The Business Case for Cloud: Critical Legal, Business & Diligence Considerations



Similar documents
GETTING THE MOST FROM THE CLOUD. A White Paper presented by

WHITEPAPER. 7 Reasons Why Businesses are Shifting to Cloud Backup

On Premise Vs Cloud: Selection Approach & Implementation Strategies

How To Choose A Cloud Computing Solution

Hybrid Cloud Mini Roundtable. April 17, Expect Excellence.

CLOUD COMPUTING. 11 December 2013 TOWNSHIP OF KING TATTA 1

OWASP Chapter Meeting June Presented by: Brayton Rider, SecureState Chief Architect

Realizing the Value Proposition of Cloud Computing

CLOUD ERP AND ACCOUNTING: SELECTION AND PLANNING GUIDE

How To Plan For Cloud Computing

Who moved my cloud? Part I: Introduction to Private, Public and Hybrid clouds and smooth migration

How To Understand Cloud Computing

security in the cloud White Paper Series

Clarity in the Cloud. Defining cloud services and the strategic impact on businesses.

Managing Public Cloud Workloads

Contracting for Cloud Computing

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Making Leaders Successful Every Day

2011 Morrison & Foerster LLP All Rights Reserved mofo.com. Risk, Governance and Negotiation in the Cloud: Capture Benefits and Reduce Risks

Annex 1. Contract Checklist for Cloud-Based Genomic Research Version 1.0, 21 July 2015

Data Center Consolidation: Lessons From The Field. John Tsiofas, Kraft Kennedy David Carlson, Kraft Kennedy

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

How cloud computing can transform your business landscape

Technology & Business Overview of Cloud Computing

The Cloud Computing Revolution: Beyond the Hype

How to ensure control and security when moving to SaaS/cloud applications

Revolutionizing Technical Fleet Management in the Maritime Industry. White paper

Deep Dive BYOD, COPE & MDM

Security and Privacy in Cloud Computing

The Adoption of IaaS A Market Analysis

How a Hybrid Cloud Strategy Can Empower Your IT Department

LEGAL ISSUES IN CLOUD COMPUTING

Public/Private/Hybrid Cloud: Selecting your Enterprise Strategy

Intellectual Property Group Presentation. Using Open Source Software Issues to Consider. Peter J. Guffin, Esq. Pierce Atwood LLP January 22, 2009

Bruce Allison. Steve Moran

Keep Your Data Secure in the Cloud Using encryption to ensure your online data is protected from compromise

What you need to know about cloud backup: your guide to cost, security and flexibility.

Cloud Strategy PART TWO

NAREIM Session: Dangers and challenges of The Cloud. President, NiceNets Consulting, LLC

Risk Considerations for Internal Audit

Cloud Computing: Background, Risks and Audit Recommendations

How cloud computing can transform your business landscape.

Chapter 2. Migrating into a Cloud

Key Considerations of Regulatory Compliance in the Public Cloud

Adopting Cloud Computing with a RISK Mitigation Strategy

Hosting and cloud services both provide incremental and complementary benefits to the organization

Secure Cloud Computing Concepts Supporting Big Data in Healthcare. Ryan D. Pehrson Director, Solutions & Architecture Integrated Data Storage, LLC

The NREN s core activities are in providing network and associated services to its user community that usually comprises:

Cloud Computing: Contracting and Compliance Issues for In-House Counsel

Mobile App Developer Agreements

CGS Technology Outsourcing

Leveraging the Cloud for Your Business

Cloud Computing; What is it, How long has it been here, and Where is it going?

Software as a Service (SaaS) Testing Challenges- An Indepth

What you need to know about cloud backup: your guide to cost, security, and flexibility. 8 common questions answered

Selecting the right Cloud. Three steps for determining the most appropriate Cloud strategy

Choose the Service Desk Delivery Model that Makes Sense

Dimension Data Enabling the Journey to the Cloud

Cloud Computing Services

Validating Enterprise Systems: A Practical Guide

Table of contents

Things You Need to Know About Cloud Backup

Cloud Computing. Nahil Mahmood. CEO, Delta Tech Founder & President, CSA

Article 29 Working Party Issues Opinion on Cloud Computing

Software Licensing and Pricing Best Practices. Stewart Buchanan June 3, 2009 Gartner Webinar

WHITE PAPER. 5 Ways Your Organization is Missing Out on Massive Opportunities By Not Using Cloud Software

Compliance and the Cloud: What You Can and What You Can t Outsource

IIA Super Conference

Cloud Computing Safe Harbor or Wild West?

Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation

Transcription:

The Business Case for Cloud: Critical Legal, Business & Diligence Considerations Presented by Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com (678) 823-6611 Janine Anthony Bowen, Esq., CIPP/US Your Presenter With 2 degrees in Industrial Engineering from Clemson University and almost a decade working in technology companies, Janine is an engineerturned-lawyer who knows technology, intellectual property, and the law well. She specializes in helping her clients negotiate technology deals with Fortune 500 companies. 2012 Jack Attorneys & Advisors. All Rights Reserved 2 1

And JACK does what Jack Attorneys & Advisors is the technology law boutique of choice for clients seeking an expert, pragmatic, high touch experience. We specialize in technology, privacy, cloud computing, mobile, intellectual property, and commercial contracts. What s the Cloud, really? http://www.fatcow.com/data-center/photos - You are allowed to copy, distribute, transmit the work and to adapt the work. Attribution is not required. You are prohibited from using this work in a stand alone manner. 2012 Jack Attorneys & Advisors. All Rights Reserved 4 2

Agenda I. Business Considerations II. Evaluation Considerations III. Privacy & Security Considerations IV. Contractual Considerations V. Concluding Thoughts 2012 Jack Attorneys & Advisors. All Rights Reserved 5 Business Benefits of Cloud Computing Cost Avoidance/Deferral Improved Organizational Agility Focus on Core Business rather than IT 2012 Jack Attorneys & Advisors. All Rights Reserved 6 3

Cost Avoidance/Deferral You Decide Gartner says IaaS isn t less expensive, but it increases operational agility (1) Computerworld says Prepare for the real costs of cloud computing (2) Moving and storing data, integrating apps from multiple vendors, testing software, rent & utilities CIO says CFOs and cloud computing have a love-hate relationship (3) Variable pricing messes up cash flow projections Capex vs. Opex Booz Allen Hamilton says savings range from 50% to 75% (4) CloudU says savings from 13% to 25% (5) 2012 Jack Attorneys & Advisors. All Rights Reserved 7 Cost Avoidance/Deferral You Decide (cites) (1) Lydia Leong, research VP at Gartner Group http://www.formtek.com/blog/?p=2696, January 12th, 2012 (2) Preparing for the real costs of cloud computing Computerworld http://www.computerworld.com/s/article/359383/the_real_costs_of_clo ud_computing (3) Why CFOS and Cloud Computing Have a Love-Hate Relationship CIO Magazine www.cio.com/article/print/702074 (4) The Economics of Cloud Computing http://www.boozallen.com/media/file/economics-of-cloud-computing.pdf (5) Cloudonomics: The Economics of Cloud Computing http://broadcast.rackspace.com/hosting_knowledge/whitepapers/cloudon omics-the_economics_of_cloud_computing.pdf 2012 Jack Attorneys & Advisors. All Rights Reserved 8 4

Total Cost of Ownership Cost of Cloud Cloud providers give transparent pricing based on different usage metrics RAM, storage, bandwidth, among others Pricing is frequently fixed per unit of time. Customers gain certainty over pricing and are then able to readily calculate costs based on several different usage estimates Source: Cloudonomics: The Economics of Cloud Computing, CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum 2012 Jack Attorneys & Advisors. All Rights Reserved 9 Total Costs of Ownership Hidden Cost of On-Premise Technology The direct costs that accompany running a server: power, floor space, storage, and IT operations to manage those resources. The indirect costs of running a server: network and storage infrastructure and IT operations to manage the general infrastructure. The overhead costs of owning a server: procurement and accounting personnel, not to mention a critical resource in short supply: IT management and its attention. Source: Cloudonomics: The Economics of Cloud Computing, CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum 2012 Jack Attorneys & Advisors. All Rights Reserved 10 5

Improved Organizational Agility Use of Public Clouds or Virtual Private Clouds give organizations the ability to scale up or down when necessary IT expense can be matched to: Seasonal or cyclical requirements Organizational growth or decline Mobile workforce/workplace solutions may improve organizational productivity Cloud environments support experimentation and ability to fail with low penalty 2012 Jack Attorneys & Advisors. All Rights Reserved 11 Focus on Core Business Organizations can focus on building the business they know Organizations can leverage the best of breed in IT (and not try to be best of breed themselves) Potentially better disaster recovery strategies utilizing cloud-based options 2012 Jack Attorneys & Advisors. All Rights Reserved 12 6

Evaluating Cloud Options 2012 Jack Attorneys & Advisors. All Rights Reserved 13 Preliminaries The onus is on the customer to perform extensive evaluation of a cloud provider before entering into the relationship. The nature of the cloud relationship drives the requirements of evaluation. Considerations include: The criticality of the cloud implementation The sensitivity of the data/processes being outsourced to the cloud provider The scale of the implementation 2012 Jack Attorneys & Advisors. All Rights Reserved 14 7

Checklist for Cloud Readiness Business Drivers Do you have staff working remotely? Do you have plans to increase your IT infrastructure needs? Is your infrastructure reaching end of life? Are you constrained in terms of Capital Expenditure? Does your organization have a high level of software test/development? Does your organization struggle to obtain IT talent internally? Is 24*7 support important for your organization? Source: Appendix in You Want to Put my Database Where? CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum 2012 Jack Attorneys & Advisors. All Rights Reserved 15 Checklist for Cloud Readiness Technical Drivers Is your application workload highly variable? Do you need automatic infrastructure scaling and provisioning? Do you have a need for complex IT redundancy and resiliency that you struggle to obtain internally? Have you faced issues around IT security? Source: Appendix in You Want to Put my Database Where? CloudU http://www.rackspace.com/knowledge_center/cloudu/curriculum 2012 Jack Attorneys & Advisors. All Rights Reserved 16 8

