Cloud computing. A great tool. www.allenovery.com



Similar documents
What is Cloud Computing? Up to speed July

Our global Product Liability group

Accessing DC savings: The new rules.

Corporate funding monitor 2015

Connecting people at A&O and beyond.

Hot topics in insolvency and restructuring. Wendy Braithwaite, Counsel, Banking Restructuring. 13 March 2014

Our Financial Services Regulatory practice

DC pensions: All change from April 2015

Equity Capital Markets Team Germany

Corporate funding monitor: The changing face of fi nance. January

Passive infrastructure sharing

VAT recovery and pension schemes: Where are we now?

Flexible access and the annual allowance: How does it work?

Intellectual property in the cloud. May

Fintech.

Analysis - the worldwide reach of FATCA

Ship Finance Practice. Covering ship finance from every perspective.

Overview of our expertise in restructuring and insolvency.

U.S. Tax and the Issuance of Debt Securities after the HIRE Act

Derivatives and Structured Finance Practice

Cybersecurity.

Our Global Environmental and Regulatory Law practice

Capital Requirements Directive IV Framework Operational Risk. Allen & Overy Client Briefing Paper 13 January

Capital Requirements Directive IV Framework Leverage Ratio. Allen & Overy Client Briefing Paper 16 January

Funding European business: What s the alternative? November

Cyber security: A major issue for Australian business

Capital Requirements Directive IV Framework Liquidity Requirements. Allen & Overy Client Briefing Paper 15 January

ASEAN. Southeast Asia.

Financial services regulation in Australia

Jackson reforms to civil litigation

Our insurance disputes practice.

Indian E-Retail Congress 2013

New amendments to the Spanish Insolvency Law

Private Equity, Leveraged Finance and High Yield

Funding European business: Harnessing alternatives. November

Norton Rose Group expands across Canada, Latin America and Kazakhstan. Creating one of the world s leading energy and mining practices

Selecting a Cloud Service Provider: Which one is Right for You?

Cloud Computing: A Primer on Legal Issues, Including Privacy and Data Security Concerns. Privacy and Information Management Practice / Washington, DC

Schemes and Company Voluntary Arrangements. Mark Sterling Partner, Banking Ian Field Partner, Banking

The Data Center of the Future: Creating New Jobs in Europe

Go for the top. CS _v2.indd 1 14/3/11 11:11:32

SFC proposes amendments to regulation of automated trading services guidelines

Unbundling a market. The appetite for new legal services models. Global survey results May

India. Doorway to opportunities

What is Cyber Security? Why work with us?

Working and ordinarily working in the UK

China's new national security law creates more insecurity for foreign businesses

Hazardous substances. Our capabilities in Paris

UK Employee Incentives and Benefits

JUDGMENT ON THE SPANISH TAX LEASE SYSTEM

Liberating the Power of Service The right of establishment The case of lawyers

Liberating the Power of Service The right of establishment The case of lawyers. Second Bruges European Business Conference College of Europe

DHL Global Energy Conference 2015 Outsourcing logistics Enhancing innovation or increasing risk?

The EU General Data Protection Regulation

Global business needs a global partner

CEE Insurance Services

The Big Think Data with destiny. Privacy, protection and the promise of high-value HR. February

Capital Requirements Directive IV Framework Standardised Approach to Credit Risk in the Banking Book

What is Cyber Security?

Our European VAT practice

Presentation by: Dr. Nathalie Moreno Partner. Cloud Computing and Data Protection: an Update 4 October 2012

Capital Requirements Directive IV Framework Introduction to Regulatory Capital and Liquidity. Allen & Overy Client Briefing Paper 1 January 2014

The impact of social media on your business

China Publishes Draft Rules on Protection of Information Network Dissemination Rights

Selection and Use of Patient-Reported Outcome Measures The Role of Outside Consultants Janice Hogan, Partner, Hogan Lovells LLP

Brand Management Services

The leading adviser in the global education sector

Beijing and Shanghai. Asia Pacific.

UPC benchmarking study. Reality dawns

On the move: avoiding the legal pitfalls when moving your business

An introduction to the Rothschild businesses

E-commerce liberalization in China: State Council and MIIT push forward

Information Technology

The European pensions agenda for 2014

Luxembourg Doing deals in the Grand Duchy, an English lawyer's perspective

Digital Infrastructure and Economic Development. An Impact Assessment of Facebook s Data Center in Northern Sweden executive summary

How To Find Out What A Law Firm Is Doing

Global Real Estate Outlook

Full Foreign Ownership of E-commerce Businesses Permitted in the Shanghai FTZ: But is It a Breakthrough?

Final text for the Amended EU Regulation on Insolvency proceedings

Employee monitoring in France. January Contents. Legal Framework 1

Information Technology. GSK. The Difference.

Opportunities for law graduates in Belfast

Microfinance and social investment.

Managing risk when using private investigators

Binding Corporate Rules. February

Improved Outlook? French Manufacturing Competitiveness Radar 2014/2015. Paris, March 2015

A Comparison of Takeovers of Hong Kong, Mainland China and Singapore listed Chinese Companies

Human Resources Specialty Practice.

Cloud Computing in Banking

Cyber security: A growing threat to the energy sector

UAE Investment Funds Regulation implemented


Singapore. Asia Pacific.

Class actions.

White Paper on CLOUD COMPUTING

What Makes Cities Successful Randstad on the World Stage

Opportunities for Action in Financial Services. Transforming Retail Banking Processes

CRITICAL THINKING AT THE CRITICAL TIME CONSTRUCTION SOLUTIONS

Global Tax Practice. Taxation of Investment Funds in Australia, Europe and the U.S.

Transcription:

Cloud computing A great tool

2 Cloud computing A great tool 2014 The worldwide cloud computing market will grow at a 36% compound annual growth rate (CAGR) through 2016, reaching a market size of USD19.5bn by 2016. Predicting Enterprise Cloud Computing Growth, Gartner, September 2013 Allen & Overy LLP 2014

3 What is cloud computing? Put simply, a cloud is a huge collection of hardware and software, connected via the internet. It is the infrastructure that enables a new business model. This model offers on-demand, easily scalable computing services to multiple users at flexible prices. It is quite a simple idea: instead of everyone buying their own systems that can handle a peak load (but which is required only a limited amount of time, and thus not otherwise fully used), everyone shares these resources and systems in the cloud. There is no need to buy the systems (ie hardware and software) individually you can just use it as a service on an as-needed basis. Cloud is not a new phenomenon but it does represent a fundamental shift in behaviour in the ways consumers and enterprise consume IT. Cloud also underpins many of the disruptive megatrends in the TMT sector today including mobility, big data/advanced analytics and social. This magic circle firm has excellent global coverage, which includes both local specialists and a well-developed network of international desks. Its expertise in the technology sector encompasses a broad spectrum of areas, including data protection, cloud computing and online liability. The group s regulatory know-how is frequently engaged for major crossborder transactions. Chambers Global 2013 (Technology & Communications: Globalwide)

4 Cloud computing A great tool 2014 Primary delivery methods Everything-as-a-service (XaaS) Business Processas-a-Service (BPaaS) Software-asa-Service (SaaS) Platform-asa-Service (PaaS) Infrastructure-asa-Service (IaaS) Horizontal or vertical business processes provided on a subscription basis Software applications hosted in the cloud and provided on a subscription basis Virtualised application development and run time platform CPU, memory, storage, network etc available on an as-needed basis Source: Where Cloud Meets Reality, Accenture 2012 The four main types of cloud Public Clouds are commercially available cloud services open to all Community Clouds can be set up for use by a particular group or industry with similar needs Private Clouds are closed clouds dedicated to one or more user Hybrid Clouds involve a mixture of public and private services allowing users to take advantage of the cheap unit prices of public clouds while ensuring mission-critical services are more tightly ring-fenced within private services On demand, scaleable resources delivered as-a-service to multiple users (consumers and enterprise) at flexible prices. Allen & Overy LLP 2014

5 Organisations are turning to the cloud for a number of reasons: Cost Anywhere, anytime access Reduced service provider interaction (a serve yourself model) Speed of provisioning Flexibility and elasticity Opportunities for better security and back-up Reduced pressure on internal systems Potentially limitless storage, combined with enhanced computing power A greener solution

6 Cloud computing A great tool 2014 Standards and regulatory environment In a rapidly evolving market, regulation and best practices are struggling to keep up. Particular areas of uncertainty exist around: Security Privacy and data protection Conflict of laws Liability Copyright Portability and interoperability Integration with vertical regulation In particular, a lack of international standards and divergent regulation across key global markets may inhibit the fundamental advantage of cloud computing: the flexible optimisation of a global data infrastructure. A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. The NIST Definition of Cloud Computing, NIST Special Publication 800-145, US National Institute for Standards and Technology Allen & Overy LLP 2014

