Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls. Stuart James & Delizia Diaz. Intellectual Property & Technology Webinar

Similar documents
Association of Corporate Counsel

Cloud Computing: Overcoming the Legal and Regulatory Challenges. November

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA

Cloud Computing, SaaS and Outsourcing

Cloud Computing Legal Issues Practising Law institute 2015 San Francisco New York Chicago

EY Cyber Response Services. Plan. React. Recover.

Dealing with Security and Security Breaches

The IBM Platform Computing HPC Cloud Service. Solution Overview

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

Titolo della presentazione 1

The Stakes Are Going Up: Hacking and the New Paradigm of Data Breaches

THE PLATFORM EQUINIX VISION

Proposed WEEE Directive A Step-by-Step Analysis

THE PLATFORM EQUINIX VISION

FDA Releases FSMA Final Rule on Accreditation of Third Party Certification Bodies

The Impact of Cybersecurity, Data Privacy and Social Media

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Auditing the Cloud. Paul Engle CISA, CIA

How to ensure control and security when moving to SaaS/cloud applications

IT Audit Process Prof. Liang Yao Week Two IT Audit Function

CYBER THREATS, ACTIVE DEFENSE, AND THE BUSINESS AND LEGAL IMPACTS. October 20, Robert Silvers

Building Trust in the Era of Cloud Computing

Data Security: Public Contracts and the Cloud

One Planet. One Network. Infinite Possibilities.

Cloud Computing. Presentation to AGA April 20, Mike Teller Steve Wilson

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Public vs private cloud for regulated entities

Security Models for Cloud

LEVEL 3 SM WEBSITE ACCELERATION SERVICES

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

Cloud First Policy General Directorate of Governance and Operations Version April 2017

Cyber Security Law --- Are you ready?

Data Security, Integrity and Accessibility in the Cloud

Getting to Data Nirvana Data lakes and GDPR

NYDFS Cybersecurity Regulations

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

SOC 3 for Security and Availability

Cyber Security in M&A. Joshua Stone, CIA, CFE, CISA

Choosing a Secure Cloud Service Provider

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

WHITE PAPER. Title. Managed Services for SAS Technology

Why trading firms choose... Connexus Voice. For Traders

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

1/10/2011. Topics. What is the Cloud? Cloud Computing

Third-Party Cyber Risk Management Webinar May 23, 2017

Welcome & Introductions

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

Managing IT in a Cloudy World

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

BHConsulting. Your trusted cybersecurity partner

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

GDPR compliance: some basics & practical to do list

Mitigating Risks with Cloud Computing Dan Reis

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Building Interconnection 2017 Steps Taken & 2018 Plans

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

Securing the cloud ISACA Korea. Han Ther, Lee CISA, CISM, CISSP, CRISC, ITILF, MCSA

Due Diligence March 2018 Page 1 of 6. Company

University of Pittsburgh Security Assessment Questionnaire (v1.7)

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

DATA CENTRES OPERATIONAL ISSUES AND THE CONTRACT. Anthony Day - Associate 20 March 2012

Managing the risks of cloud computing

Copyright 2011 EMC Corporation. All rights reserved.

Investor Presentation. February 2016

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

How to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016

Project Better Energy Limited s registered office is Witan Gate House, Witan Gate West, Milton Keynes, Buckinghamshire, MK9 1SH

Why the cloud matters?

A Repeatable Cloud-First Deployment Process Model

DeMystifying Data Breaches and Information Security Compliance

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

Data Processing Agreement for Oracle Cloud Services

HISTORY: ADMINISTRATION AND COST CONTROL:

Hacking and Cyber Espionage

AT&T Enterprise Hosting Services

Protecting Your Business: Best Practices for Implementing a Legally Compliant Cybersecurity Program Trivalent Solutions Expo June 19, 2014

Oracle Database Vault

The Evolving Threat to Corporate Cyber & Data Security

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

CONSIDERATIONS BEFORE MOVING TO THE CLOUD

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

ANATOMY OF A DATA BREACH: DEVELOPMENTS IN DATA SECURITY AND CLOUD COMPUTING LAW

Broadband Networks in Asia

Cloud Computing and Its Impact on Software Licensing

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

IIB s Risk Management and Regulatory Examination / Compliance Seminar

GEANT Cloud Framework Agreement

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

CCISO Blueprint v1. EC-Council

Cloud Transformation and Significance of Security

NE HIMSS Vendor Risk. October 9, 2015 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS

CLOUD COMPUTING. Lecture 4: Introductory lecture for cloud computing. By: Latifa ALrashed. Networks and Communication Department

Transcription:

Intellectual Property & Technology Webinar Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls Stuart James & Delizia Diaz 37 Offices in 18 Countries Birmingham Wednesday, 11 July 2012

Speakers Stuart James Delizia Diaz Partner Associate T: +44 121 222 3645 T: +44 121 222 3383 M: +44 7825 171894 M: +44 7921 600022 E: stuart.james@squiresanders.com E: delizia.diaz@squiresanders.com 2

Webinar Agenda An overview of Cloud Computing Opportunities presented by the Cloud Key risk areas A silver lining for the Cloud? 3

Cloud Computing Overview (1) What is Cloud Computing? Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models. * Build Your Own Subscribe, Plug In, Pay-per-Use 4 *National Institute of Standards and Technology (NIST), SP 800-145, September 2011.