List of Potential Cloud Provider Evaluation Criteria Functionality of solution Uptime Quality of service Backup and disaster recovery Ability to personalize Data access Pricing Response time Data Security/Privacy Customization capability Integration with existing systems Customer service/support Adapted from Evaluating SaaS Solutions: A Checklist for Small and Mid-sized Enterprises http://www.saugatech.com/thoughtleadership/tl_october2009_eval_sap.pdf 2012 Jack Attorneys & Advisors. All Rights Reserved 17 Evaluation Considerations: Disaster Recovery How are backup systems architected? Complete redundancy? Multiple redundancies? Duplicate systems? Real-time backup? Where are backup systems located geographically? Are third party backup systems utilized (partially/totally)? How long would a catastrophic event at a data center affect system availability? Concerns for physical assets based on geography Ultimately, whose responsibility is it anyway? 2012 Jack Attorneys & Advisors. All Rights Reserved 18 9

Evaluation Considerations: Transition Issues Lock In All the typical software migration issues Plus: Data ownership Raw data Resultant information Professional services to migrate to new provider 2012 Jack Attorneys & Advisors. All Rights Reserved 19 Privacy and Security 2012 Jack Attorneys & Advisors. All Rights Reserved 20 10

4 Immutable Laws of Cloud Security These are things that will always be, things that will never change, and it is a state of being. First is an understanding that if your data is hosted in the cloud, you no longer directly control its privacy and protection. when your data is burst into the cloud, you no longer directly control where the data resides or is processed. if your security controls are not contractually committed to, then you may not have any legal standing in terms of the control over your data or your assets. if you don't extend your current security policies and controls in the cloud computing platform, you're more than likely going to be compromised Tari Schreider, HP chief architect of HP Technology Consulting and IT Assurance Practice. Security and the Cloud: The Great Reconciliation, ecommerce Times, 14 May 2012 http://www.ecommercetimes.com/story/security-and-the-cloud-the-great- Reconciliation-75094.html 2012 Jack Attorneys & Advisors. All Rights Reserved 21 Issues with Cloud Computing: Privacy and Security Data location issues Location of users accessing data Movement and storage of data Use of subcontractors Use of multiple platforms Lack of transparency and control Data breach issues Data destruction issues Ability to impose security and privacy requirements 2012 Jack Attorneys & Advisors. All Rights Reserved 22 11

Regulatory Landscape: Data Privacy Compliance State Information Security Laws State Data Breach Laws Gramm Leach Bliley HIPAA/HITECH Act Electronic Communications Privacy Act (Gov t Access to Data) USA PATRIOT Act (Gov t Access to Data) 2012 Jack Attorneys & Advisors. All Rights Reserved 23 Contractual Requirements: Gap Analysis 2012 Jack Attorneys & Advisors. All Rights Reserved 24 12

Customer Needs vs. Vendor Offerings Customer Requirement Response to data security incidents Audit rights Proper disposal and destruction of data Public Cloud Standardized offering, use of subprocessors and other limits may delay discovery of breaches, and ability to provide information regarding extent of breach Typically not available, especially not for sub-processors No guarantee all data will be found and erased or returned Change Control Provider may make changes without notice or consent 2012 Jack Attorneys & Advisors. All Rights Reserved 25 Customer Needs vs. Vendor Offerings Customer Requirement Established Contract Terms Provider has some liability exposure for breaches and non-compliance Controls on data and security standards Public Cloud Incorporation of additional online terms, subject to change by provider Extremely limited liability Standardized offering with use of cloud provider controls 2012 Jack Attorneys & Advisors. All Rights Reserved 26 13

Liability Considerations Vendor Perspective For vendor, risk of data security breach is greatest risk Multi-tenancy enables single breach incident to affect thousands of customers Vendors must think through worst-case scenarios, and reevaluate as company grows and evolves Types of harm Damages available Settlement values Insurance coverage 2012 Jack Attorneys & Advisors. All Rights Reserved 27 Cloud is here to stay, so Plan for success and plan for failure. Know and mitigate your business and technology risk. There are no silver bullets, shortcuts, or easy answers. 2012 Jack Attorneys & Advisors. All Rights Reserved 28 14

Q&A Contact Me Janine Anthony Bowen, Esq., CIPP/US jbowen@jack-law.com www.linkedin.com/in/jdabowen 678-823-6611 Twitter - @cloudlawyer www.jack-law.com Facebook www.facebook.com/jackattorneys JACK Attorneys & Advisors: Technology/IP Law & the Business of Technology Quite Simply, We Get It. 2012 Jack Attorneys & Advisors. All Rights Reserved 29 2012 Jack Attorneys & Advisors. All Rights Reserved 30 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information