SOMMERUNIVERSITÄT! FÜR NACHWUCHSWISSENSCHAFTLER 2011! CLOUD COMPUTING : HERAUSFORDERUNGEN UND MÖGLICHKEITEN UNIVERSITÉ DʼÉTÉ FRANCO-ALLEMANDE POUR JEUNES CHERCHEURS 2011! CLOUD COMPUTING
More informationInsights into Cloud Computing
This article was originally published in the November 2010 issue of the Intellectual Property & Technology Law Journal. ARTICLE Insights into Cloud Computing The basic point of cloud computing is to avoid
More informationCloud Computing in a Government Context
Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important
More informationInformation Technology: This Year s Hot Issue - Cloud Computing
Information Technology: This Year s Hot Issue - Cloud Computing Presented by: Alan Sutin Global IP & Technology Practice Group GREENBERG TRAURIG, LLP ATTORNEYS AT LAW WWW.GTLAW.COM 2011. All rights reserved.
More informationCloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager
Cloud Computing An Internal Audit Perspective Heather Paquette, Partner Tom Humbert, Manager March10 2011 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,
More informationCloud Computing Technology
Cloud Computing Technology The Architecture Overview Danairat T. Certified Java Programmer, TOGAF Silver danairat@gmail.com, +66-81-559-1446 1 Agenda What is Cloud Computing? Case Study Service Model Architectures
More informationContracting With (or For) Application Service Providers. Thomas C. Carey Bromberg & Sunstein LLP Boston
Contracting With (or For) Application Service Providers Thomas C. Carey Bromberg & Sunstein LLP Boston Table of Contents I. Glossary... 1 II. The Industry... 1 A. The Value Proposition... 1 B. The Players
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationLegal Aspects of Cloud Computing. Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird)
Legal Aspects of Cloud Computing Dr. Susann Wolfgram & Ulrike Weinbrenner Dr. Alexander Duisberg (Bird&Bird) Agenda Cloud Computing Overview Role Play on Hot Topics SAAS versus on-premise software licensing
More informationIT Cloud / Data Security Vendor Risk Management Associated with Data Security. September 9, 2014
IT Cloud / Data Security Vendor Risk Management Associated with Data Security September 9, 2014 Speakers Brian Thomas, CISA, CISSP In charge of Weaver s IT Advisory Services, broad focus on IT risk, security
More informationRecommendations for companies planning to use Cloud computing services
Recommendations for companies planning to use Cloud computing services From a legal standpoint, CNIL finds that Cloud computing raises a number of difficulties with regard to compliance with the legislation
More informationFinancial Institutions and Cloud Computing What s on the Horizon
Financial Institutions and Cloud Computing What s on the Horizon Rebecca Eisner Partner - Chicago +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner - London +44 203 130 3900 mprinsley@mayerbrown.com
More informationData Privacy and Security for Market Research in the Cloud
Data Privacy and Security for Market Research in the Cloud Peter Milla IIeX2015 NA Agenda Page 2 1. Background 2. Why the Cloud? 3. Data Privacy and Data Security in the Cloud 4. How do We Deal with It?
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationCloud Computing Contracts. October 11, 2012
Cloud Computing Contracts October 11, 2012 Lorene Novakowski Karam Bayrakal Covering Cloud Computing Cloud Computing Defined Models Manage Cloud Computing Risk Mitigation Strategy Privacy Contracts Best
More information<Choose> Addendum Windows Azure Data Processing Agreement Amendment ID M129
Addendum Amendment ID Proposal ID Enrollment number Microsoft to complete This addendum ( Windows Azure Addendum ) is entered into between the parties identified on the signature form for the
More informationOnline and Mobile Privacy Notice ( Privacy Notice )
Online and Mobile Privacy Notice ( Privacy Notice ) Introduction This Privacy Notice applies to the operations of Cigna Global Health Benefits and its affiliated companies listed at the end of this Privacy
More informationCLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:
CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential
More informationHow To Understand Cloud Computing
CLOUD COMPUTING Jillian Raw Partner, Kennedys http://www.kennedys-law.com/jraw/ Cloud Computing- what they say about it the cloud will transform the information technology industry profoundly change the
More informationThe HR Skinny: Effectively managing international employee data flows
The HR Skinny: Effectively managing international employee data flows Topics we will cover today Laws affecting HR data flows HR international data protection challenges and strategic solutions Case study
More informationOffice 365 Data Processing Agreement with Model Clauses
Enrollment for Education Solutions Office 365 Data Processing Agreement (with EU Standard Contractual Clauses) Amendment ID Enrollment for Education Solutions number Microsoft to complete 7392924 GOLDS03081
