Cloud Computing: the Critical issues

Kiran Sandford Head of IT Group Mishcon de Reya kiran.sandford@mishcon.com + 44 207 4407066

National Institute of Standards and Technology (US) definition

A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g. networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interactions.

Overview

§  High on the corporate agenda §  Different types of Cloud Computing   §  Critical issues in contracts with a cloud supplier  §  Key risks and challenges  §  Security and data protection issues   §  What makes this different from other services agreements

What is Cloud Computing

§  Delivering of IT services over the Internet §  Software as a Service (SaaS) §  Platform as a Service (PaaS) §  Infrastructure as a Service (IaaS)

Software as a Service (Saas)

§  Remote hosting and management of software (e.g. email) §  Standard product allowing a one to many model §  May be most suited to SMEs §  Hybrid models suitable for larger companies

Platform as a Service (PaaS)

§  Platform for third parties to host software to provide to customers §  Suitable for smaller software vendors §  E.g. Amazon web services, Apple, Google and Facebook

Infrastructure as a Service (IaaS)

§  Shared infrastructure resources (e.g. service and data centre facilities) §  Storage §  Processing §  Useful for additional demand (cloud-bursting)

Cloud Computing Structure

§  Private Cloud – single tenant, private network, no shared resources §  In-house IT department (customer owned, operated and managed data

centre) §  Outsourced IT: customer owned, vendor managed §  Public Cloud §  External hosting: vendor owned – operated – managed. Example: co-

location data / computing centre

Benefits of Cloud Computing

§  Costs management / scaleability §  Access anywhere anytime §  Management of peaks and troughs §  Elasticity

Risks

§  Standard terms §  Integration §  Lack of control §  Potential for hidden costs §  Quality -v- costs §  Reliance on internet connectivity

Risks Privacy / Security

§  Practical issues §  Data transfers §  Data Protection issues §  Security §  Access to data §  Security review

Negotiating the Contract

§  Defining the requirements §  Vendor track record §  Consider the rationale – is this right for your organisation?

Some Core Issues

§  Differences from software licensing §  Standard agreements §  May be room for negotiation in higher value / hybrid services

Key Operational Risks

§  Data protection / Backup §  Business continuity / Disaster recovery §  Privacy and security Auditing / Logging §  Key contracting goals driven by objectives §  SaaS - reliability of service for business critical applications essential §  IaaS – flexible, accessible, scalable, computing power - critical §  PaaS – reliability of platform critical with ability to control software

applications and data

Service Levels

§  Differences from standard licence §  Response time / Performance and measurement §  Storage, capacity §  Metrics and remedies §  Help desk §  Security breaches §  Consider levels of obligation §  Remedies for SLA failures, service credits, fixed percentage or peered

Disaster Recovery

§  Critical as controlled by vendor §  Consider location of back-up systems §  Response time to restore

and if it goes wrong

§  Termination for convenience §  Right to access data after termination and during contract §  Intermission capacity

Thank you and Questions

Kiran Sandford Head of IT Group Mishcon de Reya kiran.sandford@mishcon.com + 44 207 4407066