Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
37 Offices in 18 Countries
Intellectual Property & Technology Webinar
Cloud Computing -
Reaping the Benefits and Avoiding thePitfalls
Stuart James & Delizia Diaz
BirminghamWednesday, 11 July 2012
2
Speakers
Stuart James Delizia Diaz
Partner Associate
T: +44 121 222 3645 T: +44 121 222 3383
M: +44 7825 171894 M: +44 7921 600022
3
Webinar Agenda
• An overview of Cloud Computing
• Opportunities presented by the Cloud
• Key risk areas
• A silver lining for the Cloud?
4
Cloud Computing Overview (1)
What is Cloud Computing?
“Cloud computing is a model for enabling ubiquitous, convenient, on-demand networkaccess to a shared pool of configurable computing resources (e.g., networks, servers,storage, applications, and services) that can be rapidly provisioned and released withminimal management effort or service provider interaction. This cloud model iscomposed of five essential characteristics, three service models, and four deploymentmodels.” *
Build Your Own
Subscribe, Plug In,
Pay-per-Use
*National Institute of Standards and Technology (NIST), SP 800-145, September 2011.
5
Cloud Computing Overview (2)
Well known Cloud Computing offerings
6
Cloud Computing Overview (3)
CLOUD Deployment Models
Public
Private
Hybrid
Community
Single customer
Customer
Customer
Customer
VPN / leased line
Multi-tenancy model
or Internet link
7
Cloud Computing Overview (4)
PaaS – Platform as aService
IaaS – Infrastructureas a Service
SaaS – Software asa Service
CLOUD Service Models
Infrastructure
Platform
Application
Infrastructure
Platform
Infrastructure
8
Opportunities and Benefits
Lower costs: No upfront investment in servers/data
centres
No software licensing
No software updates forcustomers/maintenance costs
Scalability
On-demand:Pay for whatyou use(bandwidth/serverspace, etc.)
IT Team focus oncore business
EnhancedSecurity Faster
implementation
Access to latest ITupgrades/developments
9
Cloud Computing - Key Risk Areas
Cloud provider service commitments
• Standard provider offering: “as is”, “as available”
• Clear service specifications
• Key service levels: Functionality
Availability
Performance
Back-up – Disaster Recovery-Business Continuity
• Measurement/Reporting
• Remedies? (Service credits/other types of damages)
10
Cloud Computing - Key Risk Areas
Data location and traceability
• Retain some level of control over data location/storage
• Regional/country offering
• Traceability/audit trail requirements
11
Cloud Computing – Key Risk Areas
Information Security - Security requirements
• Data in Transit Secure encryption (SSL)
• Data at Rest
Physical Security
Logical Security
– Encryption (shortcomings?)
– Access rights management/ audit trails
– Virtual segregation/Multi-tenancy architecture
– External intrusions/network attacks
Staff access controls
12
Cloud Computing – Key Risk Areas
Information Security (Cont’d)
Assessment of compliance with security requirements
Contractual commitments
Audits
Certifications
• Incident response
Notification
Cooperation
13
Cloud Computing - Key Risk Areas
Investigations and litigation
• Accessing data:
Cloud users: Ability to retrieve data (e.g. internal investigations, data
protection request, internal or external audit requests, etc)
Cloud providers - third party requests (e.g. subpoenas)
• What are the provider’s obligations?
14
Cloud Computing - Key Risk Areas
Regulatory and legal compliance
• EU Data Protection compliance
Consent
Access requests
Security of personal data
Subcontractors
Transfers outside of the EEA
Data loss/breach notification
15
Cloud Computing - Key Risk Areas
Regulatory and legal compliance (Cont’d)
• State/country specific requirements US: Patriot Act, Sarbanes Oxley, Gramm Leach Bliley Act, Electronic
Communications Privacy Act
UK : Regulation of Investigatory Powers Act
• Sector/organisation specific governance orcompliance requirements(e.g. Health Insurance Portability and Accountability Act, Health Information
Technology, for Economic and Clinical Health Act, FSA in UK, telecoms, etc)
• Export/trade restrictions(e.g. encryption, EU dual use, etc)
16
Cloud Computing - Key Risk Areas
Contractual (or externally imposed) limitationsand restrictions
• Audits required by cloud user’s customers
• Restrictions on data location
• Scope of software licences
• Restrictions on indemnities (e.g. government contracts)
• PCI DSS compliance
17
Cloud Computing - Key Risk Areas
Lock- in, exit and service transfer
Proprietary systems
Loss of IT expertise
Lack of exit support lock-in
Risk mitigation:
• Open standards
• Return of data
• Data deletion
• Migration support
• Data back-up
• Escrow
Lock-in?
18
Cloud Computing - Key Risk Areas
Cloud provider’s liability
• Standard terms – “take it or leave it” Limited warranties
Wide exclusions of or caps on liability
(including loss of profit)
• Public vs Private Cloud
19
Cloud Computing - Key Risk Areas
Insurance
• Existing policies: business interruption insurancecoverage?
• Specific policies: cyber liability insurance
20
Recommended Steps
• Assessment of business goals
• What applications and data will be migrated to the Cloud?
• Prior due diligence checks – is your provider financiallyviable and can they technically deliver?
• Clear understanding of risks – what if it all goes wrong?
• Technical and legal assurances provided by cloud providers(including security requirements)
• Carefully negotiate contracts (focus on key business areas?)
• Monitor compliance on a regular basis
21
A Silver Lining for the Cloud?
• Competition between providers willingness to negotiate terms
service offering
market consolidation
• Development of specific standards - industry codes &certifications
• Privacy by design
• Developments and adaptation of EU privacy laws to newtechnologies?
• Insurance
22
Contacts
Stuart James Delizia Diaz
Partner Associate
T: +44 121 222 3645 T: +44 121 222 3383
M: +44 7825 171894 M: +44 7921 600022
23
Worldwide Locations
• Cincinnati
• Cleveland
• Columbus
• Houston
• Los Angeles
• Miami
• New York
• Northern Virginia
• Palo Alto
• Phoenix
• San Francisco
• Tampa
• Washington DC
• West Palm Beach
• Bogotá+
• Buenos Aires+
• Caracas+
• La Paz+
• Lima+
• Panamá+
• Rio de Janeiro
• Santiago+
• Santo Domingo
• Beirut+
• Berlin
• Birmingham
• Bratislava
• Brussels
• Bucharest+
• Budapest
• Frankfurt
• Kyiv
• Leeds
• London
• Madrid
• Manchester
• Moscow
• Paris
• Prague
• Riyadh+
• Warsaw
• Beijing
• Hong Kong
• Perth
• Shanghai
• Singapore
• Tokyo
North America Latin America Europe & Middle East Asia Pacific
+ Independent Network Firm