More informationJohn Essner, CISO Office of Information Technology State of New Jersey
John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management
More informationCPNI VIEWPOINT 01/2010 CLOUD COMPUTING
CPNI VIEWPOINT 01/2010 CLOUD COMPUTING MARCH 2010 Acknowledgements This viewpoint is based upon a research document compiled on behalf of CPNI by Deloitte. The findings presented here have been subjected
More informationCloud Computing Governance & Security. Security Risks in the Cloud
Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud
More informationAnnex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015
Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015 The following comprises a checklist of areas that genomic research organizations or consortia (collectively referred
More informationPrivacy Level Agreement Outline for the Sale of Cloud Services in the European Union
Privacy Level Agreement Working Group Privacy Level Agreement Outline for the Sale of Cloud Services in the European Union February 2013 The PLA Outline has been developed within CSA by an expert working
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationVirginia Government Finance Officers Association Spring Conference May 28, 2014. Cloud Security 101
Virginia Government Finance Officers Association Spring Conference May 28, 2014 Cloud Security 101 Presenters: John Montoro, RealTime Accounting Solutions Ted Brown, Network Alliance Presenters John Montoro
More informationSecurity management in the internet era
Security management in the internet era Cloud Security (1) Septemberr 29, 2011 Jun Murai Keio University! Suguru Yamaguchi! Nara Institute of Science and Technology! Schedule 01st (09/22) Course Description
More informationSecurity and Data Protection for Online Document Management Software
Security and Data Protection for Online Document Management Software Overview As organizations transition documents and company information to Software as a Service (SaaS) applications that are no longer
More informationWednesday, January 16, 2013
Attorney Advertising Prior results do not guarantee a similar outcome Models used are not clients but may be representative of clients 321 N. Clark Street, Suite 2800, Chicago, IL 60654 312.832.4500 Wednesday,
More informationLEGAL ISSUES IN CLOUD COMPUTING
LEGAL ISSUES IN CLOUD COMPUTING RITAMBHARA AGRAWAL INTELLIGERE 1 CLOUD COMPUTING Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationWhat should you watch out for in click-through cloud contracts? What are the most contentious issues in cloud negotiations?
Negotiating Cloud Computing Contracts Professor IAPP Academy San Jose, 12 October 2012 Key questions we will tackle today Why is cloud computing such a hot topic? What should you watch out for in click-through
More informationCloud Security Strategies. Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems
Cloud Security Strategies Fabio Gianotti, Head of Cyber Security and Enterprise Security Systems London, 14 October 2015 UNICREDIT AT A GLANCE Employees: more than 146.600 Branches: 8.403 Banking operations
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationCloud-Security: Show-Stopper or Enabling Technology?
Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics
More informationManaging Cloud Computing Risk
Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify
More informationThird Party Security: Are your vendors compromising the security of your Agency?
Third Party Security: Are your vendors compromising the security of your Agency? Wendy Nather, Texas Education Agency Michael Wyatt, Deloitte & Touche LLP TASSCC Annual Conference 3 August 2010 Agenda
More informationCloud Computing; What is it, How long has it been here, and Where is it going?
Cloud Computing; What is it, How long has it been here, and Where is it going? David Losacco, CPA, CIA, CISA Principal January 10, 2013 Agenda The Cloud WHAT IS THE CLOUD? How long has it been here? Where
More informationAskAvanade: Answering the Burning Questions around Cloud Computing
AskAvanade: Answering the Burning Questions around Cloud Computing There is a great deal of interest in better leveraging the benefits of cloud computing. While there is a lot of excitement about the cloud,
More informationCloud computing and the legal framework
Cloud computing and the legal framework - Guidance on legislative requirement and the contractual environment related to cloud computing Content 1. Introduction 3 2. The Danish Act on Processing of Personal
More informationCloud Computing and Data Protection Compliance - Experiences from Norway
Cloud Computing and Data Protection Compliance - Experiences from Norway PhD Thomas Olsen Legal Aspects of Cloud Computing, UiO, 27 January 2015 www.svw.no Overview Cloud Computing Introduction to EU and
More informationEmerging legal issues in Cloud Computing Clouds on the horizon?
