cloud computing issues and risks
play

Cloud Computing: Issues and Risks BC Risk & Insurance - PDF document

Jan 05, 2023 •256 likes •448 views

Cloud Computing: Issues and Risks BC Risk & Insurance Management Association April 18, 2012 David Spratley & Tamara Hunter The Plan introduction to cloud computing general issues and risks e-discovery cloud

  1. Cloud Computing: Issues and Risks BC Risk & Insurance Management Association April 18, 2012 David Spratley & Tamara Hunter The Plan • introduction to cloud computing • general issues and risks • e-discovery • cloud computing contracts • privacy law compliance • questions 1

  2. WHAT IS CLOUD COMPUTING? What is cloud computing? • technologies that provide computation, software, data access and storage services that do not require end- user knowledge of the physical location and configuration of the system that delivers the services (Wikipedia) • delivered over a network (typically, the Internet) 2

  3. Categories Infrastructure as a Service (“IaaS”) and Storage • • Delivers computer infrastructure, along with storage and networking Software as a Service (“Saas”) • • Delivers software without the need to install and run applications Platform as a Service (“PaaS”) • • Allows the development and deployment of applications without the need to purchase specific hardware or software Benefits • cost • scalability • user mobility • customizability • reliability? • performance? • security? 3

  4. CLOUD COMPUTING: GENERAL ISSUES AND RISKS General Issues and Risks • location and jurisdiction • data ownership • business interruption (service provider) • loss of access (customer) 4

  5. General Issues and Risks • source code and escrow • migration • who can access? • backup and archiving General Issues and Risks • security • destruction of data • IP infringement 5

  6. CLOUD COMPUTING: LITIGATION (E-DISCOVERY) What is discovery? • Process through which parties to a civil dispute learn about each others’ cases • Examination and document disclosure • Always in litigation; often in mediation/arbitration 6

  7. Key Obligations Disclosure • • must disclose every relevant document in possession, control or power • “document” is broadly defined Preservation • • must preserve all relevant documents • Serious consequences for breach E-Discovery • Electronic documents increase scope, complexity and cost of discovery process • Courts aware of importance of electronic documents 7

  8. Cloud Computing and Discovery • Disclosure and preservation obligations still apply • Court does not care if you store data in your building or in the cloud – only cares whether you have possession or control Cloud Computing and Discovery • Consider risks: • lost data • non-compliant data preservation practices • platform not easily searched • sub-outsourcing 8

  9. Cloud Computing and Discovery • cloud computing contract is key • maintain legal control over data • due diligence on cloud provider • ability to retrieve data in any circumstance CLOUD COMPUTING: CONTRACT ISSUES 9

  10. Contract Issues • system setup • service levels • ownership Contract Issues • representations and warranties • indemnities • insurance • disclaimers and limitations of liability 10

  11. Contract Issues • confidentiality and security • term and termination • jurisdiction • force majeure CLOUD COMPUTING: PRIVACY LAW COMPLIANCE 11

  12. • When you think about Cloud Computing, consider it as “mega-outsourcing” • Regular outsourcing is when you store your data on your own servers, but you send certain data to an outside service provider, so they can perform a function with the data and provide a product or a service (e.g. send personalized cheques to your customers or process your payroll and arrange for direct deposits for your employees). 12

  13. • Cloud computing means you don’t have your own servers anymore – you’ve “out-sourced” that whole infrastructure The key privacy law compliance issue is security of • personal information 13

  14. • Geographic location of personal information is a significant privacy law issue, especially for public bodies in British Columbia (and service providers to public bodies) but the concern with geographical location of data really boils down to a security issue Public Bodies in B.C.: Section 30.1 of FOIPPA • A public body must ensure that personal information in its custody or under its control is stored only in Canada and accessed only in Canada, [unless a specific exception applies] breach of s. 30.1 of FOIPPA is an offence • • some cloud service providers are aware of this requirement and offer cloud services that meet this requirement 14

  15. • Organizations that provide services to public bodies must also comply with s. 30.1 in relation to those services (see s. 31.1 and definition of "employee" in FOIPPA ) • The bottom line for public bodies and service providers to public bodies is that they cannot engage in "full-on", standard public cloud computing arrangements with the typical "take it or leave it" contract (public cloud architecture) • A specialized cloud-computing solution is required • See: “Cloud Computing Guidelines for Public Bodies” on www.oipc.cbc.ca 15

  16. • What about professionals (e.g., doctors, lawyers, accountants, etc.) and businesses handling highly sensitive personal information (e.g. banks, credit unions, insurance companies)? • Ethical and contractual obligations around confidentiality may also require specialized cloud computing solutions • Community Cloud or Private Cloud may work (e.g. Law Society Cloud for lawyers is being considered) Private Sector - still have obligation under PIPEDA and PIPA (and, • possibly, contractual obligations) to make reasonable security arrangements to protect personal information from risks such as unauthorized access, disclosure, destruction, etc. • Standard Cloud Computing contracts may not sufficiently protect customer/employee personal information • Requirement for transparency/notification (customers/employees have a right to know) 16

  17. Security issues: • what geographic locations could be involved? Rule some out or stipulate acceptable jurisdictions • reputation/history of cloud provider • what other data will be mingled with your organization's data? Concern re: concentration of high-risk data • will your organization be able to access audit logs? • how quickly could you be required to produce a copy of your organization’s records? will your organization be able to meet that timeframe? • what obligations does the cloud provider have in the event of an information security breach? • immediate notification to your organization? • indemnity for any damages and professional fees? 17

  18. • what happens if the cloud provider goes bankrupt? backup/escrow might not be sufficient without access to the application software necessary to decode the stored data • does the contract provide for a method for your organization to audit the cloud provider’s compliance with its contractual security obligations? • insurance – does your organization’s insurance coverage for information security breaches or data loss apply if your data is “in the clouds”? 18

  19. THANK YOU Tamara Hunter David Spratley tamara_hunter@davis.ca dspratley@davis.ca 604.643.2952 604.643.6359 19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial

CLOUD COMPUTING Overview of Use, Benefits, and Risks of Commercial Cloud Computing Commercial Cloud Computing PRESENTED TO HOUSE COMMITTEE ON GOVERNMENT TRANSPARENCY & OPERATION LEGISLATIVE BUDGET BOARD STAFF April 5, 2016 Statement of

373 views • 8 slides
Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud

Security in Cloud Computing A survey of the unique challenges and risks inherent to the Cloud Computing model. Presented By: Marissa Hollingsworth Overview What is Cloud Computing? Unique Security Concerns in the Cloud

556 views • 34 slides
cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview

cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview

cloud computing Ridwaan Boda Director | Technology, Media and Telecommunications Overview What is cloud computing? Types of cloud computing services Benefits of cloud computing Key risks associated with cloud computing

553 views • 37 slides
Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing

Cloud Computing & Cloud Models Cloud Models Topics Defining cloud computing Understanding: Distributed Application Design Resource Management Automation Virtualized Computing Environments High-performance Computing

1.02k views • 49 slides
Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When

Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When

Presenting a live 90-minute webinar with interactive Q&A Export Controls and Cloud Computing: Legal Risks Complying with ITAR, EAR and Sanctions Laws When Using Cloud Storage and Services TUESDAY, APRIL 2, 2013 1pm Eastern | 12pm

461 views • 42 slides
Icebergs in the Clouds: the Other Risks of Cloud Computing Bryan Ford Yale University

Icebergs in the Clouds: the Other Risks of Cloud Computing Bryan Ford Yale University

Icebergs in the Clouds: the Other Risks of Cloud Computing Bryan Ford Yale University http://dedis.cs.yale.edu/ USENIX HotCloud, June 12, 2012 Well-Known, Immediate Risks Traditional Information Security Security of data

449 views • 19 slides
Privacy Issues in Cloud computing Zeeshan Ali Shah System administrator PhD researcher KTH PDC

Privacy Issues in Cloud computing Zeeshan Ali Shah System administrator PhD researcher KTH PDC

Privacy Issues in Cloud computing Zeeshan Ali Shah System administrator PhD researcher KTH PDC Center for High Performance Computing W-Sunday, October 28, 12 Agenda Zeeshan Ali Shah Introduc5on to Cloud compu5ng

355 views • 18 slides
The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

The MNM-CloudLab -- Ideas, Concepts & Implemenation 17.7. 22.7. 2011 Nils gentschen Felde

DEUTSCH-FRANZSISCHE SOMMERUNIVERSITT UNIVERSIT DT FRANCO-ALLEMANDE FR NACHWUCHSWISSENSCHAFTLER 2011 POUR JEUNES CHERCHEURS 2011 CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : CLOUD COMPUTING : DFIS ET OPPORTUNITS

965 views • 50 slides
What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services,

What is the Cloud? Simply put, Cloud Computing is the delivery of computing services, including Servers, Storage, Databases, Networking, Software, Analytics and Intelligence over the Internet (The Cloud) to offer faster innovation,

338 views • 13 slides
Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1

Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1

Chapter 1 Introduction Cloud Computing: Theory and Practice. 1 Dan C. Marinescu Chapter 1 Contents Network-centric computing and network-centric content. Cloud computing. Delivery models and services. Ethical issues in cloud

621 views • 28 slides
framing the issues of cloud computing & sustainability: a design perspective Special Session

framing the issues of cloud computing & sustainability: a design perspective Special Session

1 framing the issues of cloud computing & sustainability: a design perspective Special Session : Cloud Computer, HCI & Design: Sustainability and Social Impacts Second IEEE International Conference on Cloud Computer Technology and

780 views • 28 slides
Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher

Cloud Computing Tom Hendrickx RESEARCH QUESTION Define Cloud Computing in context of the higher education and research community in general and of an NREN in specific. CLOUD COMPUTING SaaS PaaS STaaS IaaS Utility GRID computing

458 views • 9 slides
Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing?