7 Recent developments Article 29 Working Party In July 2012 the Article 29 Working Party (a European advisory body made up of representatives of the various EU national privacy authorities) issued an opinion on data protection aspects of cloud computing. This opinion was the first European-wide legal guidance on how to deal with the data protection challenges in cloud computing. International Trade Administration (ITA) In April 2013, ITA (part of the U.S. Department of Commerce) issued a paper clarifying how the U.S. EU safe harbour framework applies to cloud computing. Prepared in part to respond to Article 29 working party opinion of July 2012, the paper concludes that cloud computing is not a radically new business model and does not represent unique issues for the safe harbour. ITA says that existing safe harbour principles are comprehensive and flexible enough to deal with any issues raised by cloud computing model. European Commission In September 2012 the European Commission released its new strategy for Unleashing the potential of cloud computing in Europe, outlining actions to deliver a net gain of 2.5 million new European jobs and an annual boost of EUR160bn by 2020. Emphasis was placed on cutting through the jungle of technical standards so that cloud users get interoperability, data portability and reversibility; supporting EU-wide certification of vendors; development of model contract terms, including Service Level Agreements; and measures to harness the public sector s buying power and shape the European cloud market. European Commission /Obama Administration In February 2013 the European Commission launched a cybersecurity strategy for the EU aimed at increasing capabilities and preparedness towards security incidents such as hacking or technical failures. Cloud computing providers are specifically targeted by the framework. Hard on the heels of the EU s efforts to promote a culture of security risk management, President Obama s administration introduced an Executive Order on Improving Critical Infrastructure Cybersecurity in the U.S. The U.S. and EU initiatives both focus on cybersecurity risks to critical infrastructure and have at their heart a drive to encourage greater cooperation and information sharing between relevant agencies and also with those who suffer attacks. Sopot Memorandum This is a working paper issued in April 2012 by the International Working Group on Data Protection in Telecommunications led by the Berlin Commissioner for Data Protection and Freedom of Information. The paper contains a number of recommendations and best practices intended to ensure that the adoption of cloud computing does not lead to a lowering of data protection standards as compared with conventional data processing. Among other things, these recommendations emphasise transparency and the need for contractual standards. STAR certification programme The Cloud Security Alliance (CSA) and BSI, the business standards company, in September 2013 announced the launch of the STAR Certification program, a third party independent assessment of the security of a cloud service provider. The technology-neutral certification leverages the requirements of the ISO/IEC 27001:2005 management system standard together with the CSA Cloud Control Matrix, a specified set of criteria that measures the capability levels of the cloud service. GCHQ guidance on security risk management Published in May 2014, GCHQ s guidance suggests that organisations should seek adequate assurance from cloud providers over claims those providers make about their compliance with information security principles. The guidance also outlines a step-by-step risk management strategy for cloud security. Guidelines on Service Level Agreements In June 2014, the European Commission published Cloud Service Level Agreement Standardisation Guidelines. These Guidelines are described as being designed to help business users save money and get the most out of cloud computing services through SLAs. Aimed at professional cloud users rather than consumers, the guidelines set out several overarching principles for the development of Cloud SLA standards, provide definitions of commonly used terms and suggest some targets for service levels. The working group behind the guidelines is also liaising with the International Organization for Standardization (ISO) Cloud Working Group to input the EU position and to contribute to the ISO/IEC 19086 project (which also relates to SLAs). The Guidelines are useful first step in the process that was set out by the Commission Strategy document in 2012 to develop model terms, but they do not yet deliver all they need to.

8 Cloud computing A great tool 2014 Allen & Overy & cloud computing We recognise the importance of cloud computing to our clients. To respond to our clients needs, we set up an internal cross border working group to focus on the legal services we provide in relation to cloud, to share best practices and make sure our lawyers have the right skills to respond to the changing IT market our clients operate in. We believe that, for the most part, the issues encountered when implementing cloud solutions are not new, being equally relevant in many other IT transactions. We also understand that getting comfortable with new IT bases which use cloud technologies will be a requirement for companies looking to embrace other game changing technological developments such as advanced analytics, context-based services and social driven IT. We offer practical support to our clients to help them turn IT innovation into successful business reality. Our representative matters in this area include advising: Proofpoint a NASDAQ listed leader in cloud-based information security and governance software, on the English law aspects of its acquisition of all of the shares in Mail Distiller, a European-based provider of SaaS email security solutions. SAP on its USD3.4bn acquisition of NYSE-listed cloud computing leader Success Factors. Novartis on a global 7-year application development and infrastructure cloud transaction with Microsoft. We focused on developing contractual mechanisms to mitigate the risks for Novartis as much as possible in relation to security and regulatory compliance. Amazon on strategic copyright issues across the European Union in relation to its Cloud Drive service. Cisco Systems on aspects of its USD1.2bn purchase of San Francisco-based Meraki, a provider of cloud-managed networking equipment and services. A multinational company in the energy sector on the implementation of a SaaS project with Microsoft. An international information technology services company on general matters (including on the application of the U.S. Patriot Act to cloud computing services, Regulatory, HR and IT). Agfa-Gevaert, one of the largest players in the field of imaging systems and IT solutions, on a major cloud computing outsourcing transaction with Service Now, a leading provider of cloud-based services that automate enterprise IT operations. Microsoft on the data protection aspects of their Office 365 cloud computing offering and on the Belgian and international regulatory restrictions applicable to cloud computing in the financial sector. Novartis on a SaaS agreement with Box. Net for cloud-based storage services. T-Systems on a contract to provide global data centre and SAP infrastructure services to healthcare, lifestyle and lighting giant Philips Electronics. The transaction involved the adoption of a SAP SaaS model, using a private cloud. A global IT consultancy on the implementation of a SaaS platform for multinational company in the manufacturing sector. Caisse des dépôts et consignation the French sovereign fund, on its investment in the French cloud computing joint venture Numergy with Bull and SFR. Luxcloud on contractual and IT issues on cloud computing. SFR on its acquisition of shares in G Cluster Global, a cloud-based video gaming service. Allen & Overy LLP 2014

