Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls - - PowerPoint PPT Presentation

cloud computing
SMART_READER_LITE
LIVE PREVIEW

Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls - - PowerPoint PPT Presentation

Jan 08, 2023 708 likes •954 views

Intellectual Property & Technology Webinar Cloud Computing - Reaping the Benefits and Avoiding the Pitfalls Stuart James & Delizia Diaz Birmingham Wednesday, 11 July 2012 37 Offices in 18 Countries Speakers Stuart James Delizia

slide-1
SLIDE 1

37 Offices in 18 Countries

Intellectual Property & Technology Webinar

Cloud Computing -

Reaping the Benefits and Avoiding the Pitfalls Stuart James & Delizia Diaz Birmingham Wednesday, 11 July 2012

slide-2
SLIDE 2

2

Speakers

Stuart James Delizia Diaz Partner Associate T: +44 121 222 3645 T: +44 121 222 3383 M: +44 7825 171894 M: +44 7921 600022 E: stuart.james@squiresanders.com E: delizia.diaz@squiresanders.com

slide-3
SLIDE 3

3

Webinar Agenda

  • An overview of Cloud Computing
  • Opportunities presented by the Cloud
  • Key risk areas
  • A silver lining for the Cloud?
slide-4
SLIDE 4

4

Cloud Computing Overview (1)

What is Cloud Computing?

“Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model is composed of five essential characteristics, three service models, and four deployment models.” *

Build Your Own Subscribe, Plug In, Pay-per-Use

*National Institute of Standards and Technology (NIST), SP 800-145, September 2011.

slide-5
SLIDE 5

5

Cloud Computing Overview (2)

Well known Cloud Computing offerings

slide-6
SLIDE 6

6

Cloud Computing Overview (3)

CLOUD Deployment Models

  • Public
  • Private
  • Hybrid
  • Community

Single customer Customer Customer Customer

VPN / leased line Multi-tenancy model

  • r Internet link
slide-7
SLIDE 7

7

Cloud Computing Overview (4)

PaaS – Platform as a Service IaaS – Infrastructure as a Service SaaS – Software as a Service CLOUD Service Models Infrastructure Platform Application Infrastructure Platform Infrastructure

slide-8
SLIDE 8

8

Opportunities and Benefits

Lower costs:

No upfront investment in servers/data centres

No software licensing

No software updates for customers/maintenance costs

Scalability

On-demand: Pay for what you use

(bandwidth/server space, etc.)

IT Team focus on core business Enhanced Security Faster implementation Access to latest IT upgrades/developments

slide-9
SLIDE 9

9

Cloud Computing - Key Risk Areas

Cloud provider service commitments

  • Standard provider offering: “as is”, “as available”
  • Clear service specifications
  • Key service levels:
  • Functionality
  • Availability
  • Performance
  • Back-up – Disaster Recovery-Business Continuity
  • Measurement/Reporting
  • Remedies? (Service credits/other types of damages)
slide-10
SLIDE 10

10

Cloud Computing - Key Risk Areas

Data location and traceability

  • Retain some level of control over data location/storage
  • Regional/country offering
  • Traceability/audit trail requirements
slide-11
SLIDE 11

11

Cloud Computing – Key Risk Areas

Information Security - Security requirements

  • Data in Transit
  • Secure encryption (SSL)
  • Data at Rest
  • Physical Security
  • Logical Security

– Encryption (shortcomings?) – Access rights management/ audit trails – Virtual segregation/Multi-tenancy architecture – External intrusions/network attacks

  • Staff access controls
slide-12
SLIDE 12

12

Cloud Computing – Key Risk Areas

Information Security (Cont’d)

Assessment of compliance with security requirements

  • Contractual commitments
  • Audits
  • Certifications
  • Incident response
  • Notification
  • Cooperation
slide-13
SLIDE 13

13

Cloud Computing - Key Risk Areas

Investigations and litigation

  • Accessing data:
  • Cloud users: Ability to retrieve data (e.g. internal investigations, data

protection request, internal or external audit requests, etc)

  • Cloud providers - third party requests (e.g. subpoenas)
  • What are the provider’s obligations?
slide-14
SLIDE 14

14

Cloud Computing - Key Risk Areas

Regulatory and legal compliance

  • EU Data Protection compliance
  • Consent
  • Access requests
  • Security of personal data
  • Subcontractors
  • Transfers outside of the EEA
  • Data loss/breach notification
slide-15
SLIDE 15

15

Cloud Computing - Key Risk Areas

Regulatory and legal compliance (Cont’d)

  • State/country specific requirements
  • US: Patriot Act, Sarbanes Oxley, Gramm Leach Bliley Act, Electronic

Communications Privacy Act

  • UK : Regulation of Investigatory Powers Act
  • Sector/organisation specific governance or

compliance requirements

(e.g. Health Insurance Portability and Accountability Act, Health Information Technology, for Economic and Clinical Health Act, FSA in UK, telecoms, etc)

  • Export/trade restrictions

(e.g. encryption, EU dual use, etc)

slide-16
SLIDE 16

16

Cloud Computing - Key Risk Areas

Contractual (or externally imposed) limitations and restrictions

  • Audits required by cloud user’s customers
  • Restrictions on data location
  • Scope of software licences
  • Restrictions on indemnities (e.g. government contracts)
  • PCI DSS compliance
slide-17
SLIDE 17

17

Cloud Computing - Key Risk Areas

Lock- in, exit and service transfer

  • Proprietary systems
  • Loss of IT expertise
  • Lack of exit support lock-in

Risk mitigation:

  • Open standards
  • Return of data
  • Data deletion
  • Migration support
  • Data back-up
  • Escrow

Lock-in?

slide-18
SLIDE 18

18

Cloud Computing - Key Risk Areas

Cloud provider’s liability

  • Standard terms – “take it or leave it”
  • Limited warranties
  • Wide exclusions of or caps on liability

(including loss of profit)

  • Public vs Private Cloud
slide-19
SLIDE 19

19

Cloud Computing - Key Risk Areas Insurance

  • Existing policies: business interruption insurance

coverage?

  • Specific policies: cyber liability insurance
slide-20
SLIDE 20

20

Recommended Steps

  • Assessment of business goals
  • What applications and data will be migrated to the Cloud?
  • Prior due diligence checks – is your provider financially

viable and can they technically deliver?

  • Clear understanding of risks – what if it all goes wrong?
  • Technical and legal assurances provided by cloud providers

(including security requirements)

  • Carefully negotiate contracts (focus on key business areas?)
  • Monitor compliance on a regular basis
slide-21
SLIDE 21

21

A Silver Lining for the Cloud?

  • Competition between providers
  • willingness to negotiate terms
  • service offering
  • market consolidation
  • Development of specific standards - industry codes &

certifications

  • Privacy by design
  • Developments and adaptation of EU privacy laws to new

technologies?

  • Insurance
slide-22
SLIDE 22

22

Contacts

Stuart James Delizia Diaz Partner Associate T: +44 121 222 3645 T: +44 121 222 3383 M: +44 7825 171894 M: +44 7921 600022 E: stuart.james@squiresanders.com E: delizia.diaz@squiresanders.com

slide-23
SLIDE 23

23

Worldwide Locations

  • Cincinnati
  • Cleveland
  • Columbus
  • Houston
  • Los Angeles
  • Miami
  • New York
  • Northern Virginia
  • Palo Alto
  • Phoenix
  • San Francisco
  • Tampa
  • Washington DC
  • West Palm Beach
  • Bogotá+
  • Buenos Aires+
  • Caracas+
  • La Paz+
  • Lima+
  • Panamá+
  • Rio de Janeiro
  • Santiago+
  • Santo Domingo
  • Beirut+
  • Berlin
  • Birmingham
  • Bratislava
  • Brussels
  • Bucharest+
  • Budapest
  • Frankfurt
  • Kyiv
  • Leeds
  • London
  • Madrid
  • Manchester
  • Moscow
  • Paris
  • Prague
  • Riyadh+
  • Warsaw
  • Beijing
  • Hong Kong
  • Perth
  • Shanghai
  • Singapore
  • Tokyo

North America Latin America Europe & Middle East Asia Pacific

+ Independent Network Firm