Upload
bianca-mueller-llm
View
129
Download
0
Tags:
Embed Size (px)
Citation preview
Everyone is talking “Cloud”
How secure is your data?
Bianca Mueller, LL.M.
Benefits of the cloud
• Scalability
• Access everywhere in the world
• Improved backup/disaster recovery
• Reduced infrastructure costs
• Software is always up to date
• May save cost in the IT department
• Potentially more secure then your back office server
• Faster and higher quality servers
Due diligence and risk management • Trust and security
• Type of cloud service
• Type of business / industry
• Risk adversity
• Business objective and long term vision
• Commercial value of data
• Reliability of connectivity
• Reliability and trustworthiness of the service provider
Risks• Security and Trust
• Jurisdictional issues
• Cross border privacy concerns
• Contractual Issues
• Lock in and document retention
• What happens if the cloud service provider goes out of business?
• Regulatory compliance
• Service reliability and connectivity issues
Cloud Computing Landscape
Applications
Storage
Computing
Development platform
What happens if your Service Provider goes bust?
• Will you get your data back?
• Can your data be easily transferred to another provider?
• Information may not be available to you anymore (e.g. Mega)
Tip
• Conduct proper due diligence and risk management
The value of your data
• Designs, plans, specifications, drafts, moulds
• Research data
• Operational and administrative data
• Billing information, price lists etc.
• Source code, financial statements, and business plans
• Everything that has actual or potential commercial value to your business
Lifecycle of your data
• What business information does you business create and keep
• And what is happening with this information after it has been created?
• What’s its value (and are you leveraging it)?
• What is your Return on Investment?
Tip
• Classification of data into categories will determine the type and degree of risk and how you should manage it
Risks to your data
• Theft (external / internal threats)
• Employee negligence
• Unsecured mobile devices
• Government access (e.g. NSA)
• Technical and natural disasters
Tip
• Prioritise the confidentiality, integrity, and privacy of your information
Dealing with confidential information
• Contractual or statutory obligations to keep particular information confidential
• Employees, contractors, business partners
• Accountants, lawyers, GP’s or other health professionals
Tip
Using cloud services must not compromise your duty of confidentiality
Privacy concerns• There is no “OOPS” clause in privacy legislation
• Privacy breaches are always costly
• Negative impact on your reputation
• Loss of customer’s trust in your brand
Tip
• Seek advice on your organisation’s privacy obligations and ensure that your staff understands these obligations
• In 2012, 5.4 million Australians were victims of cybercrime
• Cost of cybercrime being as high as AUS $2 billion per year
Tip
Because of high risk and high cost, you should prioritise confidentiality, integrity, and privacy of your data
Financial Records
• Financial records must be kept in New Zealand for at least 7 years
• Cannot be stored in DropBox, Google Drive etc.
• Exemptions: Brookers, MYOB, Xero, Reckon New Zealand, Cargo Wise New Zealand, CCH New Zealand, Farm IQ Systems, and Technology One
Small contract, big liability?
• You are responsible to ensure the security, encryption, and back-up of your data
• It’s not the cloud provider’s responsibility
Tip
• Ensure that you fully understand your contractual liabilities and how they might affect your business
• Read the fine print – It may surprise you!
Mitigating risks in the cloud
• Be smart and involve people with the rights skills in making cloud decisions
• Conduct an impact assessment to determine the most appropriate cloud environment
• Know your data and decide what can go into the public cloud
• Don’t put all your eggs in one basket
• Ensure that you fully understand the technical, commercial and legal risks
• Monitor the cloud provider’s activities and plan for cloud outages
• Back up, encrypt, and bring your own key!
About LawDownUnder –tailored legal advice for the IT-Industry
LawDownUnder is a law firm specialising in technology, intellectual property, commercial, and international law. We offer tailored legal advice for innovative businesses with a focus on commercial and international contracts relating to IT. We help you contract more effectively and save you time and money.
At LawDownUnder, we understand the commercial environment in which our clients operate which is crucial in providing effective commercially focused legal advice. Our extensive experience in the IT industry sets us apart from most other lawyers and helps us to find solutions that are tailored to your specific needs.
What ever the size, we can deliver a commercially cost effective solution for every client. We are small, but specialised. No overheads, just best industry practices.
Smart legal advice for innovative businesses
Bianca Mueller, LL.M.
Twitter: @LawDownUnder
Information technology law
Drafting and risk analysis of commercial IT contracts
Trademark and copyright law
Protection of ideas, trade secrets, and confidential information
Advice on information security and data protection
European privacy and technology law