Emerging legal issues in Cloud Computing Clouds on the horizon? id law partners / BGMA Malcolm Bain WHO AM I? Malcolm Bain English Solicitor, Spanish lawyer Founding partner id law partners, boutique IP/IT
More informationSaaS Security for the Confirmit CustomerSat Software
SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture
More informationAssessing Risks in the Cloud
Assessing Risks in the Cloud Jim Reavis Executive Director Cloud Security Alliance Agenda Definitions of Cloud & Cloud Usage Key Cloud Risks About CSA CSA Guidance approach to Addressing Risks Research
More informationKey Security Questions to Ask a Financial Data Aggregation Provider Is the data aggregation partner you re considering following the best practices
Key Security Questions to Ask a Financial Data Aggregation Provider Is the data aggregation partner you re considering following the best practices for security and privacy? Here s how to find out. TABLE
More informationDaren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD
Daren Kinser Auditor, UCSD Jennifer McDonald Auditor, UCSD Agenda Cloud Computing Technical Overview Cloud Related Applications Identified Risks Assessment Criteria Cloud Computing What Is It? National
More informationCloud Computing: The atmospheric jeopardy. Unique Approach Unique Solutions. Salmon Ltd 2014 Commercial in Confidence Page 1 of 5
Cloud Computing: The atmospheric jeopardy Unique Approach Unique Solutions Salmon Ltd 2014 Commercial in Confidence Page 1 of 5 Background Cloud computing has its place in company computing strategies,
More informationCloud Computing. What we should be auditing
Cloud Computing What we should be auditing What is cloud computing? Model Description What it does Examples SAAS Software as a service Applications often available through a browser Workday, Salesforce.com
More informationAuditing Cloud Computing and Outsourced Operations
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
More informationIT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits
IT-CAST 2015 Cloud Total Ownership Costing: Considering the Technologies, Costs and Benefits Daniel D. Galorath, CEO Galorath Inc. Steven Woodward, CEO, Cloud Perspectives Portions Copyright Cloud Perspectives
More informationA Vendor s Journey to SaaS & the Cloud
A Vendor s Journey to SaaS & the Cloud Mark Sherry Partner Marval North America ITIL Expert ISO 20000 Consultant MBA, MA, BComm 25+ ITIL implementations Trained Service Managers Globally 10 Years in Industry
More informationHow To Protect Your Data In The Cloud
Cloud Computing Hot topics in relation to security, liability and privacy Steven De Schrijver Cloud Computing : who and what is involved? Data Cloud Service Provider (e.g. SaaS, PaaS, IaaS) Sub-contractor
More informationUniversity of Pittsburgh Security Assessment Questionnaire (v1.5)
Technology Help Desk 412 624-HELP [4357] technology.pitt.edu University of Pittsburgh Security Assessment Questionnaire (v1.5) Directions and Instructions for completing this assessment The answers provided
More informationCloud Security Trust Cisco to Protect Your Data
Trust Cisco to Protect Your Data As cloud adoption accelerates, organizations are increasingly placing their trust in third-party cloud service providers (CSPs). But can you fully trust your most sensitive
More informationCloud Computing Security Issues
Copyright Marchany 2010 Cloud Computing Security Issues Randy Marchany, VA Tech IT Security, marchany@vt.edu Something Old, Something New New: Cloud describes the use of a collection of services, applications,
More informationTransparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?
Privacy Transparency What does privacy at Microsoft mean? Are you using my data to build advertising products? Where is my data? Who has access to my data? Compliance What certifications and capabilities
More informationThe Keys to the Cloud: The Essentials of Cloud Contracting
The Keys to the Cloud: The Essentials of Cloud Contracting September 30, 2014 Bert Kaminski Assistant General Counsel, Oracle North America Ken Adler Partner, Loeb & Loeb LLP Akiba Stern Partner, Loeb
More informationSecurity, Compliance & Risk Management for Cloud Relationships. Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32
Security, Compliance & Risk Management for Cloud Relationships Adnan Dakhwe, MS, CISA, CRISC, CRMA Safeway Inc. In-Depth Seminars D32 Introductions & Poll Organization is leveraging the Cloud? Organization
More informationTowards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect
Towards the Cloud! Ian Osborne Director, Digital Systems KTN, Intellect About the Speaker Director, Digital Systems KTN Technology Strategy Board programme Launched October 2009 IT Knowledge Transfer Network
More informationOWASP Chapter Meeting June 2010. Presented by: Brayton Rider, SecureState Chief Architect
OWASP Chapter Meeting June 2010 Presented by: Brayton Rider, SecureState Chief Architect Agenda What is Cloud Computing? Cloud Service Models Cloud Deployment Models Cloud Computing Security Security Cloud
More informationOffice Exchange SharePoint Lync
Office Exchange SharePoint Lync Comprehensive tools to do your best work Enterprise-grade cloud services Office 365 is A HIGHLY CONFIGURABLE, but not a customizable solution. MICROSOFT DATA CENTER
More informationtechnical factsheet 176
technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection
More informationSummary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL
Summary of responses to the public consultation on Cloud computing run by CNIL from October to December 2011 and analysis by CNIL 1. Definition of Cloud Computing In the public consultation, CNIL defined
More informationWhy Migrate to the Cloud. ABSS Solutions, Inc. 2014
Why Migrate to the Cloud ABSS Solutions, Inc. 2014 ASI Cloud Services Information Systems Basics Cloud Fundamentals Cloud Options Why Move to the Cloud Our Service Providers Our Process Information System
More informationSecuring The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master
Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is
More informationOUTSOURCING, HOSTING AND DATA PRIVACY ISSUES
OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with
More informationPublic Versus Private Cloud Services
Public Versus Private Cloud Services Table of Contents vs. What constitutes a Public Cloud versus a Private Cloud solution? When considering moving to a public Cloud infrastructure, what questions should
More informationKeeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About?
Keeping up with the World of Cloud Computing: What Should Internal Audit be Thinking About? IIA San Francisco Chapter October 11, 2011 Agenda Introductions Cloud computing overview Risks and audit strategies
More informationWelcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationArchitectural Implications of Cloud Computing
Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,
More informationPrivacy Policy documents for
Privacy Policy documents for Praendex Incorporated doing business as PI Worldwide Product User Privacy Policy - For Customers, as well as those invited to our websites to complete a PI Survey or SSAT General
More informationOutline. What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages
Ivan Zapevalov 2 Outline What is cloud computing? History Cloud service models Cloud deployment forms Advantages/disadvantages 3 What is cloud computing? 4 What is cloud computing? Cloud computing is the
More information