Getting Started with Cloud Computing Niels Olof Bouvin 1 Overview What is Cloud Computing? Hosting Domain names Secure communication 2 The Cloud? Not just marketing-speak for someone elses computer (though it is that too ) Cloud

1k views • 36 slides
Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing

Cloud Computing and Cloud Storage By: Maurice Kelly History of Internet and Cloud Computing Internet began in the 1950s Internet has been quite revolutoinary due to its lightning fast communication privelages and data sharing. Cloud

378 views • 6 slides
MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing

MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing

MESSAGING FOR THE CLOUD with and Hadrian Zbarcea & Jamie Goodyear Cloud Computing "Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g.,

707 views • 31 slides
Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing ,

Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing ,

Linux Containers Drive P2P Social Cloud Computing By Alex Karasulu Social cloud computing , generalizes cloud computing to include the sharing, bartering and renting of computing resources across peers whose owners and operators are verified

641 views • 31 slides
Primary Measure direction we want to see the data go What are We Looking At? Description of

Primary Measure direction we want to see the data go What are We Looking At? Description of

Arrow: LOGO HERE Points in the Primary Measure direction we want to see the data go What are We Looking At? Description of Trend: Describes the pattern the data is showing. Graph shown here. Description of Effort: Describes what the

375 views • 6 slides
Policy & Planning Policy & Planning SFY 2021 Proposed Budget SFY 2021 Proposed Budget

Policy & Planning Policy & Planning SFY 2021 Proposed Budget SFY 2021 Proposed Budget

Policy & Planning Policy & Planning SFY 2021 Proposed Budget SFY 2021 Proposed Budget SFY 2020 As SFY 2021 Budget Expenditures Passed Target Change Personal Services 1.1% 4,274,546 4,227,395 Operating $ 902,092 $ 1,000,651

214 views • 5 slides
May 2016 1 Disclaimer Certain statements in this document may be forward-looking statements.

May 2016 1 Disclaimer Certain statements in this document may be forward-looking statements.

Leading Through Innovation and Technology Financial Results Presentation FY-16 May 2016 1 Disclaimer Certain statements in this document may be forward-looking statements. Such forward-looking statements are subject to certain risks and

123 views • 11 slides
Health, Trade & TRIPS: Current Work at the WTO and How it Relates to the Generic Industry

Health, Trade & TRIPS: Current Work at the WTO and How it Relates to the Generic Industry

15 th Annual IGPA Conference Kyoto, Japan, 5 December 2012 The Interface Between Public Health, Trade & TRIPS: Current Work at the WTO and How it Relates to the Generic Industry Roger Kampf, WTO Secretariat The views

383 views • 36 slides
Respondent the Lawyers View Bernd Ehle ASA Conference Shaping Arbitral Proceedings to

Respondent the Lawyers View Bernd Ehle ASA Conference Shaping Arbitral Proceedings to

Shaping Arbitral Proceedings to Deal with Claims where Quantum Depends on Information Possessed Solely by the Respondent the Lawyers View Bernd Ehle ASA Conference Shaping Arbitral Proceedings to Best Examine Quantum Geneva, 3

282 views • 13 slides
How to be smart enough to win your case? November, 2016 Before starting To arbitrate or not?

How to be smart enough to win your case? November, 2016 Before starting To arbitrate or not?

How to be smart enough to win your case? November, 2016 Before starting To arbitrate or not? Calculation of costs Probability of winning the case assessment of evidences and legal basis Probability of enforcing the award 2 Who will be

503 views • 12 slides
Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028

Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028

Larry Clinton President Internet Security Alliance lclinton@isalliance.org 703-907-7028 202-236-0001 ISA Project Background Started in 2007 with CMU & USCCU 60 Entities (NSA, NIST, DOD, DOE, FBI) Published base paper in 2008

696 views • 14 slides
The scale of migration affecting Hungary Jan-Feb 2014 2015 2016 2017 Number of registered

The scale of migration affecting Hungary Jan-Feb 2014 2015 2016 2017 Number of registered

T HE POLITICAL AND SOCIAL IMPACT OF MIGRATION IN H UNGARY Bulcs Hunyadi Senior Analyst, Political Capital Institute hunyadi@politicalcapital.hu 1 The scale of migration affecting Hungary Jan-Feb 2014 2015 2016 2017 Number of registered

516 views • 10 slides

More recommend