Cloud Computing Overview (2) Well known Cloud Computing offerings 5

Cloud Computing Overview (3) CLOUD Deployment Models Public Customer Customer Customer Private VPN / leased line or Internet link Single customer Hybrid Community 6 Multi-tenancy model

Cloud Computing Overview (4) CLOUD Service Models IaaS Infrastructure as a Service PaaS Platform as a Service SaaS Software as a Service Infrastructure Infrastructure Platform Infrastructure Platform Application 7

Opportunities and Benefits Lower costs: No upfront investment in servers/data centres No software licensing No software updates for customers/maintenance costs Scalability On-demand: Pay for what you use (bandwidth/server space, etc.) Enhanced Security Faster implementation IT Team focus on core business Access to latest IT upgrades/developments 8

Cloud Computing - Key Risk Areas Cloud provider service commitments Standard provider offering: as is, as available Clear service specifications Key service levels: Functionality Availability Performance Back-up Disaster Recovery-Business Continuity Measurement/Reporting Remedies? (Service credits/other types of damages) 9

Cloud Computing - Key Risk Areas Data location and traceability Retain some level of control over data location/storage Regional/country offering Traceability/audit trail requirements 10

Cloud Computing Key Risk Areas Information Security - Security requirements Data in Transit Secure encryption (SSL) Data at Rest Physical Security Logical Security Encryption (shortcomings?) Access rights management/ audit trails Virtual segregation/multi-tenancy architecture External intrusions/network attacks Staff access controls 11

Cloud Computing Key Risk Areas Information Security (Cont d) Assessment of compliance with security requirements Contractual commitments Audits Certifications Incident response Notification Cooperation 12

Cloud Computing - Key Risk Areas Investigations and litigation Accessing data: Cloud users: Ability to retrieve data (e.g. internal investigations, data protection request, internal or external audit requests, etc) Cloud providers - third party requests (e.g. subpoenas) What are the provider s obligations? 13

Cloud Computing - Key Risk Areas Regulatory and legal compliance EU Data Protection compliance Consent Access requests Security of personal data Subcontractors Transfers outside of the EEA Data loss/breach notification 14

Cloud Computing - Key Risk Areas Regulatory and legal compliance (Cont d) State/country specific requirements US: Patriot Act, Sarbanes Oxley, Gramm Leach Bliley Act, Electronic Communications Privacy Act UK : Regulation of Investigatory Powers Act Sector/organisation specific governance or compliance requirements (e.g. Health Insurance Portability and Accountability Act, Health Information Technology, for Economic and Clinical Health Act, FSA in UK, telecoms, etc) Export/trade restrictions (e.g. encryption, EU dual use, etc) 15

Cloud Computing - Key Risk Areas Contractual (or externally imposed) limitations and restrictions Audits required by cloud user s customers Restrictions on data location Scope of software licences Restrictions on indemnities (e.g. government contracts) PCI DSS compliance 16

Cloud Computing - Key Risk Areas Lock- in, exit and service transfer Proprietary systems Loss of IT expertise Lack of exit support lock-in Lock-in? Risk mitigation: Open standards Return of data Data deletion Migration support Data back-up Escrow 17

Cloud Computing - Key Risk Areas Cloud provider s liability Standard terms take it or leave it Limited warranties Wide exclusions of or caps on liability (including loss of profit) Public vs Private Cloud 18

Cloud Computing - Key Risk Areas Insurance Existing policies: business interruption insurance coverage? Specific policies: cyber liability insurance 19

Recommended Steps Assessment of business goals What applications and data will be migrated to the Cloud? Prior due diligence checks is your provider financially viable and can they technically deliver? Clear understanding of risks what if it all goes wrong? Technical and legal assurances provided by cloud providers (including security requirements) Carefully negotiate contracts (focus on key business areas?) Monitor compliance on a regular basis 20

A Silver Lining for the Cloud? Competition between providers willingness to negotiate terms service offering market consolidation Development of specific standards - industry codes & certifications Privacy by design Developments and adaptation of EU privacy laws to new technologies? Insurance 21

Contacts Stuart James Delizia Diaz Partner Associate T: +44 121 222 3645 T: +44 121 222 3383 M: +44 7825 171894 M: +44 7921 600022 E: stuart.james@squiresanders.com E: delizia.diaz@squiresanders.com 22

Worldwide Locations North America Latin America Europe & Middle East Asia Pacific Cincinnati Northern Virginia Bogotá+ Beirut+ Leeds Beijing Cleveland Palo Alto Buenos Aires+ Berlin London Hong Kong Columbus Phoenix Caracas+ Birmingham Madrid Perth Houston San Francisco La Paz+ Bratislava Manchester Shanghai Los Angeles Tampa Lima+ Brussels Moscow Singapore Miami Washington DC Panamá+ Bucharest+ Paris Tokyo New York West Palm Beach Rio de Janeiro Budapest Prague Santiago+ Frankfurt Riyadh+ Santo Domingo Kyiv Warsaw 23 + Independent Network Firm

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback