Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Monday, October 18, 2010

Cloud computing: how to navigate the legal and contractual pitfalls

With all of the hype about cloud computing, you’d think it is a novel concept that will revolutionise the IT industry.  They were not initially called ‘cloud computing’—but ASP or Application Service Provider contracts, or hosted or managed service arrangements, to name a few aliases.  The reason cloud computing is making a lot of noise these days is because the benefits that it can now bring are more tangible than a decade ago, with improvements in internet speeds, IT infrastructure and the increase in the number of service providers in the industry.  The advantages of cloud include: scalability; cost control; opex versus capex advantages through reduced upfront payments; quicker IT deployment and better technology refresh; ‘greener’ IT solutions by avoiding over-provisioning of IT kit and centralising IT infrastructures within the cloud.

This is not to say the challenges outweigh the benefits, but that these must be thought through carefully, so that proper commercial decisions are made to deal with the risks.

Data protection: data must be processed within the European Economic Area, unless there is adequacy of protection established outside the EEA, or consent requirements have been met in respect of data subjects;
Regulatory compliance: if an organisation is operating in a regulated industry, it must ensure that the associated compliance obligations can be maintained (audit rights and appropriate controls, for example);
Security and confidentiality obligations—although an obvious and important point, consideration needs to be given as to how to verify such measures; Service levels and compensation mechanisms—with the infrastructure in the cloud, this becomes more vital, together with considerations associated with measurement (delineating between the cloud provider’s infrastructure responsibilities, and those which lie within the domain of the customer);
Escrow considerations - worth thinking about, in case the service provider disappears, or the contract terminates early;
Business continuity and disaster recovery—cloud computing can give rise to robust business continuity and disaster recovery measures if properly implemented.

Posted on 10/18