9 Systemat on its complete suite of cloud computing contract templates for use with its customers. Allen Systems Group on the takeover of visionapp AG, a German SaaS and cloud platform provider. Novartis on the drafting of a SaaS template. Randstad on the legal aspects of cloud computing and email solutions. A global manufacturer of specialty chemicals on the data protection aspects of migration of HR data from more than 20 jurisdictions to a centralised platform managed by a U.S. based cloud provider. Stichting Centraal Informatie Systeem (CIS) a Dutch Foundation which manages and stores the insurance data of consumers, insurance companies and intermediaries in a central database, on the renegotiation of a SaaS contract with Solera, a U.S. technology supplier. SFG Australia on its cloud computing outsourced services contract. A major internet shopping platform on the review of terms and conditions on cloud services, notably from a data protection law perspective. ServiceNow a SaaS provider of IT Service management software, on the acquisition of Mirror 42, a Dutch developer of performance management software.

10 Cloud computing A great tool 2014 Key contacts Belgium France Luxembourg Filip Van Elsen Partner Antwerp Tom de Cordier Counsel Brussels Ahmed Baladi Partner Paris Catherine Di Lorenzo Senior Associate Luxembourg Tel +32 3 287 73 27 filip.vanelsen@allenovery.com Tel +32 2 780 25 78 tom.decordier@allenovery.com Tel +33 1 40 06 53 42 ahmed.baladi@allenovery.com Tel +352 444 455 129 catherine.dilorenzo@allenovery.com Netherlands UK Gary Cywie IP/IT Counsel Luxembourg Herald Jongen Partner Amsterdam Neville Cordell Partner London Jane Finlayson-Brown Partner London Tel +352 44 44 5 5203 gary.cywie@allenovery.com Tel +31 20 674 1614 herald.jongen@allenovery.com Tel +44 20 3088 2754 neville.cordell@allenovery.com Tel +44 20 3088 3384 jane.finlayson-brown@allenovery.com UK Rose Hall Business Development London Tel +44 20 3088 3618 rose.hall@allenovery.com Charlotte Mullarkey Senior PSL London Tel +44 20 3088 2404 charlotte.mullarkey@allenovery.com Nigel Parker Senior Associate London Tel +44 20 3088 3136 nigel.parker@allenovery.com Allen & Overy LLP 2014

11 U.S. Greater China Australia Paul Keller Partner New York Peter Harwich Partner New York Will McAuliffe Partner Hong Kong Connell O Neill Senior Associate Sydney Tel +1 212 610 6414 paul.keller@allenovery.com Tel +1 212 610 6471 peter.harwich@allenovery.com Tel +852 2974 7119 will.mcauliffe@allenovery.com Tel +612 9373 7790 connell.oneill@allenovery.com

For more information, please contact: London Allen & Overy LLP One Bishops Square London E1 6AD United Kingdom Tel +44 20 3088 0000 Fax +44 20 3088 0088 GLOBAL PRESENCE Allen & Overy is an international legal practice with approximately 5,000 people, including some 526 partners, working in 46 offices worldwide. Allen & Overy LLP or an affiliated undertaking has an office in each of: Abu Dhabi Casablanca London Rome Amsterdam Doha Luxembourg São Paulo Antwerp Dubai Madrid Shanghai Athens (representative office) Bangkok Düsseldorf Frankfurt Mannheim Milan Singapore Sydney Barcelona Hamburg Moscow Tokyo Beijing Hanoi Munich Toronto Belfast Ho Chi Minh City New York Warsaw Bratislava Hong Kong Paris Washington, D.C. Brussels Istanbul Perth Yangon Bucharest (associated office) Budapest Jakarta (associated office) Johannesburg Prague Riyadh (associated office) Allen & Overy means Allen & Overy LLP and/or its affiliated undertakings. The term partner is used to refer to a member of Allen & Overy LLP or an employee or consultant with equivalent standing and qualifications or an individual with equivalent status in one of Allen & Overy LLP s affiliated undertakings. Allen & Overy LLP 2014 I CS1210_CDD-4171_ADD-48775

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information